Code-sharing leads to widespread bug sharing that black-hats can track
Developers’ enthusiasm for sharing code saves their colleagues’ time, but also means they share security bugs they haven’t noticed. And that means a smart attacker could follow who’s shared what with whom to trawl the Web for vulnerabilities.
That sobering idea comes from a group of German researchers with help from Trend Micro. Their straightforward reasoning: if they were able to find recurrent Web application vulnerabilities in reused code snippets, it won’t be difficult for black hats to do the same.