84 research outputs found
Understanding the Heterogeneity of Contributors in Bug Bounty Programs
Background: While bug bounty programs are not new in software development, an
increasing number of companies, as well as open source projects, rely on
external parties to perform the security assessment of their software for
reward. However, there is relatively little empirical knowledge about the
characteristics of bug bounty program contributors. Aim: This paper aims to
understand those contributors by highlighting the heterogeneity among them.
Method: We analyzed the histories of 82 bug bounty programs and 2,504 distinct
bug bounty contributors, and conducted a quantitative and qualitative survey.
Results: We found that there are project-specific and non-specific contributors
who have different motivations for contributing to the products and
organizations. Conclusions: Our findings provide insights to make bug bounty
programs better and for further studies of new software development roles.Comment: 6 pages, ESEM 201
OSS integration issues and community support: an integrator perspective
The reuse and integration of Open Source Software (OSS) components provided by OSS communities is becoming an economical and strategic need for today’s organizations. The integration of OSS components provides many benefits, but also risks and challenges. One of the most important risks is the lack of effective and timely OSS community support for dealing with possible integration problems. For gaining an understanding of the common problems that organizations face when integrating OSS components, and the role played by OSS communities, we performed an exploratory study on 25 OSS integration projects from different European organizations. The results show that the main way of reducing integration problems was the use of OSS components from well-established communities; therefore very few integration problems were identified. In most of the cases these problems were successfully solved with the support from the OSS community and/or colleagues. In addition, contrary to the common belief that understanding code from someone else is a hard and undesirable task, some integrators consider OSS code even more understandable than their own code.Peer ReviewedPostprint (author's final draft
Effort estimation of FLOSS projects: A study of the Linux kernel
This is the post-print version of the Article. The official published version can be accessed from the link below - Copyright @ 2011 SpringerEmpirical research on Free/Libre/Open Source Software (FLOSS) has shown that developers tend to cluster around two main roles: “core” contributors differ from “peripheral” developers in terms of a larger number of responsibilities and a higher productivity pattern. A further, cross-cutting characterization of developers could be achieved by associating developers with “time slots”, and different patterns of activity and effort could be associated to such slots. Such analysis, if replicated, could be used not only to compare different FLOSS communities, and to evaluate their stability and maturity, but also to determine within projects, how the effort is distributed in a given period, and to estimate future needs with respect to key points in the software life-cycle (e.g., major releases). This study analyses the activity patterns within the Linux kernel project, at first focusing on the overall distribution of effort and activity within weeks and days; then, dividing each day into three 8-hour time slots, and focusing on effort and activity around major releases. Such analyses have the objective of evaluating effort, productivity and types of activity globally and around major releases. They enable a comparison of these releases and patterns of effort and activities with traditional software products and processes, and in turn, the identification of company-driven projects (i.e., working mainly during office hours) among FLOSS endeavors. The results of this research show that, overall, the effort within the Linux kernel community is constant (albeit at different levels) throughout the week, signalling the need of updated estimation models, different from those used in traditional 9am–5pm, Monday to Friday commercial companies. It also becomes evident that the activity before a release is vastly different from after a release, and that the changes show an increase in code complexity in specific time slots (notably in the late night hours), which will later require additional maintenance efforts
Myths and Realities about Online Forums in Open Source Software Development: An Empirical Study
The use of free and open source software (OSS) is gaining momentum due to the
ever increasing availability and use of the Internet. Organizations are also
now adopting open source software, despite some reservations, in particular
regarding the provision and availability of support. Some of the biggest
concerns about free and open source software are post release software defects
and their rectification, management of dynamic requirements and support to the
users. A common belief is that there is no appropriate support available for
this class of software. A contradictory argument is that due to the active
involvement of Internet users in online forums, there is in fact a large
resource available that communicates and manages the provision of support. The
research model of this empirical investigation examines the evidence available
to assess whether this commonly held belief is based on facts given the current
developments in OSS or simply a myth, which has developed around OSS
development. We analyzed a dataset consisting of 1880 open source software
projects covering a broad range of categories in this investigation. The
results show that online forums play a significant role in managing software
defects, implementation of new requirements and providing support to the users
in open source software and have become a major source of assistance in
maintenance of the open source projects
Crowdsourced User-Testing
The presented thesis investigates facilitating software quality assurance in open source communities through a human computation platform. Inexperienced community members can contribute formalized user testing data, which is then aggregated and presented to the developers. The implemented prototype, named open crowdsourced user-testing suite (OPEN-CUTS), was evaluated in a usability study in the UBports Community. The viability of this approach has been demonstrated, and further goals for research and development are proposed
- …