Phishing remains a prevalent cybersecurity threat. Given its impact, it is important to understand how technically skilled users interpret and respond to such threats. This paper examines how developers and security professionals discuss phishing on Stack Overflow (SO) and Information Security (IS) Stack Exchange in order to understand their concerns, pain points, and investigative practices. We qualitatively analyzed 140 phishing-related questions (60 from SO and 80 from IS) using inductive open coding and developed the Developer Phishing Engagement Framework, which organizes developer activities into four layers: prevention, detection and reporting, mitigation, and planning. Across the two platforms, we find complementary emphases: SO posts focus on implementation hurdles, false positives, and the usability of defenses, whereas IS posts concentrate on post-incident analysis, impact, and ethical considerations around phishing simulations. Developers demonstrate a strong threat mindset but still face workflow friction caused by inconsistent organizational practices, opaque anti-phishing tools, and security measures that conflict with legitimate workflows. Our findings contribute a developer-centered view of phishing that complements existing user-focused models and provides guidance for designing more realistic anti-phishing tools, training, and organizational policies.

Purpose Knowledge contribution in community-driven knowledge-sharing platforms is crucial for fostering innovation and collaboration. However, designing an effective framework to ensure both contribution quality and quantity remains a challenge. To address this, our study explores the impact of a holistic portfolio of gamification features and user motivation on knowledge contribution, focusing on the widely used knowledge-sharing platform Stack Overflow. Design/methodology/approach We conducted a cross-sectional survey informed by a preparatory analysis identifying Stack Overflow's gamification features through literature review and expert validation. The survey was then distributed to Stack Overflow users (n = 236) to test the relationships between the motivational dimensions of gamification features, the motivational state of inspiration, and knowledge contribution using a structural equation model. Findings The results of our study show that the two motivational dimensions achievement-related features and social-related features showed a significant influence on “inspired by”; “inspired by” is a positive predictor of “inspired to”; “inspired to” is a positive predictor of quality and quantity of contribution; and quantity and quality of contributions show a significant relationship. Originality/value The study highlights the potential of inspiration as a motivational state to explain user behavior in Information Systems research. Therefore, the study illuminates the crucial context of knowledge-sharing platforms. In this regard, the study extends existing gamification theories by identifying motivational dimensions of gamification that evoke inspiration and knowledge contributions.

Design Rationale (DR) for software architecture decisions refers to the reasoning underlying architectural choices, which provides valuable insights into the different phases of the architecting process throughout software development. However, in practice, DR is often inadequately documented due to a lack of motivation and effort from developers. With the recent advancements in Large Language Models (LLMs), their capabilities in text comprehension, reasoning, and generation may enable the generation and recovery of DR for architecture decisions. In this study, we evaluated the performance of LLMs in generating DR for architecture decisions. First, we collected 50 Stack Overflow (SO) posts, 25 GitHub issues, and 25 GitHub discussions related to architecture decisions to construct a dataset of 100 architecture-related problems. Then, we selected five LLMs to generate DR for the architecture decisions with three prompting strategies, including zero-shot, chain of thought (CoT), and LLM-based agents. With the DR provided by human experts as ground truth, the Precision of LLM-generated DR with the three prompting strategies ranges from 0.267 to 0.278, Recall from 0.627 to 0.715, and F1-score from 0.351 to 0.389. Besides, 64.45% to 69.42% of the arguments of DR not mentioned by human experts are also helpful, 4.12% to 4.87% of the arguments have uncertain correctness, and 1.59% to 3.24% of the arguments are potentially misleading. To further understand the trustworthiness and applicability of LLM-generated DR in practice, we conducted semi-structured interviews with six practitioners. Based on the experimental and interview results, we discussed the pros and cons of the three prompting strategies, the strengths and limitations of LLM-generated DR, and the implications for the practical use of LLM-generated DR.

LLMs and Stack Overflow discussions: Reliability, impact, and challenges

Over the past decade, social networks have become vital forums for engagement, opinion formation, and information dissemination in areas such as marketing, policymaking, and public health. Identifying key individuals within these networks poses a considerable challenge, especially due to their dynamic nature and broad extent. This article introduces the Adaptive Dynamic Vulture Algorithm (ADVA) as a novel Meta-Heuristic method for improving influence in dynamic social networks. This methodology achieves an optimal balance between exploration and exploitation by prioritizing adaptation to temporal variations in networks and scalability, two aspects often neglected in previous studies. ADVA maintains its efficiency by adaptively adjusting the search methodology in response to changes in network design, such as edge density and node connectivity. The main challenge of this strategy is the computational complexity resulting from the handling of dynamic data. While pruning and indexing approaches alleviate this problem to a degree, they nonetheless result in longer execution times compared to certain alternative solutions. Evaluations on benchmark datasets, such as Stack Overflow and Wiki Talk, demonstrate that ADVA improves penetration by 15% on Stack Overflow and 20% on Wiki Talk compared to prior techniques, while maintaining scalability in large networks. This advantage is attributed to its adaptive techniques and multi-stage optimization; nonetheless, the extended execution time (e.g., 4800 s for a seed size of 60 on Stack Overflow) indicates a need for improvements in computing efficiency.

