Data and Documentation
Open Data Policy
FAQ
EN
DE
FR
Suchbegriff
Advanced search
Publication
Back to overview
Cryptography Vulnerabilities on HackerOne
Type of publication
Peer-reviewed
Publikationsform
Proceedings (peer-reviewed)
Author
Hazhirpasand Mohammadreza, Ghafari Mohammad,
Project
Agile Software Assistance
Show all
Proceedings (peer-reviewed)
Title of proceedings
2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)
Place
Hainan, China
DOI
10.1109/qrs54544.2021.00013
Open Access
URL
http://scg.unibe.ch/scgbib?query=Hazh21f&display=abstract
Type of Open Access
Repository (Green Open Access)
Abstract
Previous studies have shown that cryptography is hard for developers to use and misusing cryptography leads to severe security vulnerabilities. We studied relevant vulnerability reports on the HackerOne bug bounty platform to understand what types of cryptography vulnerabilities exist in the wild. We extracted eight themes of vulnerabilities from the vulnerability reports and discussed their real-world implications and mitigation strategies. We hope that our findings alert developers, familiarize them with the dire consequences of cryptography misuses, and support them in avoiding such mistakes.
-