Happy Cybersecurity Awareness Month! For this edition of Stack Overflow Knows, we did a deep dive into cybersecurity topics across Stack Overflow and Stack Exchange sites to spotlight trends and reflect on how conversations are evolving within the developer and technical community. We uncovered some findings—some surprising, some not so surprising. Check it out.
Activity spikes around major breaches
Up until recently (see the next section), security-related activity across the public platform appeared to be tied to major breaches. Some of the most publicized breaches in internet history prompted spikes in cybersecurity-related questions.
The initial spike and climb in questions on Stack Overflow and new users in the Information Security Stack Exchange came in 2011, following the Sony and Target breach disclosures. Another increase in questions and new users in the Information Security Stack Exchange followed the eBay and Home Depot breaches that made headlines in 2014. The biggest peak in questions and new users in the Information Security Stack Exchange came right after Yahoo! disclosed its 2013 breach in 2016 and later announced another larger breach at the end of the same year.
The pandemic trumps any breach
While one-off security incidents led to spikes of interest in security, none rivaled the global impact of a massive shift to remote work. The trend of increased questions and new user spikes following security incidents got disrupted in 2020. Stack Overflow saw an undeniable pandemic-related spike at the beginning of 2020 when the shift to remote work prompted a nearly 60% increase in questions related to authentication. The volume of security-related questions at the start of lockdown exceeded that of any year in Stack Overflow history.
Exploited vulnerabilities trigger the most developer questions
What’s perhaps more interesting is the correlations we’re seeing when it comes to types of security incidents and volume of questions. We’re seeing the number of security-related questions increasing in tandem with the volume of exploited vulnerability-related breaches. In short, when there’s a breach due to a software vulnerability, cybersecurity-related questions within the developer community rise too. In the wake of a breach, it’s only natural to make sure you’re not at risk of suffering the same fate ASAP, but aren't quite sure where to start. Quick, to Stack Overflow!
Source: Information is Beautiful
Light at the end of the tunnel?
There’s clear connections between highly-publicized breaches occurring and corresponding rises in security-related questions and new users for the Information Security Stack Exchange. Exploited software vulnerabilities trigger the most developer questions on the public platform. Yet, the onset of the pandemic and the shift to remote work prompted a higher volume of questions on Stack Overflow than any breach in platform history.
The battle to protect against threat actors will never subside, but there is an optimistic takeaway to be found here. We’re seeing a culture of learning in action. While vulnerabilities are inevitable, developers shifted from just reacting to breaches to proactively trying to secure everyone during the move to remote work. When a security incident happens, the Stack Overflow community asks questions and looks for answers. And as we all know, learning starts with asking a question.
We’d love to know what you think. If you have a suggestion for what we should explore next, email us or share on social with the hashtag #StackOverflowKnows.