stackoverflowknows October 11, 2021

Shift to remote work prompted more cybersecurity questions than any breach

For this edition of Stack Overflow Knows, we did a deep dive into cybersecurity topics across Stack Overflow and Stack Exchange sites to spotlight trends and reflect on how conversations are evolving within the developer and technical community.
Avatar for David Gibson
Senior Data Analyst

Happy Cybersecurity Awareness Month! For this edition of Stack Overflow Knows, we did a deep dive into cybersecurity topics across Stack Overflow and Stack Exchange sites to spotlight trends and reflect on how conversations are evolving within the developer and technical community. We uncovered some findings—some surprising, some not so surprising. Check it out.

Activity spikes around major breaches

Up until recently (see the next section), security-related activity across the public platform appeared to be tied to major breaches. Some of the most publicized breaches in internet history prompted spikes in cybersecurity-related questions.

Time series chart company questions asked on Stack Overflow related to security and questions asked on comparing Security Stack Exchange site. Stack Overflow peak in early 2020 during the pandemic, and Information Security Stack Exchange questions peak in late 2016 after significant data breaches.

The initial spike and climb in questions on Stack Overflow and new users in the Information Security Stack Exchange came in 2011, following the Sony and Target breach disclosures. Another increase in questions and new users in the Information Security Stack Exchange followed the eBay and Home Depot breaches that made headlines in 2014. The biggest peak in questions and new users in the Information Security Stack Exchange came right after Yahoo! disclosed its 2013 breach in 2016 and later announced another larger breach at the end of the same year.

Time series chart company new users to Stack Overflow that asked a security question and new users on Information Security Stack Exchange site. Stack Overflow peaked in early 2020 during the pandemic reaching, and Information Security Stack Exchange questions peaked in late 2016 after significant data breaches reaching 3,000 users.

The pandemic trumps any breach

While one-off security incidents led to spikes of interest in security, none rivaled the global impact of a massive shift to remote work. The trend of increased questions and new user spikes following security incidents got disrupted in 2020. Stack Overflow saw an undeniable pandemic-related spike at the beginning of 2020 when the shift to remote work prompted a nearly 60% increase in questions related to authentication. The volume of security-related questions at the start of lockdown exceeded that of any year in Stack Overflow history.

Bar chart comparing questions asked on Stack Overflow related to security and questions asked on Information Security Stack Exchange site by year. Stack Overflow hit an all-time high in 2020 while Information Security Stack Exchange questions peaked in late 2016 and began to decline.

Exploited vulnerabilities trigger the most developer questions

What’s perhaps more interesting is the correlations we’re seeing when it comes to types of security incidents and volume of questions. We’re seeing the number of security-related questions increasing in tandem with the volume of exploited vulnerability-related breaches. In short, when there’s a breach due to a software vulnerability, cybersecurity-related questions within the developer community rise too. In the wake of a breach, it’s only natural to make sure you’re not at risk of suffering the same fate ASAP, but aren’t quite sure where to start. Quick, to Stack Overflow!

Stacked bar chart comparing count of known data breaches by type and year; Exploited vulnerability, other and records stolen.

Source: Information is Beautiful

Stacked bar chart comparing the count of known data breaches against security-related questions asked.

Light at the end of the tunnel?

There’s clear connections between highly-publicized breaches occurring and corresponding rises in security-related questions and new users for the Information Security Stack Exchange. Exploited software vulnerabilities trigger the most developer questions on the public platform. Yet, the onset of the pandemic and the shift to remote work prompted a higher volume of questions on Stack Overflow than any breach in platform history.

The battle to protect against threat actors will never subside, but there is an optimistic takeaway to be found here. We’re seeing a culture of learning in action. While vulnerabilities are inevitable, developers shifted from just reacting to breaches to proactively trying to secure everyone during the move to remote work. When a security incident happens, the Stack Overflow community asks questions and looks for answers. And as we all know, learning starts with asking a question.

We’d love to know what you think. If you have a suggestion for what we should explore next, email us or share on social with the hashtag #StackOverflowKnows.

Tags: , ,
Podcast logo The Stack Overflow Podcast is a weekly conversation about working in software development, learning to code, and the art and culture of computer programming.

Related

The Overflow Newsletter Banner
newsletter October 22, 2021

The Overflow #96: A database built for a firehose

Welcome to ISSUE #96 of The Overflow! This newsletter is by developers, for developers, written and curated by the Stack Overflow team and Cassidy Williams at Netlify. This week: what drives growth in cybersecurity questions on Stack Overflow, teaching an AI to bid on properties in Monopoly, and every talk from Jamstack Conf 2021 in one handy playlist.…