Producing secure software is challenging. The poor usability of security APIs makes this even harder. Many recommendations have been proposed to support developers by improving the usability of cryptography libraries and APIs; rooted in wider best practice guidance in software engineering and API design. In this SLR, we systematize knowledge regarding these recommendations. We identify and analyze 65 papers spanning 45 years, offering a total of 883 recommendations.We undertake a thematic analysis to identify 7 core ways to improve usability of APIs. We find that most of the recommendations focus on helping API developers to construct and structure their code and make it more usable and easier for programmers to understand. There is less focus, however, on documentation, writing requirements, code quality assessment and the impact of organizational software development practices. By tracing and analyzing paper ancestry, we map how this knowledge becomes validated and translated over time.We find evidence that less than a quarter of all API usability recommendations are empirically validated, and that recommendations specific to usable security APIs lag even further behind in this regard.

中文翻译：

---

不要忘记您的经典之作：将45年的Ancestry安全性API可用性建议系统化

生产安全软件具有挑战性。安全API的易用性使这一点变得更加困难。已经提出了许多建议，以通过改善密码库和API的可用性来支持开发人员。扎根于软件工程和API设计方面的最佳实践指南。在此SLR中，我们将有关这些建议的知识系统化。我们识别并分析了45年间的65篇论文，共提供883条建议。我们进行了主题分析，以识别出7种提高API可用性的核心方法。我们发现大多数建议都集中在帮助API开发人员构造和结构化他们的代码，并使程序更易于使用和理解。但是，文档，写作要求，代码质量评估和组织软件开发实践的影响。通过追溯和分析纸质血统，我们绘制了如何随着时间的推移验证和翻译此知识的方式。我们发现证据表明，所有API可用性建议中只有不到四分之一通过经验验证，并且针对可用安全API的建议在此方面甚至进一步落后看待。