Open source software ecosystems quality analysis from data sources

Background: Open source software (OSS) and software ecosystems (SECOs) are two consolidated research areas in software engineering. The adoption of OSS by firms, governments, researchers and practitioners has been increasing rapidly in the last decades, and in consequence, they find themselves in a new kind of ecosystem composed by software communities,foundations, developers and partners, namely Open Source Software Ecosystem (OSSECO). In order to perform a systematic quality evaluation of a SECO, it is necessary to define certain types of concrete elements. This means that measures and evaluations should be described (e.g., through thresholds or expert judgment). The quality evaluation of an OSSECO may serve several purposes, for example: adopters of the products of the OSSECO may want to know about the liveliness of the OSSECO (e.g., recent updates); software developers may want to know about the activeness (e.g., how many collaborators are involved and how active they are); and the OSSECO community itself to know about the OSSECO health (e.g., evolving in the right direction). However, the current approaches for evaluating software quality (even those specific for open source software) do not cover all the aspects relevant in an OSSECO from an ecosystem perspective. Goal: The main goal of this PhD thesis is to support the OSSECO quality evaluation by designing a framework that supports the quality evaluation of OSSECOs. Methods: To accomplish this goal, we have used and approach based on design science methodology by Wieringa [1] and the characterization of software engineering proposed by M. Shaw [2], in order to produce a set of artefacts to contribute in thequality evaluation of OSSECOs and to learn about the effects of using these artefacts in practice. Results: We have conducted a systematic mapping to characterize OSSECOs and designed the QuESo framework (a framework to evaluate the OSSECO quality) composed by three artifacts: (i) QuESo-model, a quality model for OSSECOs; (ii) QuESoprocess, a process for conducting OSSECO quality evaluations using the QuESo-model; and (iii) QuESo-tool, a software component to support semi-automatic quality evaluation of OSSECOs. Furthermore, this framework has been validated with a case study on Eclipse. Conclusions: This thesis has contributed to increase the knowledge and understanding of OSSECOs, and to support the qualityevaluation of OSSECOs. [ntecedentes: el software de código abierto (OSS, por sus siglas en inglés) y los ecosistemas de software (SECOs, por sus siglas en inglés) son dos áreas de investigación consolidadas en ingeniería de software. La adopción de OSS por parte de empresas, gobiernos, investigadores y profesionales se ha incrementado rápidamente en las últimas décadas, y, en consecuencia, todos ellos hacen parte de un nuevo tipo de ecosistema formado por comunidades de software, fundaciones, desarrolladores y socios denominado ecosistema de software de código abierto. (OSSECO, por sus siglas en inglés)). Para realizar una evaluación sistemática de la calidad de un SECO, es necesario definir ciertos tipos de elementos concretos. Esto significa que tanto las métricas como las evaluaciones deben ser descritos (por ejemplo, a través de datos históricos o el conocimiento de expertos). La evaluación de la calidad de un OSSECO puede ser de utilidad desde diferentes perspectivas, por ejemplo: los que adoptan los productos del OSSECO pueden querer conocer la vitalidad del OSSECO (por ejemplo, el número de actualizaciones recientes); los desarrolladores de software pueden querer saber sobre la actividad del OSSECO (por ejemplo, cuántos colaboradores están involucrados y qué tan activos son); incluso la propia comunidad del OSSECO para conocer el estado de salud del OSSECO (por ejemplo, si está evolucionando en la dirección correcta). Sin embargo, los enfoques actuales para evaluar la calidad del software (incluso aquellos específicos para el software de código abierto) no cubren todos los aspectos relevantes en un OSSECO desde una perspectiva ecosistémica. Objetivo: El objetivo principal de esta tesis doctoral es apoyar la evaluación de la calidad de OSSECO mediante el diseño de un marco de trabajo que ayude a la evaluación de la calidad de un OSSECO. Métodos: Para lograr este objetivo, hemos utilizado un enfoque basado en la metodología design science propuesta por Wieringa [1]. Adicionalmente, nos hemos basado en la caracterización de la ingeniería de software propuesta por M. Shaw [2], con el fin de construir un conjunto de artefactos que contribuyan en la evaluación de la calidad de un OSSECO y para conocer los efectos del uso de estos artefactos en la práctica. Resultados: Hemos realizado un mapeo sistemático para caracterizar los OSSECOs y hemos diseñado el marco de trabajo denominado QuESo (es un marco de trabajo para evaluar la calidad de los OSSECOs). QuESo a su vez está compuesto por tres artefactos: (i) QuESo-model, un modelo de calidad para OSSECOs; (ii) QuESo-process, un proceso para llevar a cabo las evaluaciones de calidad de OSSECOs utilizando el modelo QuESo; y (iii) QuESo-tool, un conjunto de componentes de software que apoyan la evaluación de calidad de los OSSECOs de manera semiautomática. QuESo ha sido validado con un estudio de caso sobre Eclipse. Conclusiones: esta tesis ha contribuido a aumentar el conocimiento y la comprensión de los OSSECOs, y tambien ha apoyado la evaluación de la calidad de los OSSECO

