Copy/Paste is a dangerous coding technique
Copy/Paste is a dangerous coding technique
![](https://cdn.prod.website-files.com/5fec9210c1841a6c20c6ce81/6022b776b0be15f2098c7840_5fb34b7dc6f9b75ec109c61b_CutnPaste.webp)
![](https://cdn.prod.website-files.com/5fec9210c1841a6c20c6ce81/6022b776b0be15f2098c7840_5fb34b7dc6f9b75ec109c61b_CutnPaste.webp)
Researchers from VirginiaTech released a paper after analysing hundreds of posts on the most popular developer forum (Stack Overflow). They looked at the type of questions asked around security, the most popular answers given by the community and the effect it has on code software engineers.
Not a real surprise for people who have been in Cyber Security for a while, but more awareness is needed around this problem from a developer perspective:
- Security features provided by coding frameworks (e.g. JAVA Spring) are overly complicated and poorly documented
- A substantial number of developers do not appear to understand the security implications of coding options, showing a lack of cyber security training
- Many of the suggestions and "fixes" on these forums are not secure but were getting positives votes and thus higher in ratings
The report suggests the following solutions:
- Workforce retraining
- Semi-Automating security bug detection and fixing
We need to make security easy for developers and built-in from the start in order to maintain the speed in which businesses operate today.
"The significance of this work is that we provided empirical evidence for a significant number of alarming secure coding issues, which have not been previously reported," the paper says. "These issues are due to a variety of reasons, including the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries."
https://www.theregister.com/2017/09/29/java_security_plagued_stack_overflow/
Resources to get you started
Trust Agent by Secure Code Warrior
Discover SCW Trust Agent, an innovative solution designed to enhance security by aligning developer secure code knowledge and skills with the work they commit. It provides comprehensive visibility and controls across an organization's entire code repository, analyzing each commit against developers' secure code profiles. With SCW Trust Agent, organizations can strengthen their security posture, optimize development lifecycles, and scale developer-driven security.
Resources to get you started
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
SCW Trust Agent - Visibility and Control to Scale Developer Driven Security
SCW Trust Agent, introduced by Secure Code Warrior, offers security leaders the visibility and control needed to scale developer-driven security within organizations. By connecting to code repositories, it assesses code commit metadata, inspects developers, programming languages used, and shipment timestamps to determine developers' security knowledge.
Copy/Paste is a dangerous coding technique
![](https://cdn.prod.website-files.com/5fec9210c1841a6c20c6ce81/6022b776b0be15f2098c7840_5fb34b7dc6f9b75ec109c61b_CutnPaste.webp)
Researchers from VirginiaTech released a paper after analysing hundreds of posts on the most popular developer forum (Stack Overflow). They looked at the type of questions asked around security, the most popular answers given by the community and the effect it has on code software engineers.
Not a real surprise for people who have been in Cyber Security for a while, but more awareness is needed around this problem from a developer perspective:
- Security features provided by coding frameworks (e.g. JAVA Spring) are overly complicated and poorly documented
- A substantial number of developers do not appear to understand the security implications of coding options, showing a lack of cyber security training
- Many of the suggestions and "fixes" on these forums are not secure but were getting positives votes and thus higher in ratings
The report suggests the following solutions:
- Workforce retraining
- Semi-Automating security bug detection and fixing
We need to make security easy for developers and built-in from the start in order to maintain the speed in which businesses operate today.
"The significance of this work is that we provided empirical evidence for a significant number of alarming secure coding issues, which have not been previously reported," the paper says. "These issues are due to a variety of reasons, including the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries."
https://www.theregister.com/2017/09/29/java_security_plagued_stack_overflow/
Resources to get you started
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
SCW Trust Agent - Visibility and Control to Scale Developer Driven Security
SCW Trust Agent, introduced by Secure Code Warrior, offers security leaders the visibility and control needed to scale developer-driven security within organizations. By connecting to code repositories, it assesses code commit metadata, inspects developers, programming languages used, and shipment timestamps to determine developers' security knowledge.
Trust Agent by Secure Code Warrior
Discover SCW Trust Agent, an innovative solution designed to enhance security by aligning developer secure code knowledge and skills with the work they commit. It provides comprehensive visibility and controls across an organization's entire code repository, analyzing each commit against developers' secure code profiles. With SCW Trust Agent, organizations can strengthen their security posture, optimize development lifecycles, and scale developer-driven security.