Lazy developers who copy solutions to tricky programming problems are creating apps that are vulnerable to attack, research suggests.
A team of computer scientists looked at more than 72,000 chunks of code found on the Stack Overflow website. The site is popular with developers seeking advice on the best way to fix broken code. But researchers found many of the most copied snippets lacked basic checks that would stop common attacks. The dangerous code chunks often used obsolete functions, did little to check user responses and did not look for attempts to break the application, said the study. The researchers, also trawled through a website where many developers upload and share the code behind their apps and programmes. The most widely used insecure code blocks turned up in more than 2,800 separate projects on the Github website, they found.