A Different Kind of Smell: Security Smells in Infrastructure as Code Scripts

In this paper we summarize our recent research findings related to infrastructure as code (IaC) scripts where we have identified 67,801 occurrences of security smells that include 9,175 hard-coded passwords. We hope our paper will facilitate awareness amongst practitioners who use IaC.