X-Team Blog - The Most-Loved Company for Engineers

Keep These 2 Things in Mind if You Copy Code From Stack Overflow

Written by Thomas De Moor | Jan 21, 2020 5:00:00 AM

Copy-pasting code is generally frowned upon. Firstly, because it's deemed insecure. The authors of this academic paper, for example, discovered 69 vulnerabilities in the 72,483 copied code snippets they investigated. While 69 vulnerabilities might not seem like much in absolute terms, they had spread into 2,859 GitHub projects.

Secondly, copy-pasting code is often seen as a sign of a programmer's incompetence. After all, if you've learned a programming language, why would you want to copy someone else's code? Particularly if writing code is your job!

Of course, the reality is that developers still copy and paste code from places like Stack Overflow, CodePen, and freeCodeCamp. Instead of frowning upon the practice and wagging your finger at the people who do so, the more pragmatic approach is to explain, if you do copy-paste code, what you should keep in mind.

That's what this article intends to do. But first, I'd like to go a little bit deeper on something I wrote above that I'm sure rattled a few developer cages.

Copy-pasting code does not mean incompetence. It simply doesn't. If anything, copying code can make sense, particularly for idioms or boilerplate code, but also when you have a question that someone already wrote a perfect answer for. Why would you write the same thing again? Copying code can make you more efficient, and developers are generally very efficient people.

Let's now dive into the two most important things to keep in mind when you're thinking about copying someone's code.

Give Attribution

Stack Exchange, the company that owns Stack Overflow, says that attribution is required when you copy code from any of their websites. In general, wherever you copy code from, it's best practice to clearly say where you got it from. This can be as simple as adding a comment to your code that links back to the post where you found it.

Not only will this give proper credit to the person who originally wrote the code, but it will also inform the other people reading your code. In turn, they might click the link for more context or be more vigilant when reading through this particular part of your code.

Understand What You're Copying

You need to understand the code you copy. This holds true no matter the scenario. If you're a developer learning a new language, for example, you'll benefit from digging deeper into the code you want to copy to understand why it works the way it does.

Sure, it might take more time than blindly copying code, but you need to put in the time if you want to learn something new. Cutting corners like copying code without understanding it will only hurt you in the long run.

Ideally, you look for all the new terms or concepts in the code and either research them properly or use them in a related way to see if you really understand them.

And when you're not a beginner, blindly copying code will open you up to the security vulnerabilities I mentioned at the beginning of the article. Even if you properly attribute the code, you can't rely on other people to check for vulnerabilities in your code.

The only proper vaccination to security vulnerabilities from copied code is understanding what you've copied and writing the right tests for your code.

If you want to copy code from Stack Overflow or any other source, these are the two most important points to take into consideration: properly give credit to the people you're copying the code from and make sure you fully understand what you're copying.

What do you think? Is this controversial at all? Do you have any other tips to keep in mind when it comes to copying code from a publicly available source?