Study on The Security Level of “Security Stack Exchange”: How Trustable Are Code Snippets on This Platform

Master Thesis

The goal of this thesis was to analyse posts and answers on Security Stack Exchange with respect to their security.

Previous work analyzed the security of question-and-answer platforms like Stack Overflow on security and identified that the majority of the answers is insecure. However, an evaluation of security-specific platforms was missing.

This thesis evaluated snippets for the programming language Java on Security Stack Exchange with respect to their security. We evaluated 82 code snippets of which 50 (61 %) were secure. For the use case of symmetric encryption, we found that half of the snippets were insecure, e.g., due to snippets for algorithms which are not longer considered as secure like DES.

Publications

  • Mohsen Fasihi Yazdi: Study on The Security Level of “Security Stack Exchange”: How Trustable Are Code Snippets on This Platform.