Description
Developers use code examples to develop software. Such common use of code examples impacts software security. This paper reports developers’ challenges, strategies, and preferences in using security-related code examples. We conducted semi-structured interviews with N=5 professional developers. The results suggest that security-related code examples are different from non-security-related code examples mainly in terms of usage and evaluation. We found that developers had a habit of reusing vulnerable code from their previous projects. This reuse of code unintentionally introduced the same vulnerability into new projects whereas that vulnerability had already been fixed in its later iterations in the original resource they had taken it from. Also, the results showed when developers had less knowledge about security, they tended to copy and paste code examples with no modifications.
Researchers
Tiffany Quon
Related Publications
What Makes Security-Related Code Examples Different
Video
Credits for this project’s header image
The code example in the image, from Stack Overflow, was shared by a study participant. We used a mockup template from www.freepik.com.