Integrating Empirical Software Engineering practice in South America

Empirical software engineering (ESE) is a sub-domain of software engineering which focuses on experiments on software systems. Its main interest lies on devising software experiments, on collecting data from these experiments, and on formulating laws and theories from these data. In South America there is a group of researchers that are involved in this topic and have interests in common. This project propose the integration of their work in order to reply the experimentation done in different countries contributing to the increase of empirical software engineering body of knowledge. At this time several publications have been done with the collaboration of master students.Eje: Ingeniería de SoftwareRed de Universidades con Carreras en Informática (RedUNCI

Integrating Empirical Software Engineering practice in South America

Empirical software engineering (ESE) is a sub-domain of software engineering which focuses on experiments on software systems. Its main interest lies on devising software experiments, on collecting data from these experiments, and on formulating laws and theories from these data. In South America there is a group of researchers that are involved in this topic and have interests in common. This project propose the integration of their work in order to reply the experimentation done in different countries contributing to the increase of empirical software engineering body of knowledge. At this time several publications have been done with the collaboration of master students.Eje: Ingeniería de SoftwareRed de Universidades con Carreras en Informática (RedUNCI

Worse Than Spam: Issues In Sampling Software Developers

Background: Reaching out to professional software developers is a crucial part of empirical software engineering research. One important method to investigate the state of practice is survey research. As drawing a random sample of professional software developers for a survey is rarely possible, researchers rely on various sampling strategies. Objective: In this paper, we report on our experience with different sampling strategies we employed, highlight ethical issues, and motivate the need to maintain a collection of key demographics about software developers to ease the assessment of the external validity of studies. Method: Our report is based on data from two studies we conducted in the past. Results: Contacting developers over public media proved to be the most effective and efficient sampling strategy. However, we not only describe the perspective of researchers who are interested in reaching goals like a large number of participants or a high response rate, but we also shed light onto ethical implications of different sampling strategies. We present one specific ethical guideline and point to debates in other research communities to start a discussion in the software engineering research community about which sampling strategies should be considered ethical.Comment: 6 pages, 2 figures, Proceedings of the 2016 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2016), ACM, 201

The Nature of evidence in empirical software engineering

In this paper, we argue that the gap between empirical software engineering and software engineering practice might be lessened if more attention were paid to two important aspects of evidence. The first is that evidence from case or field studies of actual software engineering practice is essential in order to understand and inform that practice. The second is that the nature of evidence should fit the purpose to which the evidence is going to be put. One type of evidence is not per se better than another. For example, the evidence required to persuade a manager to change an aspect of practice might be totally different in nature from that required to deepen the academic community's understanding of such practice

An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications

This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in selected packages within the repository. The methodological approach builds on a release-based time series analysis of the conditional probabilities for the releases of the packages to be vulnerable. According to the results, many of the Python vulnerabilities observed seem to be only modestly severe; input validation and cross-site scripting have been the most typical vulnerabilities. In terms of the time series analysis based on the release histories, only the recent past is observed to be relevant for statistical predictions; the classical Markov property holds.Comment: Forthcoming in: Proceedings of the 9th International Workshop on Empirical Software Engineering in Practice (IWESEP 2018), Nara, IEE

Integrating Empirical Software Engineering practice in South America

Empirical software engineering (ESE) is a sub-domain of software engineering which focuses on experiments on software systems. Its main interest lies on devising software experiments, on collecting data from these experiments, and on formulating laws and theories from these data. In South America there is a group of researchers that are involved in this topic and have interests in common. This project propose the integration of their work in order to reply the experimentation done in different countries contributing to the increase of empirical software engineering body of knowledge. At this time several publications have been done with the collaboration of master students.Eje: Ingeniería de SoftwareRed de Universidades con Carreras en Informática (RedUNCI

Bayesian Data Analysis in Empirical Software Engineering Research

Statistics comes in two main flavors: frequentist and Bayesian. For historical and technical reasons, frequentist statistics have traditionally dominated empirical data analysis, and certainly remain prevalent in empirical software engineering. This situation is unfortunate because frequentist statistics suffer from a number of shortcomings---such as lack of flexibility and results that are unintuitive and hard to interpret---that curtail their effectiveness when dealing with the heterogeneous data that is increasingly available for empirical analysis of software engineering practice. In this paper, we pinpoint these shortcomings, and present Bayesian data analysis techniques that provide tangible benefits---as they can provide clearer results that are simultaneously robust and nuanced. After a short, high-level introduction to the basic tools of Bayesian statistics, we present the reanalysis of two empirical studies on the effectiveness of automatically generated tests and the performance of programming languages. By contrasting the original frequentist analyses with our new Bayesian analyses, we demonstrate the concrete advantages of the latter. To conclude we advocate a more prominent role for Bayesian statistical techniques in empirical software engineering research and practice.Comment: To appear in IEEE Transactions on Software Engineerin