Richard May, Christian Biermann, Xenia Marlene Zerweck, Kai Ludwig, Jacob Krüger, Thomas Leich
Technical Track
 | Haus der Universität, Schlösslistrasse 5, 3008 Bern, Switzerland |
 | 7 February 2024, 13:50 CET |
 | Richard May |
 | Maximilian Heisinger |
 | https://dl.acm.org/doi/10.1145/3634713.3634729 |
The increasing number of attacks exploiting system vulnerabilities in recent years underpins the growing importance of security; especially for software comprising configuration options that may cause unintended vulnerabilities. So, not surprisingly, developers discuss secure software configurations extensively, for instance, via community-question-answering systems like Stack Overflow. In this exploratory study, we analyzed 651 Stack Overflow posts from 2013 until 2022 to investigate what vulnerabilities in the context of configuring software developers discuss. We employed a manual data analysis and automated topic modeling using Latent Dirichlet Allocation to identify and classify relevant topics and contexts. Our results show that vulnerabilities in the context of configuring receive more and more interest, with most posts discussing issues related to faulty security configurations and dependencies causing vulnerabilities that could be or have actually been exploited. Overall, we contribute insights into configuration and security issues that developers experience in the real world. Such insights help researchers and practitioners understand and resolve these issues, thereby guiding future improvements.