We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Cryptography Vulnerabilities on HackerOne

Abstract: Previous studies have shown that cryptography is hard for developers to use and misusing cryptography leads to severe security vulnerabilities. We studied relevant vulnerability reports on the HackerOne bug bounty platform to understand what types of cryptography vulnerabilities exist in the wild. We extracted eight themes of vulnerabilities from the vulnerability reports and discussed their real-world implications and mitigation strategies. We hope that our findings alert developers, familiarize them with the dire consequences of cryptography misuses, and support them in avoiding such mistakes.
Comments: The 21st IEEE International Conference on Software Quality, Reliability and Security (QRS 2021)
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2111.03859 [cs.CR]
  (or arXiv:2111.03859v1 [cs.CR] for this version)

Submission history

From: Mohammad Ghafari [view email]
[v1] Sat, 6 Nov 2021 11:43:51 GMT (187kb)

Link back to: arXiv, form interface, contact.