Open source software ecosystems quality analysis from data sources

Background: Open source software (OSS) and software ecosystems (SECOs) are two consolidated research areas in software engineering. The adoption of OSS by firms, governments, researchers and practitioners has been increasing rapidly in the last decades, and in consequence, they find themselves in a new kind of ecosystem composed by software communities,foundations, developers and partners, namely Open Source Software Ecosystem (OSSECO). In order to perform a systematic quality evaluation of a SECO, it is necessary to define certain types of concrete elements. This means that measures and evaluations should be described (e.g., through thresholds or expert judgment). The quality evaluation of an OSSECO may serve several purposes, for example: adopters of the products of the OSSECO may want to know about the liveliness of the OSSECO (e.g., recent updates); software developers may want to know about the activeness (e.g., how many collaborators are involved and how active they are); and the OSSECO community itself to know about the OSSECO health (e.g., evolving in the right direction). However, the current approaches for evaluating software quality (even those specific for open source software) do not cover all the aspects relevant in an OSSECO from an ecosystem perspective. Goal: The main goal of this PhD thesis is to support the OSSECO quality evaluation by designing a framework that supports the quality evaluation of OSSECOs. Methods: To accomplish this goal, we have used and approach based on design science methodology by Wieringa [1] and the characterization of software engineering proposed by M. Shaw [2], in order to produce a set of artefacts to contribute in thequality evaluation of OSSECOs and to learn about the effects of using these artefacts in practice. Results: We have conducted a systematic mapping to characterize OSSECOs and designed the QuESo framework (a framework to evaluate the OSSECO quality) composed by three artifacts: (i) QuESo-model, a quality model for OSSECOs; (ii) QuESoprocess, a process for conducting OSSECO quality evaluations using the QuESo-model; and (iii) QuESo-tool, a software component to support semi-automatic quality evaluation of OSSECOs. Furthermore, this framework has been validated with a case study on Eclipse. Conclusions: This thesis has contributed to increase the knowledge and understanding of OSSECOs, and to support the qualityevaluation of OSSECOs. [ntecedentes: el software de código abierto (OSS, por sus siglas en inglés) y los ecosistemas de software (SECOs, por sus siglas en inglés) son dos áreas de investigación consolidadas en ingeniería de software. La adopción de OSS por parte de empresas, gobiernos, investigadores y profesionales se ha incrementado rápidamente en las últimas décadas, y, en consecuencia, todos ellos hacen parte de un nuevo tipo de ecosistema formado por comunidades de software, fundaciones, desarrolladores y socios denominado ecosistema de software de código abierto. (OSSECO, por sus siglas en inglés)). Para realizar una evaluación sistemática de la calidad de un SECO, es necesario definir ciertos tipos de elementos concretos. Esto significa que tanto las métricas como las evaluaciones deben ser descritos (por ejemplo, a través de datos históricos o el conocimiento de expertos). La evaluación de la calidad de un OSSECO puede ser de utilidad desde diferentes perspectivas, por ejemplo: los que adoptan los productos del OSSECO pueden querer conocer la vitalidad del OSSECO (por ejemplo, el número de actualizaciones recientes); los desarrolladores de software pueden querer saber sobre la actividad del OSSECO (por ejemplo, cuántos colaboradores están involucrados y qué tan activos son); incluso la propia comunidad del OSSECO para conocer el estado de salud del OSSECO (por ejemplo, si está evolucionando en la dirección correcta). Sin embargo, los enfoques actuales para evaluar la calidad del software (incluso aquellos específicos para el software de código abierto) no cubren todos los aspectos relevantes en un OSSECO desde una perspectiva ecosistémica. Objetivo: El objetivo principal de esta tesis doctoral es apoyar la evaluación de la calidad de OSSECO mediante el diseño de un marco de trabajo que ayude a la evaluación de la calidad de un OSSECO. Métodos: Para lograr este objetivo, hemos utilizado un enfoque basado en la metodología design science propuesta por Wieringa [1]. Adicionalmente, nos hemos basado en la caracterización de la ingeniería de software propuesta por M. Shaw [2], con el fin de construir un conjunto de artefactos que contribuyan en la evaluación de la calidad de un OSSECO y para conocer los efectos del uso de estos artefactos en la práctica. Resultados: Hemos realizado un mapeo sistemático para caracterizar los OSSECOs y hemos diseñado el marco de trabajo denominado QuESo (es un marco de trabajo para evaluar la calidad de los OSSECOs). QuESo a su vez está compuesto por tres artefactos: (i) QuESo-model, un modelo de calidad para OSSECOs; (ii) QuESo-process, un proceso para llevar a cabo las evaluaciones de calidad de OSSECOs utilizando el modelo QuESo; y (iii) QuESo-tool, un conjunto de componentes de software que apoyan la evaluación de calidad de los OSSECOs de manera semiautomática. QuESo ha sido validado con un estudio de caso sobre Eclipse. Conclusiones: esta tesis ha contribuido a aumentar el conocimiento y la comprensión de los OSSECOs, y tambien ha apoyado la evaluación de la calidad de los OSSECOsPostprint (published version

