Abstract-Online programming discussion platforms such as Stack Overflow serve as a rich source of information for software developers. Available information include vibrant discussions and oftentimes ready-to-use code snippets. Previous research identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that software developers copy and paste code snippets from those information sources for convenience reasons. Such behavior results in a constant flow of community-provided code snippets into production software. To date, the impact of this behaviour on code security is unknown.We answer this highly important question by quantifying the proliferation of security-related code snippets from Stack Overflow in Android applications available on Google Play. Access to the rich source of information available on Stack Overflow including ready-to-use code snippets provides huge benefits for software developers. However, when it comes to code security there are some caveats to bear in mind: Due to the complex nature of code security, it is very difficult to provide ready-to-use and secure solutions for every problem. Hence, integrating a security-related code snippet from Stack Overflow into production software requires caution and expertise. Unsurprisingly, we observed insecure code snippets being copied into Android applications millions of users install from Google Play every day.To quantitatively evaluate the extent of this observation, we scanned Stack Overflow for code snippets and evaluated their security score using a stochastic gradient descent classifier. In order to identify code reuse in Android applications, we applied state-of-the-art static analysis. Our results are alarming: 15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet.
Stack Overflow (SO) is the most popular online Q&A site for developers to share their expertise in solving programming issues. Given multiple answers to certain questions, developers may take the accepted answer, the answer from a person with high reputation, or the one frequently suggested. However, researchers recently observed that SO contains exploitable security vulnerabilities in the suggested code of popular answers, which found their way into security-sensitive highprofile applications that millions of users install every day. This observation inspires us to explore the following questions: How much can we trust the security implementation suggestions on SO? If suggested answers are vulnerable, can developers rely on the community's dynamics to infer the vulnerability and identify a secure counterpart?To answer these highly important questions, we conducted a comprehensive study on security-related SO posts by contrasting secure and insecure advice with the community-given content evaluation. Thereby, we investigated whether SO's gamification approach on incentivizing users is effective in improving security properties of distributed code examples. Moreover, we traced the distribution of duplicated samples over given answers to test whether the community behavior facilitates or prevents propagation of secure and insecure code suggestions within SO.We compiled 953 different groups of similar security-related code examples and labeled their security, identifying 785 secure answer posts and 644 insecure answer posts. Compared with secure suggestions, insecure ones had higher view counts (36,508 vs. 18,713), received a higher score (14 vs. 5), and had significantly more duplicates (3.8 vs. 3.0) on average. 34% of the posts provided by highly reputable so-called trusted users were insecure.Our findings show that based on the distribution of secure and insecure code on SO, users being laymen in security rely on additional advice and guidance. However, the communitygiven feedback does not allow differentiating secure from insecure choices. The reputation mechanism fails in indicating trustworthy users with respect to security questions, ultimately leaving other users wandering around alone in a software security minefield.Index Terms-Stack Overflow, crowdsourced knowledge, social dynamics, security implementation K e y P a i r G e n e r a t o r kpg = K e y P a i r G e n e r a t o r . g e t I n s t a n c e ( " RSA " ) ; kpg . i n i t i a l i z e ( 1 0 2 4 ) ; K e y P a i r kp = kpg . g e n e r a t e K e y P a i r ( ) ; RSAPublicKey pub = ( RSAPublicKey ) kp . g e t P u b l i c ( ) ; RSAPrivateKey p r i v = ( RSAPrivateKey ) kp . g e t P r i v a t e ( ) ;Hash: In the context of password-based key derivation, digital signatures, and authentication/authorization, developers may explicitly invoke broken hash functions. Listing 4 shows an example using MD5.
In the context of energy transition and climate change, a combination of highly efficient modern solid oxide fuel cells (SOFC) and thermo‐chemical conversion of biogenic residues could complement other intermittent renewable sources such as wind and solar. In order to reduce required gas cleaning efforts and to increase the process efficiency, the influence of hydrocarbons on SOFC performance is experimentally investigated in this study. For the first time, the operation of Ni/YSZ anode‐supported cells in Jülich F10 stacks is performed with pre‐reformed and with bio‐syngas containing full hydrocarbon content at realistic current densities. Sulfur and other impurities were removed in both cases. No degradation could be observed within normal operation on clean gas. With the tar reformer bypassed, the pressure drop over the stack increased due to severe carbon deposition on the anode substrate and the nickel current collector mesh inside the SOFC stack, so that operation had to be terminated after five hours. This behavior is different from single‐cell tests, where electrochemical degradation is the limiting factor. The results show that improvements are not only necessary for cell materials and that future research must also consider other stack components.
We report on state-of-the-art JÜLICH (Forschungszentrum Jülich) stack with anode-supported solid oxide fuel cells (AS-SOFCs) that have been tested in bio-syngas derived from wood pellets. The sulfur and chlorine were removed after gasification, but the tars were not reformed in the bio-syngas to study the influence of these tars on the degradation of SOFC stack. The total tar content during test was 3.5 g/Nm 3 including benzene, toluene, phenol, m-cresol, naphthalene, and minor traces of undefined tars. The test result shows considerable performance degradation in tar-contaminated syngas. Moreover, the test was stopped after 5 hours of operation due to an increase of the pressure drop in the stack. A post-test analysis was carried out, and heavy carbon deposition was found at the cell anode-support surface and the Ni mesh current collector. Carbon was identified by SEM as numerous carbon fibers. The change of support microstructure was also observed near and under the carbon deposition area, and the dusting of Ni metal was observed in the support and Ni mesh current collector.
Communication in multiagent systems (MASs) is usually governed by agent communication languages (ACLs) and communication protocols carrying a clear cut semantics. With an increasing degree of openness, however, the need arises for more flexible models of communication that can handle the uncertainty associated with the fact that adherence to a supposedly agreed specification of possible conversations cannot be ensured on the side of other agents.As one example for such a model, interaction frames follow an empirical semantics view of communication, where meaning is defined in terms of expected consequences, and allow for a combination of existing expectations with empirical observation of how communication is used in practice.In this paper, we use methods from the fields of case-based reasoning, inductive logic programming and cluster analysis to devise a formal scheme for the acquisition and adaptation of interaction frames from actual conversations, enabling agents to autonomously (i.e. independent of users and system designers) create and maintain a concise model of the different classes of conversation in a MAS on the basis of an initial set of ACL and protocol specifications. This resembles the first rigorous attempt to solve this problem that is decisive for building truly autonomous agents.
Abstract. Given a specification of communication rules in a multiagent system (in the form of protocols, ACL semantics, etc.), the question of how to design appropriate agents that can operate on such a specification is a very important one. In open systems, the problem is complicated even further by the fact that adherence to such a supposedly agreed specification cannot be ensured on the side of other agents. In this paper, we present an architecture for dealing with communication patterns that encompass both a surface structure of admissible message sequences as well as logical constraints for their application. This architecture is based on the InFFrA social reasoning framework and the concept of interaction frames. It assumes an empirical semantics standpoint by which the meaning of communication is pragmatically interpreted through decision-theoretic optimality considerations of a reasoning agent. We introduce the abstract architecture and a formal model and present experimental results from a complex domain to illustrate its usefulness.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.