Our Senior Developer Copy-Pasted From Stack Overflow. This is What Happened
We have a senior developer on the case, and The Secret Developer had the pleasure of carrying out a code review on their work.
We can all make slips and mistakes, but The Secret Developer was shocked when they saw the following.
The Code
“I wanted to put the actual code I’ve seen in a pull request here but I’m nervous that my secret identity will be found.
So instead, I’ve put some code here that is ‘like’ the code I reviewed. Believe me this was a full pull request, not a draft or a branch. Ready to go into production.”
“When a developer is so lazy that they copy code from Stack Overflow they have my respect. None of us should be putting in more effort than is actually required.
However, when the avoidance of work goes so far that they’ve left the comments to describe what is going on this, is another thing entirely, it’s incompetence.”
The Risks of Copy-Pasting Code: Security and Licensing Concerns
In the world of software development, the temptation to copy-paste code from resources like Stack Overflow is ever-present. It promises a quick fix, a momentary shortcut through the thickets of coding challenges.
“As I’ve explained above it does also lay bare the incompetence of the programmer who is responsible. It shows a developer who prioritizes speed over diligence and whose work carries risks to all involved. Let us take a look at these issues in turn.”
Security Risks
Code snippets available online are not always vetted for security. They might contain vulnerabilities, ranging from simple bugs to serious security flaws like SQL injections or cross-site scripting vulnerabilities. Integrating code, you don’t understand into a production codebase opens up your project to potential malicious attacks.
Code that does not operate correctly
Online code often lacks context. It’s a fragment, a solution to a specific problem, detached from broader security considerations. Developers might overlook how this snippet interacts with other parts of their system, potentially creating loopholes in what was previously a good-quality application. Does the code adhere to the project’s coding standards? It’s hard for a developer to justify that it does when essentially, they haven’t written the code themselves. It might contain obsolete practices or not adhere to security protocols. Even worse external code might have dependencies the ‘developer’ hasn’t considered in their copy-paste software development process.
The Legal Landmines
It’s been clear for some time. Code from Stack Overflow isn’t available for use on close-source software and should be attributed. If a developer does not do this, you need to question their judgement in coding as well as their ethics.
Risk mitigation
To mitigate these risks, it’s crucial for developers, especially those in senior positions, to:
Thoroughly review and understand any external code they intend to use.
Regularly update and audit dependencies for security vulnerabilities.
Ensure compliance with all relevant software licenses and copyrights.
Consider writing custom code where feasible, particularly for critical system components.
Conclusion
“It’s often said that only fools jump in. When we copy-paste solutions from the Internet we need to make sure that we’ve considered the ramifications of doing so.
Who am I kidding? I think if you’re doing this, you’re so incompetent that you shouldn’t be working in software development at all. Senior developer? I think you can’t be serious.”