Corpus ID: 236493305

An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages

  title={An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages},
  author={Roland Croft and Yongzheng Xie and Mansooreh Zahedi and Muhammed Ali Babar and Christoph Treude},
Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration of security in the choice of a programming language may lead to potential ramifications for secure development. Whilst theoretical analysis of the supposed security properties of different programming languages has been conducted, there has been relatively… Expand


A Large Scale Study of Multiple Programming Languages and Code Quality
The results show that in general implementing a project with more languages has a significant effect on project quality, as it increases defect proneness, and specific languages that are statistically significantly more defect prone when they are used in a multi-language setting are found. Expand
What is a Secure Programming Language?
A simple data-driven definition for a secure programming language is proposed: that it provides first-class language support to address the causes for the most common, significant vulnerabilities found in real-world software. Expand
Assessing programming language impact on development and maintenance: a study on c and c++
It is found that using C++ instead of C results in improved software quality and reduced maintenance effort, and that code bases are shifting from C to C++. Expand
Empirical analysis of programming language adoption
This paper uses survey methodology to identify the factors that lead to language adoption and reports that open source libraries, existing code, and experience strongly influence developers when selecting a language for a project, and developers prioritize expressivity over correctness when considering intrinsic aspects of languages. Expand
A Large-scale Study of Security Vulnerability Support on Developer Q&A Websites
A large-scale empirical study to understand developers’ SV discussions and how these discussions are being supported by Q&A sites finds that SV discussions attract more experts to answer than many other domains, but some difficult SV topics still receive quite limited support from experts. Expand
An Empirical Study of Security Issues Posted in Open Source Projects
This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories, and presents 7 high-level themes of problems that developers face in implementing security features. Expand
Mitigating program security vulnerabilities: Approaches and challenges
The work extensively compares and contrasts the existing program security vulnerability mitigation techniques, namely testing, static analysis, and hybrid analysis and discusses three other approaches employed to mitigate the most common program security vulnerabilities: secure programming, program transformation, and patching. Expand
You Get Where You're Looking for: The Impact of Information Sources on Code Security
Analyzing how the use of information resources impacts code security confirms that API documentation is secure but hard to use, while informal documentation such as Stack Overflow is more accessible but often leads to insecurity. Expand
The Impact of Software Security Practices on Development Effort: An Initial Survey
The experiences of the participants showed that security is a factor that drives effort in software projects, and security practices need to be taken into account when planning software development initiatives. Expand
Selecting a programming language for your project
For most new DoD software projects that need a general purpose high-level language, Ada, C, or C++ are the main contenders, with increasing attention paid to the new language celebrity, Java. Expand