Announcement

The company does not vet community-contributed commands. All use is at your own risk. In principle it's possible for an unscrupulous programmer to include code -- not just as Stata commands but as operating system calls, and so on -- that is destructive or has other unwelcome effects.

At the same time,

1. Most community-contributed commands have a clear provenance, with identifiable authors and affiliations. Other things being equal, distrust code more if you can't relate it to a source, some person or persons still active in the community in some way.

2. Most commands are transparent as code that is readable text. You can see what the program does! Naturally it is easier to read through a command with 30 lines of code to see what it does than one with 3000 lines. (Exception: plug-ins or compiled Mata libraries distributed without source code.)

3. Statalist and other forums exist to publicise anything untoward. More generally, using commands that are already widely used is a good strategy.

4. People who want to steal your secrets, mess up your computer, or extract money from you have many better ways to try that than to write and distribute free Stata code.

I've not heard of anything to worry about in nearly 30 years of using Stata and writing Stata programs. You only need to worry about speed, bugs and poor documentation!

When I submitted my first command to SSC, I figured I would hear back in a few days after it had been tested and vetted. When I got an email an hour later saying the program was up and available, I realized things didn’t quite work the way I expected.

I think the biggest risk with user-written programs is that they will give the wrong results. That is a risk with Stata’s own commands, of course, but most authors aren’t going to do the kind of testing StataCorps is. If the program is wrong and anybody is using it, there is a good chance that sooner or later the problem will be caught and fixed.

People who submit programs should realize that users are counting on them to get it right — and if problems are found the authors should fix them. Only very rarely have I found a program that did have a problem and the author wouldn’t take care of it.

Hi Nick and Richard,

I am sincerely grateful for your answers. I completely understand the situation, but I am indeed somewhat assured that there is no reason to expect some security issues with the user-written commands. I do understand it is at my own risk, but I am positive that it will be alright, and I will make sure to do my research and check the source of the user-written commands. Thanks for sharing your views on it in any case, it is appreciated.

Best,

Satya

Hi Nick and Richard,

I am sincerely grateful for your answers. I completely understand the situation, but I am indeed somewhat assured that there is no reason to expect some security issues with the user-written commands. I do understand it is at my own risk, but I am positive that it will be alright, and I will make sure to do my research and check the source of the user-written commands. Thanks for sharing your views on it in any cas

Best,

Satya

Hi Nick and Richard,

I am sincerely grateful for your answers. I completely understand the situation, but I am indeed somewhat assured that there is no reason to expect some security issues with the user-written commands. I do understand it is at my own risk, but I am positive that it will be alright, and I will make sure to do my research and check the source of the user-written commands. Thanks for sharing your views on it in any cas

Best,

Satya