In »Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery« (PDF) a bunch of researchers from TU Berlin, TU Braunschweig and Trend Micro are testing the hypothesis that people copy code from Stack Overflow even if it is bad code.
That is, one rotten tutorial can spoil the lot:
Based on our assertion, we hypothesize that vulnerability discovery can be seeded by code snippets such as those found in top-ranked tutorials. Viewed from an adversarial standpoint, we present a novel approach for bootstrapping vulnerability discovery at scale. Our main intuition is that recurring vulnerabilities can be found by recognizing, and subsequently looking for patterns in code that correspond to the original vulnerability. We refer to instances of these patterns as code analogues throughout the rest of the paper. Our expectation is that if such a pattern recurs, so will the corresponding vulnerability.