The Concept


In today's software landscape, security vulnerabilities remain a persistent challenge despite the diligent efforts of the security community. These vulnerabilities often stem from shortcomings within the language and library APIs that developers rely on. Developers may inadvertently introduce vulnerabilities due to misunderstandings or misuse of these APIs, a phenomenon we refer to as "blindspots".

blinspot.jpg

The Objective


Our primary objective was to delve into API blindspots from the perspective of developers, aiming to understand their perception and handling of blindspots within their code.

Research approach


We conducted a comprehensive study involving 109 developers from diverse backgrounds. Participants engaged in solving programming puzzles involving Java APIs known to contain blindspots. Through this study, we aimed to uncover insights into how developers perceive and address blindspots within their codebase.

Key Insights


Impact on Security Concerns

The presence of blindspots negatively correlated with developers' accuracy in addressing implicit security questions and their ability to recognize potential security issues within the codebase. Notably, this effect was more pronounced for APIs related to input/output operations and for puzzles with higher complexity.

Influence of Experience and Cognitive Function

Surprisingly, higher levels of cognitive functioning and greater programming experience did not necessarily translate to improved detection of API blindspots.

Role of Personality Traits

Developers with a higher level of openness as a personality trait exhibited a greater propensity to identify API blindspots.

Implications and Future Directions


The insights gained from this study hold significant implications for enhancing API security and software development practices: