A Different Kind of Smell: Security Smells in Infrastructure as Code Scripts

Akond Rahman and Laurie Williams in IEEE Security and Privacy (S&P) Magazine, 2021 Pre-print

In this paper we summarize our recent research findings related to infrastructure as code (IaC) scripts where we have identified 67,801 occurrences of security smells that include 9,175 hard-coded passwords. We hope our paper will facilitate awareness amongst practitioners who use IaC.