I am reaching out to you as we conducted an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub. During our study, we randomly inspected a few of the misuses. One of the misuses for which we could confirm the finding of the analysis, CogniCryptSAST, is one in your project:
- SRTPTransformer miss to call the methods
init, update, wrap, doFinal upon javax.crypto.Cipher. Thus, the cipher object is not used properly either resulting in incomplete encryption or unused code.
We hope that this information helps you and to hear back from you
I am reaching out to you as we conducted an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub. During our study, we randomly inspected a few of the misuses. One of the misuses for which we could confirm the finding of the analysis, CogniCryptSAST, is one in your project:
init, update, wrap, doFinaluponjavax.crypto.Cipher. Thus, the cipher object is not used properly either resulting in incomplete encryption or unused code.We hope that this information helps you and to hear back from you