Code Examples in Engineering Secure Software

 

Description

Developers use code examples to develop software. Such common use of code examples impacts software security. This paper reports developers’ challenges, strategies, and preferences in using security-related code examples. We conducted semi-structured interviews with N=5 professional developers. The results suggest that security-related code examples are different from non-security-related code examples mainly in terms of usage and evaluation. We found that developers had a habit of reusing vulnerable code from their previous projects. This reuse of code unintentionally introduced the same vulnerability into new projects whereas that vulnerability had already been fixed in its later iterations in the original resource they had taken it from. Also, the results showed when developers had less knowledge about security, they tended to copy and paste code examples with no modifications.

 

 

Researchers

Azadeh Mokhberi

Tiffany Quon

Prof. Konstantin Beznosov

 

Related Publications

What Makes Security-Related Code Examples Different

 

Video

 

Credits for this project’s header image
The code example in the image, from Stack Overflow, was shared by a study participant. We used a mockup template from www.freepik.com.