Our paper suggests an adapted algorithm that can report error chains between API misuses. The empirical study onn 471 GitHub repositories showed that 50% of projects are affected by connected cryptographic API misuses. Further, the runtime overhead is minimal, and developers appreciate the adaption.
Empirial study of cryptographic misuses on enterprise-driven applications that identified several potential effective false positives, such as the use of hash algorithms in a non-security context. Further, we introduced a theoretical model of vulnerabilities caused by API misuses.
So far, benchmarks for cryptographic API misuses only focused on a subset of issues or tools. To drive future development in this domain, we will openly generate a benchmark. We will derive the generation of this novel benchmark from best practices.
Our study analyzes cryptographic API misuses in over 900 Python and MicroPython projects, revealing that 52% of the projects have at least one misuse. The findings indicate a positive impact of good API design in reducing misuses compared to Java and C.
We conducted an empirical study to understand how frequently the unsafe API is used in Go. We show that 38% of the analyzed projects directly use the unsafe API. Further, we introduce go-geiger and go-safer to assess usages of the API.