---

Secure Coding In Java: Bad Online Advice And Confusing APIs

For programmers and software developers, the Internet forums provide a great place to exchange knowledge and seek answers to concrete coding conundrums. Alas, they are not always the source of accurate information.

A group of Virginia Tech researchers has analyzed hundreds of posts on Stack Overflow, a popular developer forum/Q&A site, and found that many of the developers who offer answers do not appear to understand the security implications of coding options, showing a lack of cybersecurity training. Another thing they discovered is that, sometimes, the most upvoted posts/answers contain insecure suggestions that introduce security vulnerabilities in software, while correct fixes are less popular and visible simply because they have been offered by users with a lower reputation score.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis