Tales from the Git: Automating the detection of secrets on code and assessing developers' passwords choices

July 03, 2023 Β· Declared Dead Β· πŸ› 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Nikolaos Lykousas, Constantinos Patsakis arXiv ID 2307.00892 Category cs.SE: Software Engineering Cross-listed cs.CR Citations 6 Venue 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Last Checked 4 months ago
Abstract
Typical users are known to use and reuse weak passwords. Yet, as cybersecurity concerns continue to rise, understanding the password practices of software developers becomes increasingly important. In this work, we examine developers' passwords on public repositories. Our dedicated crawler collected millions of passwords from public GitHub repositories; however, our focus is on their unique characteristics. To this end, this is the first study investigating the developer traits in password selection across different programming languages and contexts, e.g. email and database. Despite the fact that developers may have carelessly leaked their code on public repositories, our findings indicate that they tend to use significantly more secure passwords, regardless of the underlying programming language and context. Nevertheless, when the context allows, they often resort to similar password selection criteria as typical users. The public availability of such information in a cleartext format indicates that there is still much room for improvement and that further targeted awareness campaigns are necessary.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Software Engineering

Died the same way β€” πŸ‘» Ghosted