An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages release_qkgh4mcisva2ba4wygnlvshb74

by Roland Croft, Yongzheng Xie, Mansooreh Zahedi, M. Ali Babar, Christoph Treude

Published by arXiv.

2021  

Abstract

Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration of security in the choice of a programming language may lead to potential ramifications for secure development. Whilst theoretical analysis of the supposed security properties of different programming languages has been conducted, there has been relatively little effort to empirically explore the actual security challenges experienced by developers. We have performed a large-scale study of the security challenges of 15 programming languages by quantitatively and qualitatively analysing the developers' discussions from Stack Overflow and GitHub. By leveraging topic modelling, we have derived a taxonomy of 18 major security challenges for 6 topic categories. We have also conducted comparative analysis to understand how the identified challenges vary regarding the different programming languages and data sources. Our findings suggest that the challenges and their characteristics differ substantially for different programming languages and data sources, i.e., Stack Overflow and GitHub. The findings provide evidence-based insights and understanding of security challenges related to different programming languages to software professionals (i.e., practitioners or researchers). The reported taxonomy of security challenges can assist both practitioners and researchers in better understanding and traversing the secure development landscape. This study highlights the importance of the choice of technology, e.g., programming language, in secure software engineering. Hence, the findings are expected to motivate practitioners to consider the potential impact of the choice of programming languages on software security.
In text/plain format

Archived Files and Locations

application/pdf  3.2 MB
file_jmlrq3qtkrgzvjtpf4dyd4qs4m
arxiv.org (repository)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article
Stage   published
Date   2021-07-01
Version   2
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: bdd58e2a-d1e1-4904-9add-ae860a55ba7e
API URL: JSON