What security questions do developers ask? A large-scale study of stack overflow posts

Author

Xinli YANG
David LO, Singapore Management UniversityFollow
Xin XIA
Zhi-Yuan WAN
Jian-Ling SUN

Publication Type

Journal Article

Version

publishedVersion

Publication Date

9-2016

Abstract

Security has always been a popular and critical topic. With the rapid development of information technology, it is always attracting people’s attention. However, since security has a long history, it covers a wide range of topics which change a lot, from classic cryptography to recently popular mobile security. There is a need to investigate security-related topics and trends, which can be a guide for security researchers, security educators and security practitioners. To address the above-mentioned need, in this paper, we conduct a large-scale study on security-related questions on Stack Overflow. Stack Overflow is a popular on-line question and answer site for software developers to communicate, collaborate, and share information with one another. There are many different topics among the numerous questions posted on Stack Overflow and security-related questions occupy a large proportion and have an important and significant position. We first use two heuristics to extract from the dataset the questions that are related to security based on the tags of the posts. And then we use an advanced topic model, Latent Dirichlet Allocation (LDA) tuned using Genetic Algorithm (GA), to cluster different security-related questions based on their texts. After obtaining the different topics of security-related questions, we use their metadata to make various analyses. We summarize all the topics into five main categories, and investigate the popularity and difficulty of different topics as well. Based on the results of our study, we conclude several implications for researchers, educators and practitioners.

Keywords

empirical study, security, Stack Overflow, topic model

Discipline

Computer Sciences | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Journal of Computer Science and Technology

Volume

31

Issue

5

First Page

910

Last Page

924

ISSN

1000-9000

Identifier

10.1007/s11390-016-1672-0

Publisher

Springer Verlag (Germany)

Citation

YANG, Xinli; David LO; XIA, Xin; WAN, Zhi-Yuan; and SUN, Jian-Ling. What security questions do developers ask? A large-scale study of stack overflow posts. (2016). Journal of Computer Science and Technology. 31, (5), 910-924.
Available at: https://ink.library.smu.edu.sg/sis_research/3577

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://doi.org/10.1007/s11390-016-1672-0