Background: With the proliferation of crowd-sourced developer forums, Software developers are increasingly sharing more coding solution to a programming problem with others in the forums. The decentralized nature of knowledge sharing in the sites has raised the concerns of sharing security vulnerable code, which then can be reused into mission critical software systems - making those systems vulnerable in the process. Collaborative editing is introduced in forums like Stack Overflow to improve the quality of the shared contents.

Aim: In this paper, we investigate whether code editing can mitigate shared vulnerable code examples by analyzing IoT code snippets and their revisions in three Stack Exchange sites: Stack Overflow, Arduino, and Raspberry Pi. With the increased adoption of IoT devices in our everyday life, we have observed growing discussions of IoT solutions in the Stack Exchange forums.

Method: We analyze the vulnerabilities present in Shared IoT C/C++ code snippets, as C/C++ is one of the most widely used language in mission-critical devices and low-powered IoT devices. We further analyse the revisions made to these code snippets, and their effect.

Results: We find several vulnerabilities such as CWE 788 - Access of Memory Location After End of Buffer in 740 code snippets. However, we find the vast majority of posts are not revised, or revisions are not made to the code snippets themselves (598 out of 740). We also find that revisions are most likely to result in no change to the number of vulnerabilities in a code snippet rather than deteriorating or improving the snippet.

Conclusions: We conclude that the current collaborating editing system in the forums may be insufficient to help mitigate vulnerabilities in the shared code.