Stack Overflow is a website that many software developers use to find answers to programming questions, including small segments of code that can be copied into software development projects to handle common tasks. Over 72,000 code chunks found on Stack Overflow were analyzed by a coalition of researchers from Canadian and Iranian universities. Most of the most copied code did not include checks that would prevent common attacks from exploiting the software. Some of the problems involved failing to sanitize user input, ignoring user responses, and using out-of-date functions. During the research, GitHub was also examined, and the unsafe code found on Stack Overflow was being used in nearly 2,800 projects. The research teams reached out to those who were using the possibly dangerous code to make them aware that they were putting their apps and programs at risk, but only around 13% responded stating they had fixed the code. Many of the developers claim the code was safe considering it could not be changed after the app has already begun running. Professor Ashkan Sami from Shiraz University in Iran said the team has created a Chrome extension that will examine code copied from Stack Overflow and will let coders know if it is safe and valid.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.