GitHub Repository Vulnerability Status

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

ID of issue( Please do NOT edit this)

Which of the following situation for our issue was true? *

The code snippet was vulnerable, and we've fixed it (or planning to fix it).

The code snippet was vulnerable, but we don't want to fix it soon.

The code snippet might've been vulnerable, but it was safe since our inputs were not dynamic.

The code snippet has been changed after copying from Stack Overflow, and that fixed the vulnerability.

The code snippet was not vulnerable! the report was not accurate.

I don't think this code snippet has a vulnerability.

Code snippet has not been found (or deleted by the time of report).

I don't know

Other:

Please Justify Your Choice Above (in couple of sentences)

Automated Analysis of Security Vulnerability in Code Shared in Stack Overflow

This pull request was created based on a review similar code examples posted in Stack Overflow that showed similar code vulnerability.

Could automated vulnerability analyses of code snippets in online forums be useful in your future development tasks?

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

It would be useful

It would not be useful

I don't know

Clear selection

What would be the best way to inform developers of potential vulnerabilities in code examples shared in Stack Overflow?

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

A browser plug-in (e.g., the plug-in will activate when a developer visits Stack Overflow and will show whether a code example in Stack Overflow is vulnerable or not)

A website with links to vulnerable code examples in Stack Overflow

An offline tool that can be run ad-hoc on a Stack Overflow question to inform of security vulnerability

A summary of security vulnerabilities found in Stack Overflow that is communicated via email to interested developers

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

A browser plug-in (e.g., the plug-in will activate when a developer visits Stack Overflow and will show whether a code example in Stack Overflow is vulnerable or not)

A website with links to vulnerable code examples in Stack Overflow

An offline tool that can be run ad-hoc on a Stack Overflow question to inform of security vulnerability

A summary of security vulnerabilities found in Stack Overflow that is communicated via email to interested developers

Clear selection

Do you have any other suggestions to design automated techniques to assist developers to handle security vulnerabilities while using code from online forums? Please write in couple of sentences below

Would you like to informed of such a tool that could be developed in future?

Yes

Maybe

Clear selection

Your email address:

Submit

Clear form

Never submit passwords through Google Forms.

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

Forms