Polyglot software development

The languages we choose to design solutions influence the way we think about the problem, the words we use in discussing it with colleagues, the processes we adopt in developing the software which should solve that problem. Therefore we should strive to use the best language possible for depicting each facet of the system. To do that we have to solve two challenges: i) first of all to understand merits and issues brought by the languages we could adopt and their long reaching effects on the organizations, ii) combine them wisely, trying to reduce the overhead due to their assembling. In the first part of this dissertation we study the adoption of modeling and domain specific languages. On the basis of an industrial survey we individuate a list of benefits attainable through these languages, how frequently they can be reached and which techniques permit to improve the chances to obtain a particular benefit. In the same way we study also the common problems which either prevent or hinder the adoption of these languages. We then analyze the processes through which these languages are employed, studying the relative frequency of the usage of the different techniques and the factors influencing it. Finally we present two case-studies performed in a small and in a very large company, with the intent of presenting the peculiarities of the adoption in different contexts. As consequence of adopting specialized languages, many of them have to be employed to represent the complete solution. Therefore in the second part of the thesis we focus on the integration of these languages. Being this topic really new we performed preliminary studies to first understand the phenomenon, studying the different ways through which languages interact and their effects on defectivity. Later we present some prototypal solutions for i) the automatic spotting of cross-language relations, ii) the design of language integration tool support in language workbenches through the exploitation of common meta-metamodeling. This thesis wants to offer a contribution towards the productive adoption of multiple, specific languages in the same software development project, hence polyglot software development. From this approach we should be able to reduce the complexity due to misrepresentation of solutions, offer a better facilities to think about problems and, finally to be able to solve more difficult problems with our limited brain resources. Our results consists in a better understanding of MDD and DSLs adoption in companies. From that we can derive guidelines for practitioners, lesson learned for deploying in companies, depending on the size of the company, and implications for other actors involved in the process: company management and universities. Regarding cross-language relations our contribution is an initial definition of the problem, supported by some empirical evidence to sustain its importance. The solutions we propose are not yet mature but we believe that from them future work can stem

Open source software ecosystems : a systematic mapping

Context: Open source software (OSS) and software ecosystems (SECOs) are two consolidated research areas in software engineering. OSS influences the way organizations develop, acquire, use and commercialize software. SECOs have emerged as a paradigm to understand dynamics and heterogeneity in collaborative software development. For this reason, SECOs appear as a valid instrument to analyze OSS systems. However, there are few studies that blend both topics together. Objective: The purpose of this study is to evaluate the current state of the art in OSS ecosystems (OSSECOs) research, specifically: (a) what the most relevant definitions related to OSSECOs are; (b) what the particularities of this type of SECO are; and (c) how the knowledge about OSSECO is represented. Method: We conducted a systematic mapping following recommended practices. We applied automatic and manual searches on different sources and used a rigorous method to elicit the keywords from the research questions and selection criteria to retrieve the final papers. As a result, 82 papers were selected and evaluated. Threats to validity were identified and mitigated whenever possible. Results: The analysis allowed us to answer the research questions. Most notably, we did the following: (a) identified 64 terms related to the OSSECO and arranged them into a taxonomy; (b) built a genealogical tree to understand the genesis of the OSSECO term from related definitions; (c) analyzed the available definitions of SECO in the context of OSS; and (d) classified the existing modelling and analysis techniques of OSSECOs. Conclusion: As a summary of the systematic mapping, we conclude that existing research on several topics related to OSSECOs is still scarce (e.g., modelling and analysis techniques, quality models, standard definitions, etc.). This situation calls for further investigation efforts on how organizations and OSS communities actually understand OSSECOs.Peer ReviewedPostprint (author's final draft

