Understanding the Heterogeneity of Contributors in Bug Bounty Programs

Background: While bug bounty programs are not new in software development, an increasing number of companies, as well as open source projects, rely on external parties to perform the security assessment of their software for reward. However, there is relatively little empirical knowledge about the characteristics of bug bounty program contributors. Aim: This paper aims to understand those contributors by highlighting the heterogeneity among them. Method: We analyzed the histories of 82 bug bounty programs and 2,504 distinct bug bounty contributors, and conducted a quantitative and qualitative survey. Results: We found that there are project-specific and non-specific contributors who have different motivations for contributing to the products and organizations. Conclusions: Our findings provide insights to make bug bounty programs better and for further studies of new software development roles.Comment: 6 pages, ESEM 201

OSS integration issues and community support: an integrator perspective

The reuse and integration of Open Source Software (OSS) components provided by OSS communities is becoming an economical and strategic need for today’s organizations. The integration of OSS components provides many benefits, but also risks and challenges. One of the most important risks is the lack of effective and timely OSS community support for dealing with possible integration problems. For gaining an understanding of the common problems that organizations face when integrating OSS components, and the role played by OSS communities, we performed an exploratory study on 25 OSS integration projects from different European organizations. The results show that the main way of reducing integration problems was the use of OSS components from well-established communities; therefore very few integration problems were identified. In most of the cases these problems were successfully solved with the support from the OSS community and/or colleagues. In addition, contrary to the common belief that understanding code from someone else is a hard and undesirable task, some integrators consider OSS code even more understandable than their own code.Peer ReviewedPostprint (author's final draft

Effort estimation of FLOSS projects: A study of the Linux kernel

This is the post-print version of the Article. The official published version can be accessed from the link below - Copyright @ 2011 SpringerEmpirical research on Free/Libre/Open Source Software (FLOSS) has shown that developers tend to cluster around two main roles: “core” contributors differ from “peripheral” developers in terms of a larger number of responsibilities and a higher productivity pattern. A further, cross-cutting characterization of developers could be achieved by associating developers with “time slots”, and different patterns of activity and effort could be associated to such slots. Such analysis, if replicated, could be used not only to compare different FLOSS communities, and to evaluate their stability and maturity, but also to determine within projects, how the effort is distributed in a given period, and to estimate future needs with respect to key points in the software life-cycle (e.g., major releases). This study analyses the activity patterns within the Linux kernel project, at first focusing on the overall distribution of effort and activity within weeks and days; then, dividing each day into three 8-hour time slots, and focusing on effort and activity around major releases. Such analyses have the objective of evaluating effort, productivity and types of activity globally and around major releases. They enable a comparison of these releases and patterns of effort and activities with traditional software products and processes, and in turn, the identification of company-driven projects (i.e., working mainly during office hours) among FLOSS endeavors. The results of this research show that, overall, the effort within the Linux kernel community is constant (albeit at different levels) throughout the week, signalling the need of updated estimation models, different from those used in traditional 9am–5pm, Monday to Friday commercial companies. It also becomes evident that the activity before a release is vastly different from after a release, and that the changes show an increase in code complexity in specific time slots (notably in the late night hours), which will later require additional maintenance efforts

Myths and Realities about Online Forums in Open Source Software Development: An Empirical Study

The use of free and open source software (OSS) is gaining momentum due to the ever increasing availability and use of the Internet. Organizations are also now adopting open source software, despite some reservations, in particular regarding the provision and availability of support. Some of the biggest concerns about free and open source software are post release software defects and their rectification, management of dynamic requirements and support to the users. A common belief is that there is no appropriate support available for this class of software. A contradictory argument is that due to the active involvement of Internet users in online forums, there is in fact a large resource available that communicates and manages the provision of support. The research model of this empirical investigation examines the evidence available to assess whether this commonly held belief is based on facts given the current developments in OSS or simply a myth, which has developed around OSS development. We analyzed a dataset consisting of 1880 open source software projects covering a broad range of categories in this investigation. The results show that online forums play a significant role in managing software defects, implementation of new requirements and providing support to the users in open source software and have become a major source of assistance in maintenance of the open source projects

Crowdsourced User-Testing

The presented thesis investigates facilitating software quality assurance in open source communities through a human computation platform. Inexperienced community members can contribute formalized user testing data, which is then aggregated and presented to the developers. The implemented prototype, named open crowdsourced user-testing suite (OPEN-CUTS), was evaluated in a usability study in the UBports Community. The viability of this approach has been demonstrated, and further goals for research and development are proposed