Blindspots in Python and Java APIs Result in Vulnerable Code

Blindspots in APIs can cause software engineers to introduce vulnerabilities, but such blindspots are, unfortunately, common. We study the effect with have on developers two languages by replicating a 109-developer, 24-Java-API controlled experiment. Our replication applies Python and involves 129 new 22 APIs. find that using statistically significantly reduces developers’ ability correctly reason about both languages, is more pronounced for Python. Interestingly, Java, increased complexity of code relying API, whereas Python, opposite was true. This suggests are less likely notice potential vulnerabilities complex than simple code, Java recognize extra apply care, careless code. Whether considered API uses be difficult, clear, familiar did not an their them. Developers better long-term memory recall were blindspots, short-term memory, processing speed, episodic span had no effect. Surprisingly, professional experience expertise improve across professionals many years making mistakes as often relative novices. Finally, personality traits affect extroverted open at reasoning blindspots. Overall, our findings suggest serious problem education alone do overcome problem, suggesting tools needed help they write those