Towards a reference framework for open source software adoption

Nowadays, the use of Open Source Software (OSS) components has become a driver for the primary and secondary information technology (IT) sector, among other factors, by the openness and innovation benefits that can give to the organizations, regardless of its business model and activities' nature. Nevertheless, IT companies and organizations still face numerous difficulties and challenges when making the strategic move to OSS. OSS is aligned with new challenges, which mainly derive from the way OSS is produced and the culture and values of OSS communities. In fact, OSS adoption impacts far beyond technology, because it requires a change in the organizational culture and reshaping IT decision-makers mindset. Therefore, this research work proposes a framework to support OSS adopters (i.e., software-related organizations that develop software and/or offer services relate to software) to analyze and evaluate the impact of adopting OSS as part of their software products and/or services offered to their customers/users, mainly in terms of their software related activities.Peer ReviewedPostprint (published version

The temporality of technical debt introduction on new code and confounding factors

Code Technical Debt (TD) is intentionally or unintentionally created when developers introduce inefficiencies in the codebase. This can be attributed to various reasons such as heavy workload, tight delivery schedule, or developers’ lack of experience. Since a software system grows mostly through the addition of new code, it is interesting to study how TD fluctuates along this process. Specifically, in this paper, we investigate: (a) the temporality of code TD introduction in new code, i.e., whether the introduction of TD is stable across the lifespan of the project, or if its evolution presents spikes; and (b) the relation of TD introduction to the development team’s workload in a given period, as well as to the experience of the development team. To answer these questions, we have performed a case study on 47 open-source projects from two well-known ecosystems (Apache and Eclipse) as well as additional isolated projects from GitHub (not selected from a specific ecosystem) and inspected the number of TD issues introduced in 6-month sliding temporal windows. The results of the study suggested that: (a) overall, the number of TD issues introduced through new code is a stable measure, although it presents spikes; and (b) the number of commits performed, as well as developers’ experience are not strongly correlated to the number of introduced TD issues.</p

Using the dual-level modeling approach to develop applications for pervasive healthcare

Health information technology is the area of IT involving the design, development, creation, use and maintenance of information systems for the healthcare industry. Automated and interoperable healthcare information systems are expected to lower costs, improve efficiency and reduce error, while also providing better consumer care and service. Pervasive Healthcare focuses on the use of new technologies, tools, and services, to help patients play a more active role in the treatment of their conditions. Pervasive Healthcare environments demand a huge amount of information exchange, and specific technologies have been proposed to provide interoperability between the systems that comprise such environments. However, the complexity of these technologies makes it difficult to fully adopt them and to migrate Centered Healthcare Environments to Pervasive Healthcare Environments. Therefore, this paper proposes an approach to develop applications in the Pervasive Healthcare environment, through the use of dual-level modeling based on Archetypes. This approach was demonstrated and evaluated in a controlled experiment that we conducted in the cardiology department of a hospital located in the city of Marilia (São Paulo, Brazil). An application was developed to evaluate this approach, and the results showed that the approach is suitable for facilitating the development of healthcare systems by offering generic and powerful capabilities

A Security Risk Assessment Method for Distributed Ledger Technology (DLT) based Applications: Three Industry Case Studies

Distributed ledger technologies have gained significant attention and adoption in recent years. Despite various security features distributed ledger technology provides, they are vulnerable to different and new malicious attacks, such as selfish mining and Sybil attacks. While such vulnerabilities have been investigated, detecting and discovering appropriate countermeasures still need to be reported. Cybersecurity knowledge is limited and fragmented in this domain, while distributed ledger technology usage grows daily. Thus, research focusing on overcoming potential attacks on distributed ledgers is required. This study aims to raise awareness of the cybersecurity of distributed ledger technology by designing a security risk assessment method for distributed ledger technology applications. We have developed a database with possible security threats and known attacks on distributed ledger technologies to accompany the method, including sets of countermeasures. We employed a semi-systematic literature review combined with method engineering to develop a method that organizations can use to assess their cybersecurity risk for distributed ledger applications. The method has subsequently been evaluated in three case studies, which show that the method helps to effectively conduct security risk assessments for distributed ledger applications in these organizations