{"id":"https://openalex.org/W3135096732","doi":"https://doi.org/10.1145/3571850","title":"Blindspots in Python and Java APIs Result in Vulnerable Code","display_name":"Blindspots in Python and Java APIs Result in Vulnerable Code","publication_year":2022,"publication_date":"2022-11-19","ids":{"openalex":"https://openalex.org/W3135096732","doi":"https://doi.org/10.1145/3571850","mag":"3135096732"},"language":"en","primary_location":{"id":"doi:10.1145/3571850","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3571850","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3571850","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3571850","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028789964","display_name":"Yuriy Brun","orcid":"https://orcid.org/0000-0003-3027-7986"},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yuriy Brun","raw_affiliation_strings":["University of Massachusetts Amherst, Amherst, MA"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst, Amherst, MA","institution_ids":["https://openalex.org/I24603500"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089856338","display_name":"Tian Lin","orcid":"https://orcid.org/0000-0003-2615-3577"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tian Lin","raw_affiliation_strings":["University of Florida, Gainesville, FL"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035565694","display_name":"Jessie Somerville","orcid":"https://orcid.org/0000-0001-9721-1004"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jessie Elise Somerville","raw_affiliation_strings":["University of Florida, Gainesville, FL"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084678849","display_name":"Elisha Myers","orcid":"https://orcid.org/0000-0002-9749-8671"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]},{"id":"https://openalex.org/I63772739","display_name":"Florida Atlantic University","ror":"https://ror.org/05p8w6387","country_code":"US","type":"education","lineage":["https://openalex.org/I63772739"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elisha M. Myers","raw_affiliation_strings":["Florida Atlantic University, University of Florida, Gainesville, FL"],"affiliations":[{"raw_affiliation_string":"Florida Atlantic University, University of Florida, Gainesville, FL","institution_ids":["https://openalex.org/I63772739","https://openalex.org/I33213144"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075446387","display_name":"Natalie C. Ebner","orcid":"https://orcid.org/0000-0002-2705-7520"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Natalie Ebner","raw_affiliation_strings":["University of Florida, Gainesville, FL"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL","institution_ids":["https://openalex.org/I33213144"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5028789964"],"corresponding_institution_ids":["https://openalex.org/I24603500"],"apc_list":null,"apc_paid":null,"fwci":4.1445,"has_fulltext":true,"cited_by_count":14,"citation_normalized_percentile":{"value":0.94383205,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"32","issue":"3","first_page":"1","last_page":"31"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9832000136375427,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8619145750999451},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.8330178260803223},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.7467023134231567},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.6932665109634399},{"id":"https://openalex.org/keywords/notice","display_name":"Notice","score":0.4241305887699127},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3628558814525604}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8619145750999451},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.8330178260803223},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.7467023134231567},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.6932665109634399},{"id":"https://openalex.org/C2779913896","wikidata":"https://www.wikidata.org/wiki/Q7063001","display_name":"Notice","level":2,"score":0.4241305887699127},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3628558814525604},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3571850","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3571850","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3571850","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},{"id":"pmh:oai:share.osf.io:1ca30769-376c-4714-b2bc-875985c22e58","is_oa":false,"landing_page_url":"https://osf.io/4yrpt","pdf_url":null,"source":{"id":"https://openalex.org/S4306401127","display_name":"OSF