[Review] Python Crypto Misuses in the Wild
The paper conducts a study on Python crypto API misuses. A tool called LICMA is implemented aiming at detecting crypto API misuses in python.
Several conclusions:
- 52.26 % of the Python projects using crypto APIs contain at least a potential misuse.
- Only 14.81 % of the projects directly contain a misuse of a crypto API. The rest is introduced through third-party code.
- Most Python applications are more secure compared with C or Java, and the distribution between the concrete types of misuses differ a lot.