Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security

by Shivam Kashyap

Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security

This paper assesses the effects of Stack Overflow code snippet evolution on the security of open-source projects. Users on Stack Overflow actively revise posted code snippets, sometimes addressing bugs and vulnerabilities. Accordingly, developers that reuse code from Stack Overflow should treat it like any other evolving code dependency and be vigilant about updates. It is unclear whether developers are doing so, to what extent outdated code snippets from Stack Overflow are present in GitHub projects, and whether developers miss security-relevant updates to reused snippets. To shed light on those questions, we devised a method to 1) detect outdated code snippets versions from 1.5M Stack Overflow snippets in 11,479 popular GitHub projects and 2) detect security-relevant updates to those Stack Overflow code snippets not reflected in those GitHub projects. Our results show that developers do not update dependent code snippets when those evolved on Stack Overflow. We found that 2,405 code snippet versions reused in 2,109 GitHub projects were outdated, with 43 projects missing fixes to bugs and vulnerabilities on Stack Overflow. Those 43 projects containing outdated, insecure snippets were forked on average 1,085 times (max. 16,121), indicating that our results are likely a lower bound for affected code bases. An important insight from our work is that treating Stack Overflow code as purely static code impedes holistic solutions to the problem of copying insecure code from Stack Overflow. Instead, our results suggest that developers need tools that continuously monitor Stack Overflow for security warnings and code fixes to reused code snippets and not only warn during copy-pasting.

Leave a Reply

[script_15]

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. OK Read More

Privacy & Cookies Policy
-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00
✓ Customized M.Tech Projects | ✓ Thesis Writing | ✓ Research Paper Writing | ✓ Plagiarism Checking | ✓ Assignment Preparation | ✓ Electronics Projects | ✓ Computer Science | ✓ AI ML | ✓ NLP Projects | ✓ Arduino Projects | ✓ Matlab Projects | ✓ Python Projects | ✓ Software Projects | ✓ Readymade M.Tech Projects | ✓ Java Projects | ✓ Manufacturing Projects M.Tech | ✓ Aerospace Projects | ✓ AI Gaming Projects | ✓ Antenna Projects | ✓ Mechatronics Projects | ✓ Drone Projects | ✓ Mtech IoT Projects | ✓ MTech Project Source Codes | ✓ Deep Learning Projects | ✓ Structural Engineering Projects | ✓ Cloud Computing Mtech Projects | ✓ Cryptography Projects | ✓ Cyber Security | ✓ Data Engineering | ✓ Data Science | ✓ Embedded Projects | ✓ AWS Projects | ✓ Biomedical Engineering Projects | ✓ Robotics Projects | ✓ Capstone Projects | ✓ Image Processing Projects | ✓ Power System Projects | ✓ Electric Vehicle Projects | ✓ Energy Projects Mtech | ✓ Simulation Projects | ✓ Thermal Engineering Projects

© 2024 All Rights Reserved Engineer’s Planet

Digital Media Partner #magdigit