Profiling Cryptography Developers

Said Ali. Profiling Cryptography Developers. Bachelor’s thesis, University of Bern, August 2020. Details.

Abstract

Profiling developer expertise on the internet can provide valuable information for a multitude of applications such as recruiting. Studies have shown that it is feasible to track and profile developer activity on various platforms, (e.g., Stack Overflow and GitHub). Furthermore, tracking developer expertise can shed some light on whether developer activity on one platform is in line with the same developer’s activity on another platform. Recently, studies have shown that developers often rely on vulnerable cryptography code snippets, which are commonly found on Stack Overflow or GitHub repositories. Therefore, we are interested to investigate to what extent cryptography experts on Stack Overflow employ cryptography on their open-source projects on GitHub. To achieve our goal, we build a five-stage pipeline. (1) We extract 40 crypto-related tags from Stack Overflow. (2) We identify 1,000 users who have accepted answers (crypto accepted answers) in discussions where the selected crypto tags were used. (3) We automatically and manually scrape the selected users’ profiles on Stack Overflow and find 522 GitHub links (i.e., users). (4) The 522 users contribute to 23,633 repositories, in which 3.4% are crypto-related. (5) Finally, we extract the contributors (i.e., crypto contributors) of crypto files in the crypto-related repositories. We use statistical and visual analyses to observe whether different groups of developers differ in terms of crypto activities (crypto score, reputation, and number of crypto accepted answers) on Stack Overflow and the number of crypto file contributions on GitHub. Our findings reveal that crypto activities between crypto contributors (189) and users without crypto contributions (332) do not differ significantly. Moreover, crypto contributors with a high number of crypto activities on Stack Overflow do not have a higher number of crypto contributions on GitHub. Overall we are unable to find any correlation between crypto developer activity on Stack Overflow and crypto developer contribution on GitHub.

Posted by scg at 1 September 2020, 9:15 am link
Last changed by admin on 21 April 2009