This paper explores the theoretical foundations and practical applications of functional error handling paradigms, which treat errors as explicit data rather than disruptive control flow events. Grounded in monadic theory and algebraic type systems developed by Moggi (1991) and Wadler (1995), we demonstrate how Result types, Either monads, and pattern matching enforce compile-time safety, exhaustive error handling, and improved composability compared to traditional exception-based approaches. Through mixed-methods analysis combining computational text analysis of 796 Stack Overflow posts (collected August-October 2024) with comparative code examples, we reveal a notable sentiment divergence: value-based error handling generates positive developer sentiment (+0.17) and attracts design-focused discourse emphasizing type safety and architectural principles, while exception-based approaches exhibit negative sentiment (−0.08) despite market dominance (84.4% of discussions), with discourse concentrated on troubleshooting control flow opacity, asynchronous exception propagation, and resource management failures. Sentiment analysis via VADER and topic modeling via Latent Dirichlet Allocation demonstrate that exceptions generate problem-focused discourse reflecting accumulated production challenges, whereas value-based approaches attract exploratory discussion from practitioners seeking more predictable error handling. We present migration strategies using wrapper patterns to integrate functional error handling into legacy codebases without disrupting core business logic. Our findings indicate that while exception-based patterns persist due to language defaults and ecosystem inertia, value-based approaches offer tangible advantages in reliability-critical domains, with positive sentiment suggesting growing practitioner recognition as language support matures and tooling improves.

This study investigates how software developers discuss usability on Stack Overflow through an analysis of posts from 2008 to 2024. Despite recognizing the importance of usability for software success, there is a limited amount of research on developer engagement with usability topics. Using mixed methods that combine quantitative metric analysis and qualitative content review, we examine temporal trends, comparative engagement patterns across eight non-functional requirements, and programming context-specific usability issues. Our findings show a significant decrease in usability posts since 2010, contrasting with other non-functional requirements, such as performance and security. Despite this decline, usability posts exhibit high resolution efficiency, achieving the highest answer and acceptance rates among all topics, suggesting that the community is highly effective at resolving these specialized questions. We identify distinctive platform-specific usability concerns: web development prioritizes responsive layouts and form design; desktop applications emphasize keyboard navigation and complex controls; and mobile development focuses on touch interactions and screen constraints. These patterns indicate a transformation in the sharing of usability knowledge, reflecting the maturation of the field, its integration into frameworks, and the migration to specialized communities. This first longitudinal analysis of usability discussions on Stack Overflow provides insights into developer engagement with usability and highlights opportunities for integrating usability guidance into technical contexts.

Abstract Question-and-answer platforms such as Stack Overflow are an important way for software developers to share and retrieve knowledge. However, reusing poorly understood code can lead to serious problems, such as bugs or security vulnerabilities. To better understand how code comments affect the perceived helpfulness of Stack Overflow answers, we conducted an online experiment simulating a Stack Overflow environment (n=91). The results indicate that both block and inline comments are perceived as significantly more helpful than uncommented source code. Moreover, novices rated code snippets with block comments as more helpful than those with inline comments. Interestingly, other surface features, such as the position of an answer and its answer score, were considered less important. Moreover, the content of Stack Overflow has been a major source for training large language models. AI-based coding assistants such as GitHub Copilot, which are based on these models, are changing the way Stack Overflow is used. However, our findings have implications beyond Stack Overflow. First, they may help to improve the relevance also of other community-driven platforms, which provide human advice and explanations of code solutions, complementing AI-based support for software developers. Second, since chat-based AI tools can be prompted to generate code in different ways, knowing which properties influence perceived helpfulness can lead to more targeted prompting strategies to generate readable code snippets.

