SLR_Dataset

Producing secure software is challenging. The poor usability

of security Application Programming Interfaces (APIs) makes this even

harder. Many recommendations have been proposed to support developers

by improving the usability of cryptography libraries and APIs; rooted in

wider best practice guidance in software engineering and API design. In

this SLR, we systematize knowledge regarding these recommendations.

We identify and analyze 65 papers spanning 45 years, offering a total of

883 recommendations. We undertake a thematic analysis to identify

7 core ways to improve usability of APIs. We find that most of the

recommendations focus on helping API developers to construct and

structure their code and make it more usable and easier for programmers

to understand. There is less focus, however, on documentation, writing

requirements, code quality assessment and the impact of organizational

software development practices. By tracing and analyzing paper ancestry,

we map how this knowledge becomes validated and translated over

time. We find evidence that less than a quarter of all API usability

recommendations are empirically validated, and that recommendations

specific to usable security APIs lag even further behind in this regard.