Stack Overflow Considered Harmful? The Impact of Copy Paste on Android Application Security. Fischer, F., Böttinger, K., Xiao, H., Stransky, C., Acar, Y., Backes, M., & Fahl, S. In 2017 IEEE Symposium on Security and Privacy (SP), pages 121–136, May, 2017.
doi  abstract   bibtex   
Online programming discussion platforms such as Stack Overflow serve as a rich source of information for software developers. Available information include vibrant discussions and oftentimes ready-to-use code snippets. Previous research identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that software developers copy and paste code snippets from those information sources for convenience reasons. Such behavior results in a constant flow of community-provided code snippets into production software. To date, the impact of this behaviour on code security is unknown. We answer this highly important question by quantifying the proliferation of security-related code snippets from Stack Overflow in Android applications available on Google Play. Access to the rich source of information available on Stack Overflow including ready-to-use code snippets provides huge benefits for software developers. However, when it comes to code security there are some caveats to bear in mind: Due to the complex nature of code security, it is very difficult to provide ready-to-use and secure solutions for every problem. Hence, integrating a security-related code snippet from Stack Overflow into production software requires caution and expertise. Unsurprisingly, we observed insecure code snippets being copied into Android applications millions of users install from Google Play every day. To quantitatively evaluate the extent of this observation, we scanned Stack Overflow for code snippets and evaluated their security score using a stochastic gradient descent classifier. In order to identify code reuse in Android applications, we applied state-of-the-art static analysis. Our results are alarming: 15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet.
@inproceedings{fischer_stack_2017,
	title = {Stack {Overflow} {Considered} {Harmful}? {The} {Impact} of {Copy} {Paste} on {Android} {Application} {Security}},
	shorttitle = {Stack {Overflow} {Considered} {Harmful}?},
	doi = {10.1109/SP.2017.31},
	abstract = {Online programming discussion platforms such as Stack Overflow serve as a rich source of information for software developers. Available information include vibrant discussions and oftentimes ready-to-use code snippets. Previous research identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that software developers copy and paste code snippets from those information sources for convenience reasons. Such behavior results in a constant flow of community-provided code snippets into production software. To date, the impact of this behaviour on code security is unknown. We answer this highly important question by quantifying the proliferation of security-related code snippets from Stack Overflow in Android applications available on Google Play. Access to the rich source of information available on Stack Overflow including ready-to-use code snippets provides huge benefits for software developers. However, when it comes to code security there are some caveats to bear in mind: Due to the complex nature of code security, it is very difficult to provide ready-to-use and secure solutions for every problem. Hence, integrating a security-related code snippet from Stack Overflow into production software requires caution and expertise. Unsurprisingly, we observed insecure code snippets being copied into Android applications millions of users install from Google Play every day. To quantitatively evaluate the extent of this observation, we scanned Stack Overflow for code snippets and evaluated their security score using a stochastic gradient descent classifier. In order to identify code reuse in Android applications, we applied state-of-the-art static analysis. Our results are alarming: 15.4\% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9\% contain at least one insecure code snippet.},
	booktitle = {2017 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})},
	author = {Fischer, F. and Böttinger, K. and Xiao, H. and Stransky, C. and Acar, Y. and Backes, M. and Fahl, S.},
	month = may,
	year = {2017},
	keywords = {Android (operating system), Android Application Security, Android application security, Androids, Cryptography, Google, Google Play, Humanoid robots, Libraries, Software, Software Development, Stack Overflow, code security, code snippets, copy \& paste behavior, gradient methods, ieee\_mn, information source, online programming discussion platforms, pattern classification, production software, program diagnostics, security of data, software developers, software engineering, stack overflow, static analysis, stochastic gradient descent classifier, stochastic processes},
	pages = {121--136},
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021