Automated social agents-bots-are increasingly central to digital environments, yet definitions of what constitutes a bot vary across expert communities. This article analyses how bots are conceptualised in academic and technological discourse by examining scholarly publications (Scopus) and developer discussions (Stack Overflow). Using computational methods, including keyword-in-context analysis and topic modelling, we trace epistemic differences in bot definitions across disciplines. Findings reveal structural discursive silos, with technical fields emphasising functional properties and social sciences focusing on sociotechnical entanglements. These definitional divergences have implications for research, regulation, and governance in an era of AI-driven automation.

Analysis of the relationship between editing behaviors and questions in Stack Overflow

This study is devoted to the development and testing of a new approach to the classification of software de-velopment tools (ST), based on the analysis of the dataset from the Stack Overflow 2024 developer survey, in order to solve the urgent problem of choosing the optimal technology stack in the context of a variety of technologies. The purpose of the research is to identify the required software development tools, classify them by application areas and relevance to form a knowledge base that can be used to create recommendation systems. Programming languages (PL) were used as an example to demonstrate the method. The process includes the preparation of data from the Stack Overflow dataset, namely, the selection of features such as the type of developer and the tools used by him; cleaning, processing gaps, reducing the types of developers and applying a quantitative classification method. The developed method is based on calculating and normalizing the frequency of use of each language in the context of different types of developers to eliminate the imbalance in the sample. Two key indicators are calculated for each PL: the maximum normalized frequency of use (Cmax) and the coefficient of variation (CV), reflecting the uniformity of its use. Classification into 3 categories – “general purpose”, “industry” and “niche” – is performed by comparing individual indicators of Cmax and CV of the language with their median values for the entire set of languages. The results, presented as a histogram, clearly demonstrate the division of languages: general-purpose (for example, Python, JavaScript), industry-specific, in-demand in specific areas (for example, Swift, Kotlin, R), and niche (for example, Crystal and Delphi). The proposed method forms a structured, data-based view of the technological landscape, which can be useful to developers when choosing tools and lays the foundation for creating recommendation systems.

What problems are MLOps practitioners talking about? A study of discussions in Stack Overflow forum and GitHub projects

Abstract Automatic exploit generation (AEG) refers to the process of automatically finding the path in the program that can trigger vulnerabilities and generate exploits. Typically, the process of finding vulnerabilities requires fuzzing and symbolic execution techniques. The existing AEG usually sets the preset environment ideally, which does not enable all protection mechanisms. This environment is not universally applicable in actual attacks. In the newest version of GCC, the default compilation configuration has enabled all protection mechanisms. In response to this situation, we propose an exploit generation system Protection Bypass Automatic Exploit Generator (PBAEG) which automatically detects some types of stack overflow vulnerabilities and format string vulnerabilities. Then PBAEG combines the above two vulnerabilities to generate exploits. PBAEG uses symbolic execution and dynamic binary analysis to find the above two vulnerabilities, adopts different exploit generation strategies for different protection mechanisms, and defeats Non-Executable, Position-Independent Executable, Canary, and Address Space Layout Randomization (ASLR) protection mechanisms. At the same time, for some difficult-to-exploit situations, advanced stack overflow exploitation methods are applied to generate exploits. Finally, we also use docker to simulate the remote environment to test the ability of PBAEG to attack the remote environment. Experiments show that PBAEG can complete the vulnerability detection and exploitation generation of 124 binary files, 22 capture-the-flag binary files, and 10 public software, which takes a shorter time than the existing AEG and covers more types of vulnerabilities. PBAEG adopts more vulnerability exploitation techniques, can generate exploits in the form of files by using pwntools, and successfully verifies the exploitations generated in the remote simulation environment.

Abstract This study investigates how collaboration is practically accomplished on large-scale online platforms, with scale understood qualitatively as asynchronous and fluid participation. Using Stack Overflow as an empirical case, it specifically examines how users collaboratively frame programming problems through questions, comments and iterative edits. Drawing on the practice-based perspective and ethnomethodology, the study uses trace ethnography and sequential analysis of selected Stack Overflow threads. Findings reveal that profession-specific shared objects (minimal reproducible examples) structured within the platform’s dual-space design, consisting of distinct question and commenting spaces, serve as crucial resources, enabling both immediate and future unknown contributors to understand and effectively engage in problem faming and problem-solving processes. Furthermore, the study identifies key interactional methods, i.e., standardized norm-enforcing requests and explicit referencing, which ensure mutual intelligibility of users’ comments and edits, essential for accomplishing collaboration at scale. The findings contribute to theoretical understandings of mass collaboration, offer design insights for platforms to facilitate the coordination of collaborative activities and provide recommendations for professional education to support productive participation in large-scale collaboration.

