Previous studies have shown that cryptography is hard for developers to use and misusing cryptography leads to severe security vulnerabilities. We studied relevant vulnerability reports on the HackerOne bug bounty platform to understand what types of cryptography vulnerabilities exist in the wild. We extracted eight themes of vulnerabilities from the vulnerability reports and discussed their real-world implications and mitigation strategies. We hope that our findings alert developers, familiarize them with the dire consequences of cryptography misuses, and support them in avoiding such mistakes
Cryptographic API misuse is responsible for a large number of software vulnerabilities. In many case...
Bug bounty programmes employ the skills and curiosity of independent security researchers (hackers) ...
As developers face ever-increasing pressure to engineer secure software, researchers are building an...
Mistakes in cryptographic software implementations of-ten undermine the strong security guarantees o...
This dissertation examines security vulnerabilities that arise due to communication failures and inc...
As the cornerstone of the internet, cryptography is becoming increasingly important in software deve...
Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a m...
Cryptography is often a critical component in secure software systems. Cryptographic primitive misus...
This work analyzes cryptography misuse by software developers, from their contributions to online fo...
Security and cryptographic applications or libraries, just as any other generic software products ma...
There is little or no information available on what actually happens when a software vulnerability i...
Prior research has shown that cryptography is hard to use for developers. We aim to understand what ...
Software vulnerabilities are weaknesses in source code that can be potentially exploited to cause lo...
This dissertation examines security vulnerabilities that arise due to communication failures and inc...
Recent studies have shown that developers have difficulties in using cryptographic APIs, which often...
Cryptographic API misuse is responsible for a large number of software vulnerabilities. In many case...
Bug bounty programmes employ the skills and curiosity of independent security researchers (hackers) ...
As developers face ever-increasing pressure to engineer secure software, researchers are building an...
Mistakes in cryptographic software implementations of-ten undermine the strong security guarantees o...
This dissertation examines security vulnerabilities that arise due to communication failures and inc...
As the cornerstone of the internet, cryptography is becoming increasingly important in software deve...
Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a m...
Cryptography is often a critical component in secure software systems. Cryptographic primitive misus...
This work analyzes cryptography misuse by software developers, from their contributions to online fo...
Security and cryptographic applications or libraries, just as any other generic software products ma...
There is little or no information available on what actually happens when a software vulnerability i...
Prior research has shown that cryptography is hard to use for developers. We aim to understand what ...
Software vulnerabilities are weaknesses in source code that can be potentially exploited to cause lo...
This dissertation examines security vulnerabilities that arise due to communication failures and inc...
Recent studies have shown that developers have difficulties in using cryptographic APIs, which often...
Cryptographic API misuse is responsible for a large number of software vulnerabilities. In many case...
Bug bounty programmes employ the skills and curiosity of independent security researchers (hackers) ...
As developers face ever-increasing pressure to engineer secure software, researchers are building an...