Slide 74
Slide 74 text
References
Oliveira, D., Rosenthal, M., Morin, N., Yeh, K. C., Cappos, J., & Zhuang, Y. (2014, December). It's the psychology
stupid: how heuristics explain software vulnerabilities and how priming can illuminate developer's blind spots. In
Proceedings of the 30th Annual Computer Security Applications Conference (pp. 296-305). [PDF]
Acar, Y., Backes, M., Fahl, S., Kim, D., Mazurek, M. L., & Stransky, C. (2016, May). You get where you're looking
for: The impact of information sources on code security. In 2016 IEEE Symposium on Security and Privacy (SP)
(pp. 289-305). IEEE. [PDF]
Fischer, F., Stachelscheid, Y., & Grossklags, J. (2021, November). The Effect of Google Search on Software
Security: Unobtrusive Security Interventions via Content Re-ranking. In Proceedings of the 2021 ACM SIGSAC
Conference on Computer and Communications Security (pp. 3070-3084). [PDF]
Lazar, D., Chen, H., Wang, X., & Zeldovich, N. (2014, June). Why does cryptographic software fail? A case study
and open problems. In Proceedings of 5th Asia-Pacific Workshop on Systems (pp. 1-7). [PDF]
Acar, Y., Backes, M., Fahl, S., Garfinkel, S., Kim, D., Mazurek, M. L., & Stransky, C. (2017, May). Comparing the
usability of cryptographic apis. In 2017 IEEE Symposium on Security and Privacy (SP) (pp. 154-171). IEEE. [PDF]
Gorski, P. L., Iacono, L. L., Wermke, D., Stransky, C., Möller, S., Acar, Y., & Fahl, S. (2018). Developers deserve
security warnings, too: On the effect of integrated security advice on cryptographic {API} misuse. In Fourteenth
Symposium on Usable Privacy and Security ({SOUPS} 2018) (pp. 265-281). [PDF]
Gorski, P. L., Acar, Y., Lo Iacono, L., & Fahl, S. (2020, April). Listen to Developers! A Participatory Design Study
on Security Warnings for Cryptographic APIs. In Proceedings of the 2020 CHI Conference on Human Factors in
Computing Systems (pp. 1-13). [PDF]