The significance of this work is that we provided empirical evidence for a significant number of alarming secure coding issues, which have not been previously reported
Researchers from VirginiaTech released a paper after analysing hundreds of posts on the most popular developer forum (Stack Overflow). They looked at the type of questions asked around security, the most popular answers given by the community and the effect it has on code software engineers.
Not a real surprise for people who have been in Cyber Security for a while, but more awareness is needed around this problem from a developer perspective:
The report suggests the following solutions:
We need to make security easy for developers and built-in from the start in order to maintain the speed in which businesses operate today.
"The significance of this work is that we provided empirical evidence for a significant number of alarming secure coding issues, which have not been previously reported," the paper says. "These issues are due to a variety of reasons, including the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries."
https://www.theregister.com/2017/09/29/java_security_plagued_stack_overflow/