SSDTutor Empirical Dataset: Cryptographic API Misuse Detection, Repair, and User Study

This dataset contains the empirical data and supporting materials used in the study“SSDTutor: A feedback-driven intelligent tutoring system for secure software development”, published in Science of Computer Programming (2023).The dataset supports evaluation of cryptographic API misuse detection, automated program repair, and intelligent tutoring features for secure software development. It includes:Curated examples of cryptographic API misuses in Java programs, covering eight misuse categories, such as weak encryption algorithms, weak hash functions, insecure key generation, and constant or predictable initialization vectors.Detection results produced by SSDTutor, including misuse indicators, identified root causes, and pattern classifications.Repair results generated by SSDTutor, reporting successful and unsuccessful automated repairs across misuse categories.Aggregated statistics from a large-scale case study of 456 open-source projects, comprising 1,573 cryptographic API misuse instances.Anonymized user study data collected from 22 computer science students, including task completion time, correctness, and survey-based feedback.The dataset is intended to support reproducibility, comparative evaluation, and future research in secure software engineering, cryptographic API usage, automated program repair, and software engineering education.Associated publication:Dip Kiran Pradhan Newar, Rui Zhao, Harvey Siy, Leen-Kiat Soh, Myoungkyu Song.SSDTutor: A feedback-driven intelligent tutoring system for secure software development.Science of Computer Programming, 227, 102933 (2023).