2 research outputs found
Characterizing and Understanding Software Developer Networks in Security Development
To build secure software, developers often work together during software
development and maintenance to find, fix, and prevent security vulnerabilities.
Examining the nature of developer interactions during their security activities
regarding security introducing and fixing activities can provide insights for
improving current practices.
In this work, we conduct a large-scale empirical study to characterize and
understand developers' interactions during their security activities regarding
security introducing and fixing, which involves more than 16K security fixing
commits and over 28K security introducing commits from nine large-scale
open-source software projects. For our analysis, we first examine whether a
project is a hero-centric project when assessing developers' contribution in
their security activities. Then we study the interaction patterns between
developers, explore how the distribution of the patterns changes over time, and
study the impact of developers' interactions on the quality of projects. In
addition, we also characterize the nature of developer interaction in security
activities in comparison to developer interaction in non-security activities
(i.e., introducing and fixing non-security bugs). Among our findings we
identify that: most of the experimental projects are non hero-centric projects
when evaluating developers' contribution by using their security activities;
there exist common dominating interaction patterns across our experimental
projects; the distribution of interaction patterns has correlation with the
quality of software projects. We believe the findings from this study can help
developers understand how vulnerabilitiesoriginate and fix under the
interactions of software developers
A systematic mapping study of developer social network research
Developer social networks (DSNs) are a tool for the analysis of community
structures and collaborations between developers in software projects and
software ecosystems. Within this paper, we present the results of a systematic
mapping study on the use of DSNs in software engineering research. We
identified 255 primary studies on DSNs. We mapped the primary studies to
research directions, collected information about the data sources and the size
of the studies, and conducted a bibliometric assessment. We found that nearly
half of the research investigates the structure of developer communities. Other
frequent topics are prediction systems build using DSNs, collaboration behavior
between developers, and the roles of developers. Moreover, we determined that
many publications use a small sample size regarding the number of projects,
which could be problematic for the external validity of the research. Our study
uncovered several open issues in the state of the art, e.g., studying
inter-company collaborations, using multiple information sources for DSN
research, as well as general lack of reporting guidelines or replication
studies.Comment: Accepted at the Journal of Systems and Softwar