Preprints (OSF Preprints)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2799848540","host_organization_name":"Center for Open Science","host_organization_lineage":["https://openalex.org/I2799848540"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Project"}],"best_oa_location":{"id":"doi:10.1145/3571850","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3571850","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3571850","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Quality Education","score":0.6100000143051147,"id":"https://metadata.un.org/sdg/4"}],"awards":[{"id":"https://openalex.org/G1173323671","display_name":null,"funder_award_id":"CCF-1453474, CNS-1513055","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G1677571010","display_name":"TWC: Medium: Collaborative: Developer Crowdsourcing: Capturing, Understanding, and Addressing Security-related Blind Spots in APIs","funder_award_id":"1513457","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6413314421","display_name":"TWC: Medium: Collaborative: Developer Crowdsourcing: Capturing, Understanding, and Addressing Security-related Blind Spots in APIs","funder_award_id":"1513055","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6939727373","display_name":null,"funder_award_id":"1453474","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8111176752","display_name":"TWC: Medium: Collaborative: Developer Crowdsourcing: Capturing, Understanding, and Addressing Security-related Blind Spots in APIs","funder_award_id":"1513572","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8816512515","display_name":"SHF: Medium: Collaborative Research: Semi and Fully Automated Program Repair and Synthesis via Semantic Code Search","funder_award_id":"1564162","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8958528245","display_name":null,"funder_award_id":"CCF-1564162","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3135096732.pdf","grobid_xml":"https://content.openalex.org/works/W3135096732.grobid-xml"},"referenced_works_count":105,"referenced_works":["https://openalex.org/W398859631","https://openalex.org/W1607529401","https://openalex.org/W1641003075","https://openalex.org/W1649645444","https://openalex.org/W1674092947","https://openalex.org/W1767990287","https://openalex.org/W1943070836","https://openalex.org/W1964962870","https://openalex.org/W1966143594","https://openalex.org/W1969785126","https://openalex.org/W1978767780","https://openalex.org/W1985408088","https://openalex.org/W1991613282","https://openalex.org/W1993157353","https://openalex.org/W1994866276","https://openalex.org/W1996993752","https://openalex.org/W1999695874","https://openalex.org/W2004927913","https://openalex.org/W2008107570","https://openalex.org/W2010895736","https://openalex.org/W2033019352","https://openalex.org/W2036332715","https://openalex.org/W2036740020","https://openalex.org/W2043253283","https://openalex.org/W2047093659","https://openalex.org/W2047321828","https://openalex.org/W2057366964","https://openalex.org/W2057796693","https://openalex.org/W2059507980","https://openalex.org/W2064877992","https://openalex.org/W2069101457","https://openalex.org/W2079317829","https://openalex.org/W2091859087","https://openalex.org/W2097659525","https://openalex.org/W2100144432","https://openalex.org/W2100960835","https://openalex.org/W2103352742","https://openalex.org/W2103702182","https://openalex.org/W2109522846","https://openalex.org/W2114503684","https://openalex.org/W2116304133","https://openalex.org/W2116308906","https://openalex.org/W2126529005","https://openalex.org/W2144734317","https://openalex.org/W2145020764","https://openalex.org/W2150990363","https://openalex.org/W2155951198","https://openalex.org/W2157148654","https://openalex.org/W2162045655","https://openalex.org/W2162376048","https://openalex.org/W2166271660","https://openalex.org/W2167626029","https://openalex.org/W2167796542","https://openalex.org/W2170480356","https://openalex.org/W2180124721","https://openalex.org/W2337392435","https://openalex.org/W2345937746","https://openalex.org/W2357927175","https://openalex.org/W2368741442","https://openalex.org/W2395092677","https://openalex.org/W2511044583","https://openalex.org/W2541261609","https://openalex.org/W2546866077","https://openalex.org/W2564544279","https://openalex.org/W2585818648","https://openalex.org/W2588952840","https://openalex.org/W2605067380","https://openalex.org/W2616871725","https://openalex.org/W2698406033","https://openalex.org/W2730550703","https://openalex.org/W2741643261","https://openalex.org/W2747329762","https://openalex.org/W2766259754","https://openalex.org/W2794659749","https://openalex.org/W2889118403","https://openalex.org/W2889801262","https://openalex.org/W2898851569","https://openalex.org/W2913200795","https://openalex.org/W2913771223","https://openalex.org/W2963327716","https://openalex.org/W2963725780","https://openalex.org/W2964032018","https://openalex.org/W2964116855","https://openalex.org/W2964144088","https://openalex.org/W2964316623","https://openalex.org/W2970291471","https://openalex.org/W2991598122","https://openalex.org/W3007797095","https://openalex.org/W3010215199","https://openalex.org/W3038040579","https://openalex.org/W3046620162","https://openalex.org/W3048561961","https://openalex.org/W3080745458","https://openalex.org/W3117999225","https://openalex.org/W3121939465","https://openalex.org/W3163257481","https://openalex.org/W4224457785","https://openalex.org/W4233319527","https://openalex.org/W4248331228","https://openalex.org/W4253068242","https://openalex.org/W4256216601","https://openalex.org/W4284705527","https://openalex.org/W4289038676","https://openalex.org/W4301892172","https://openalex.org/W4312884168"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W3018282762","https://openalex.org/W2558055997","https://openalex.org/W2791183434","https://openalex.org/W2353369313","https://openalex.org/W2086339586","https://openalex.org/W4300782058","https://openalex.org/W2394387726","https://openalex.org/W2207495067","https://openalex.org/W1906486629"],"abstract_inverted_index":{"Blindspots":[0],"in":[1,26,69,116,120,276,305],"APIs":[2,20,54,68,186,216,251,267,277,306],"can":[3],"cause":[4],"software":[5],"engineers":[6],"to":[7,39,63,111,129,151,168,182,213,248,300],"introduce":[8],"vulnerabilities,":[9],"but":[10,72,138,189,254],"such":[11],"blindspots":[12,22,56,218,275,304],"are,":[13],"unfortunately,":[14],"common.":[15],"We":[16,50],"study":[17],"the":[18,60,67,74,84,90,94,99,131,146,210,244],"effect":[19,75,85,164],"with":[21,55,87,142,174,187,217,222,225,252,268],"have":[23,162],"on":[24,93,165],"developers":[25,45,107,125,147,260,302],"two":[27],"languages":[28],"by":[29],"replicating":[30],"a":[31,279],"109-developer,":[32],"24-Java-API":[33],"controlled":[34],"experiment.":[35],"Our":[36],"replication":[37],"applies":[38],"Python":[40,106,245],"and":[41,46,134,157,196,205,257,284,287],"involves":[42],"129":[43],"new":[44,48],"22":[47],"APIs.":[49,314],"find":[51],"that":[52,73,105,274,285,293,296,311],"using":[53],"statistically":[57],"significantly":[58,242],"reduces":[59],"developers\u2019":[61,211,246],"ability":[62,167,212,247],"correctly":[64,169,183],"reason":[65,170,184,214,249],"about":[66,171,185,215,250,265],"both":[70,220],"languages,":[71,221,283],"is":[76],"more":[77,127,136,140,153,180,258],"pronounced":[78],"for":[79,82,97,114],"Python.":[80],"Interestingly,":[81],"Java,":[83],"increased":[86],"complexity":[88,133],"of":[89,228],"code":[91,118,310],"relying":[92],"API,":[95],"whereas":[96,123],"Python,":[98],"opposite":[100],"was":[101],"true.":[102],"This":[103],"suggests":[104],"are":[108,126,139,278,298],"less":[109,155,158,255],"likely":[110,128,181],"notice":[112],"potential":[113],"vulnerabilities":[115],"complex":[117],"than":[119],"simple":[121,143],"code,":[122],"Java":[124,266],"recognize":[130,303],"extra":[132],"apply":[135],"care,":[137],"careless":[141],"code.":[144],"Whether":[145],"considered":[148],"API":[149],"uses":[150,312],"be":[152],"difficult,":[154],"clear,":[156],"familiar":[159],"did":[160,207,240],"not":[161,208,241,291],"an":[163],"their":[166],"them.":[172],"Developers":[173],"better":[175,262],"long-term":[176,223],"memory":[177,197],"recall":[178],"were":[179,261],"blindspots,":[188,253],"short-term":[190],"memory,":[191,195],"processing":[192],"speed,":[193],"episodic":[194],"span":[198],"had":[199],"no":[200],"effect.":[201],"Surprisingly,":[202],"professional":[203],"experience":[204,229,286],"expertise":[206],"improve":[209],"across":[219,282],"professionals":[224],"many":[226],"years":[227],"making":[230],"mistakes":[231],"as":[232,234,307],"often":[233],"relative":[235],"novices.":[236],"Finally,":[237],"personality":[238],"traits":[239],"affect":[243],"extroverted":[256],"open":[259],"at":[263],"reasoning":[264],"blindspots.":[269],"Overall,":[270],"our":[271],"findings":[272],"suggest":[273],"serious":[280],"problem":[281],"education":[288],"alone":[289],"do":[290],"overcome":[292],"problem,":[294],"suggesting":[295],"tools":[297],"needed":[299],"help":[301],"they":[308],"write":[309],"those":[313]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}