SLR_Dataset

Producing secure software is challenging. The poor usabilityof security Application Programming Interfaces (APIs) makes this evenharder. Many recommendations have been proposed to support developersby improving the usability of cryptography libraries and APIs; rooted inwider best practice guidance in software engineering and API design. Inthis SLR, we systematize knowledge regarding these recommendations.We identify and analyze 65 papers spanning 45 years, offering a total of883 recommendations. We undertake a thematic analysis to identify7 core ways to improve usability of APIs. We find that most of therecommendations focus on helping API developers to construct andstructure their code and make it more usable and easier for programmersto understand. There is less focus, however, on documentation, writingrequirements, code quality assessment and the impact of organizationalsoftware development practices. By tracing and analyzing paper ancestry,we map how this knowledge becomes validated and translated overtime. We find evidence that less than a quarter of all API usabilityrecommendations are empirically validated, and that recommendationsspecific to usable security APIs lag even further behind in this regard.