TY - GEN
T1 - Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs
AU - Mindermann, Kai
AU - Wagner, Stefan
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/10
Y1 - 2020/10
N2 - Context : Programmers frequently look for the code of previously solved problems that they can adapt for their own problem. Despite existing example code on the web, on sites like Stack Overflow, cryptographic Application Programming Interfaces (APIs) are commonly misused. There is little known about what makes examples helpful for developers in using crypto APIs. Analogical problem solving is a psychological theory that investigates how people use known solutions to solve new problems. There is evidence that the capacity to reason and solve novel problems a.k.a Fluid Intelligence (Gf) and structurally and procedurally similar solutions support problem solving. Aim: Our goal is to understand whether similarity and Gf also have an effect in the context of using cryptographic APIs with the help of code examples. Method : We conducted a controlled experiment with 76 student participants developing with or without procedurally similar examples, one of two Java crypto libraries and measured the Gf of the participants as well as the effect on usability (effectiveness, efficiency, satisfaction) and security bugs. Results: We observed a strong effect of code examples with a high procedural similarity on all dependent variables. Fluid intelligence Gf had no effect. It also made no difference which library the participants used. Conclusions: Example code must be more highly similar to a concrete solution, not very abstract and generic to have a positive effect in a development task.
AB - Context : Programmers frequently look for the code of previously solved problems that they can adapt for their own problem. Despite existing example code on the web, on sites like Stack Overflow, cryptographic Application Programming Interfaces (APIs) are commonly misused. There is little known about what makes examples helpful for developers in using crypto APIs. Analogical problem solving is a psychological theory that investigates how people use known solutions to solve new problems. There is evidence that the capacity to reason and solve novel problems a.k.a Fluid Intelligence (Gf) and structurally and procedurally similar solutions support problem solving. Aim: Our goal is to understand whether similarity and Gf also have an effect in the context of using cryptographic APIs with the help of code examples. Method : We conducted a controlled experiment with 76 student participants developing with or without procedurally similar examples, one of two Java crypto libraries and measured the Gf of the participants as well as the effect on usability (effectiveness, efficiency, satisfaction) and security bugs. Results: We observed a strong effect of code examples with a high procedural similarity on all dependent variables. Fluid intelligence Gf had no effect. It also made no difference which library the participants used. Conclusions: Example code must be more highly similar to a concrete solution, not very abstract and generic to have a positive effect in a development task.
KW - Example Code
KW - Intelligence
KW - security
KW - usability
UR - http://www.scopus.com/inward/record.url?scp=85098596479&partnerID=8YFLogxK
U2 - 10.1145/3377812.3390892
DO - 10.1145/3377812.3390892
M3 - Conference contribution
AN - SCOPUS:85098596479
T3 - Proceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering: Companion, ICSE-Companion 2020
SP - 306
EP - 307
BT - Proceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 42nd ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2020
Y2 - 27 June 2020 through 19 July 2020
ER -