Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow

Richard May; Christian Biermann; Xenia M. Zerweck; Kai Ludwig; Jacob Krüger; Thomas Leich

doi:10.1145/3634713.3634729

Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow

Richard May, Christian Biermann, Xenia M. Zerweck, Kai Ludwig, Jacob Krüger, Thomas Leich

Engineering of Software-Intensive Systems

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

2 Citaten (Scopus)

157 Downloads (Pure)

Samenvatting

The increasing number of attacks exploiting system vulnerabilities in recent years underpins the growing importance of security; especially for software comprising configuration options that may cause unintended vulnerabilities. So, not surprisingly, developers discuss secure software configurations extensively, for instance, via community-question-answering systems like Stack Overflow. In this exploratory study, we analyzed 651 Stack Overflow posts from 2013 until 2022 to investigate what vulnerabilities in the context of configuring software developers discuss. We employed a manual data analysis and automated topic modeling using Latent Dirichlet Allocation to identify and classify relevant topics and contexts. Our results show that vulnerabilities in the context of configuring receive more and more interest, with most posts discussing issues related to faulty security configurations and dependencies causing vulnerabilities that could be or have actually been exploited. Overall, we contribute insights into configuration and security issues that developers experience in the real world. Such insights help researchers and practitioners understand and resolve these issues, thereby guiding future improvements.

Originele taal-2	Engels
Titel	VaMoS '24
Subtitel	Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems
Redacteuren	Timo Kehrer, Marianne Huchard, Leopoldo Teixeira, Christian Birchler
Uitgeverij	Association for Computing Machinery, Inc
Pagina's	112-122
Aantal pagina's	11
ISBN van elektronische versie	979-8-4007-0877-0
DOI's	https://doi.org/10.1145/3634713.3634729
Status	Gepubliceerd - 7 feb. 2024
Evenement	18th International Working Conference on Variability Modelling of Software-Intensive Systems, VaMoS 2024 - Bern, Zwitserland Duur: 7 feb. 2024 → 9 feb. 2024

Congres

Congres	18th International Working Conference on Variability Modelling of Software-Intensive Systems, VaMoS 2024
Verkorte titel	VaMoS 2024
Land/Regio	Zwitserland
Stad	Bern
Periode	7/02/24 → 9/02/24

Toegang tot document

10.1145/3634713.3634729

May2024MisconfiguredFinale auteursversie , 773 KB
pdfDefinitieve gepubliceerde versie, 847 KBLicentie: TAVERNE

https://jacobkrueger.github.io/assets/papers/May2024Misconfigured.pdf

Andere bestanden en links

Link naar publicatie in Scopus

Citeer dit

May, R., Biermann, C., Zerweck, X. M., Ludwig, K., Krüger, J., & Leich, T. (2024). Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow. In T. Kehrer, M. Huchard, L. Teixeira, & C. Birchler (editors), VaMoS '24: Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems (blz. 112-122). Association for Computing Machinery, Inc. https://doi.org/10.1145/3634713.3634729

May, Richard ; Biermann, Christian ; Zerweck, Xenia M. et al. / Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow. VaMoS '24: Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems. redacteur / Timo Kehrer ; Marianne Huchard ; Leopoldo Teixeira ; Christian Birchler. Association for Computing Machinery, Inc, 2024. blz. 112-122

@inproceedings{efa96fa75e4a4276a77492e66f437d4a,

title = "Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow",

abstract = "The increasing number of attacks exploiting system vulnerabilities in recent years underpins the growing importance of security; especially for software comprising configuration options that may cause unintended vulnerabilities. So, not surprisingly, developers discuss secure software configurations extensively, for instance, via community-question-answering systems like Stack Overflow. In this exploratory study, we analyzed 651 Stack Overflow posts from 2013 until 2022 to investigate what vulnerabilities in the context of configuring software developers discuss. We employed a manual data analysis and automated topic modeling using Latent Dirichlet Allocation to identify and classify relevant topics and contexts. Our results show that vulnerabilities in the context of configuring receive more and more interest, with most posts discussing issues related to faulty security configurations and dependencies causing vulnerabilities that could be or have actually been exploited. Overall, we contribute insights into configuration and security issues that developers experience in the real world. Such insights help researchers and practitioners understand and resolve these issues, thereby guiding future improvements.",

keywords = "Variability, Configuration, Vulnerability management, Security, Stack Overflow, Community-question answering system, security, configuration, community-question-answering system, vulnerability management",

author = "Richard May and Christian Biermann and Zerweck, {Xenia M.} and Kai Ludwig and Jacob Kr{\"u}ger and Thomas Leich",

year = "2024",

month = feb,

day = "7",

doi = "10.1145/3634713.3634729",

language = "English",

pages = "112--122",

editor = "Timo Kehrer and Marianne Huchard and Leopoldo Teixeira and Christian Birchler",

booktitle = "VaMoS '24",

publisher = "Association for Computing Machinery, Inc",

address = "United States",

note = "18th International Working Conference on Variability Modelling of Software-Intensive Systems, VaMoS 2024, VaMoS 2024 ; Conference date: 07-02-2024 Through 09-02-2024",