A systematic mapping study of crowd knowledge enhanced software engineering research using Stack Overflow

Producing high-quality content through open knowledge collaboration presents a dilemma. Successful quality control requires rejecting contributions that do not align with the aims of an open knowledge collaboration system, yet rejections demotivate new contributors from attempting further contributions. Building on research on the regulation of behavior in online communities and on organizational selection, we theorize how the way rejections are communicated affect new contributors. We leverage a change to the rejection notices used by the Stack Overflow community question-answering service to study the issue empirically. First, we use a regression discontinuity in time design to construct a natural experiment to estimate the average treatment effect of more informative rejection notices on the retention of initially rejected contributors. The results show that notices that better explain the reason for rejecting a contributor’s initial question—and therefore reduce uncertainty about the outcome if the contributor tries again—increase retention by approximately 21.7 percentage points. Second, we use a mediation model to study mechanisms by which more informative rejection notices affect contributor performance. We find that more informative notices affect contributor performance through selection rather than performance improvement. Additional contributors, who are retained because of the more informative rejection notices, ask more questions, on average, whereas we find no evidence of individual contributors improving their performance in terms of the quality or quantity of their contributions. Overall, the results suggest that rejection communications offer low-cost interventions to mitigate the trade-off between new contributor retention and the quality of contributions in open knowledge collaboration. This paper was accepted by Hemant Bhargava, information systems. Funding: Financial support from the Fox School of Business, Temple University (Young Scholar Interdisciplinary Forum) is gratefully acknowledged. Supplemental Material: The online appendix and data files are available at https://doi.org/10.1287/mnsc.2021.02720 .

Practice- and Policy-oriented Abstract Gamification systems such as badge rewards are widely used to encourage user engagement, yet their effectiveness depends heavily on design. This study investigates how badge volume, variety, and valence—the 3Vs—influence knowledge sharing on platforms such as Stack Overflow. Using a structural hidden Markov model with a copula correction for endogeneity, we uncover that badge volume and valence significantly increase both the quantity and quality of user contributions, particularly among inactive and experienced users. However, excessive variety in badge types reduces long-term engagement, suggesting that diversification may dilute motivational focus. Counterfactual simulations reveal that reducing the difficulty of earning answer badges (“volumizing”) enhances contributions, whereas altering the rarity of high-valence badges (e.g., gold) often backfires. These insights highlight the importance of aligning gamification mechanics with user psychology and engagement trajectories. Practically, platforms can personalize badge offerings, offering easy wins for newcomers and prestige rewards for experienced users. Aligning badge incentives with content goals (e.g., Python questions) and visually showcasing rare badge collections can further deepen engagement. Our findings offer actionable guidance for platform designers to refine gamification systems that balance challenge, recognition, and motivation.

Comprehensive predictive analytics for collaborators’ answers, code quality, and dropout: stack overflow case study

Stack overflow vulnerability detection based on BiLSTM-attention KAN deep learning model

Enhancing user interaction and information retrieval in Question and Answer (Q&A) platforms heavily depends on the system’s ability to recognize and handle duplicate queries efficiently. Duplicate or redundant questions lead to clutter, misinformation, and reduced user satisfaction. This approach focuses on developing an intelligent question matching system using a hybrid deep learning architecture to optimize user interactions by detecting semantically similar or repeated questions. The dataset used is the Quora Question Pairs dataset, sourced from the Stack Overflow domain, which comprises labeled pairs of questions marked as either duplicates or non-duplicates. Comprehensive text preprocessing techniques such as stop word removal, stemming, and lemmatization are applied to normalize and refine raw textual data. Following this, Word2Vec is employed to convert the cleaned text into dense vector representations, capturing semantic similarities between word tokens. The core of the architecture integrates Convolutional Neural Networks (CNN) for extracting spatial and local semantic patterns, with bidirectional Long Short-Term Memory (BiLSTM) networks to capture contextual and sequential dependencies in both directions of the question pairs. This hybrid CNN2D + BiLSTM model enables rich feature extraction from question texts, ensuring both short- and long-term contextual relationships are considered. The model achieves a high classification accuracy of 90.25%, outperforming traditional “machine learning and deep learning” models. Metrics of performance assessment together with accuracy, dismissal, accuracy, score F1 and matrix confused validate the robustness and efficiency of the proposed system in correctly identifying duplicate questions. By effectively minimizing duplication and increasing the relevance of responses, this intelligent matching mechanism substantially enhances the user experience, encourages meaningful engagement, and ensures efficient knowledge dissemination in Q&A platforms.