}

May, R, Biermann, C, Zerweck, XM, Ludwig, K, Krüger, J & Leich, T 2024, Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow. in T Kehrer, M Huchard, L Teixeira & C Birchler (uitgave), VaMoS '24: Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems. Association for Computing Machinery, Inc, blz. 112-122, 18th International Working Conference on Variability Modelling of Software-Intensive Systems, VaMoS 2024, Bern, Zwitserland, 7/02/24. https://doi.org/10.1145/3634713.3634729

Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow. / May, Richard; Biermann, Christian; Zerweck, Xenia M. et al.
VaMoS '24: Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems. uitgave / Timo Kehrer; Marianne Huchard; Leopoldo Teixeira; Christian Birchler. Association for Computing Machinery, Inc, 2024. blz. 112-122.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow

AU - May, Richard

AU - Biermann, Christian

AU - Zerweck, Xenia M.

AU - Ludwig, Kai

AU - Krüger, Jacob

AU - Leich, Thomas

PY - 2024/2/7

Y1 - 2024/2/7

N2 - The increasing number of attacks exploiting system vulnerabilities in recent years underpins the growing importance of security; especially for software comprising configuration options that may cause unintended vulnerabilities. So, not surprisingly, developers discuss secure software configurations extensively, for instance, via community-question-answering systems like Stack Overflow. In this exploratory study, we analyzed 651 Stack Overflow posts from 2013 until 2022 to investigate what vulnerabilities in the context of configuring software developers discuss. We employed a manual data analysis and automated topic modeling using Latent Dirichlet Allocation to identify and classify relevant topics and contexts. Our results show that vulnerabilities in the context of configuring receive more and more interest, with most posts discussing issues related to faulty security configurations and dependencies causing vulnerabilities that could be or have actually been exploited. Overall, we contribute insights into configuration and security issues that developers experience in the real world. Such insights help researchers and practitioners understand and resolve these issues, thereby guiding future improvements.

AB - The increasing number of attacks exploiting system vulnerabilities in recent years underpins the growing importance of security; especially for software comprising configuration options that may cause unintended vulnerabilities. So, not surprisingly, developers discuss secure software configurations extensively, for instance, via community-question-answering systems like Stack Overflow. In this exploratory study, we analyzed 651 Stack Overflow posts from 2013 until 2022 to investigate what vulnerabilities in the context of configuring software developers discuss. We employed a manual data analysis and automated topic modeling using Latent Dirichlet Allocation to identify and classify relevant topics and contexts. Our results show that vulnerabilities in the context of configuring receive more and more interest, with most posts discussing issues related to faulty security configurations and dependencies causing vulnerabilities that could be or have actually been exploited. Overall, we contribute insights into configuration and security issues that developers experience in the real world. Such insights help researchers and practitioners understand and resolve these issues, thereby guiding future improvements.

KW - Variability

KW - Configuration

KW - Vulnerability management

KW - Security

KW - Stack Overflow

KW - Community-question answering system

KW - security

KW - configuration

KW - community-question-answering system

KW - vulnerability management

UR - http://www.scopus.com/inward/record.url?scp=85184284565&partnerID=8YFLogxK

U2 - 10.1145/3634713.3634729

DO - 10.1145/3634713.3634729

M3 - Conference contribution

SP - 112

EP - 122

BT - VaMoS '24

A2 - Kehrer, Timo

A2 - Huchard, Marianne

A2 - Teixeira, Leopoldo

A2 - Birchler, Christian

PB - Association for Computing Machinery, Inc

T2 - 18th International Working Conference on Variability Modelling of Software-Intensive Systems, VaMoS 2024

Y2 - 7 February 2024 through 9 February 2024

ER -

May R, Biermann C, Zerweck XM, Ludwig K, Krüger J, Leich T. Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow. In Kehrer T, Huchard M, Teixeira L, Birchler C, redacteurs, VaMoS '24: Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems. Association for Computing Machinery, Inc. 2024. blz. 112-122 doi: 10.1145/3634713.3634729

Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow

Samenvatting

Congres

Toegang tot document

Andere bestanden en links

Vingerafdruk

Citeer dit