Characterizing and Understanding Software Developer Networks in Security Development

To build secure software, developers often work together during software development and maintenance to find, fix, and prevent security vulnerabilities. Examining the nature of developer interactions during their security activities regarding security introducing and fixing activities can provide insights for improving current practices. In this work, we conduct a large-scale empirical study to characterize and understand developers' interactions during their security activities regarding security introducing and fixing, which involves more than 16K security fixing commits and over 28K security introducing commits from nine large-scale open-source software projects. For our analysis, we first examine whether a project is a hero-centric project when assessing developers' contribution in their security activities. Then we study the interaction patterns between developers, explore how the distribution of the patterns changes over time, and study the impact of developers' interactions on the quality of projects. In addition, we also characterize the nature of developer interaction in security activities in comparison to developer interaction in non-security activities (i.e., introducing and fixing non-security bugs). Among our findings we identify that: most of the experimental projects are non hero-centric projects when evaluating developers' contribution by using their security activities; there exist common dominating interaction patterns across our experimental projects; the distribution of interaction patterns has correlation with the quality of software projects. We believe the findings from this study can help developers understand how vulnerabilitiesoriginate and fix under the interactions of software developers

A systematic mapping study of developer social network research

Developer social networks (DSNs) are a tool for the analysis of community structures and collaborations between developers in software projects and software ecosystems. Within this paper, we present the results of a systematic mapping study on the use of DSNs in software engineering research. We identified 255 primary studies on DSNs. We mapped the primary studies to research directions, collected information about the data sources and the size of the studies, and conducted a bibliometric assessment. We found that nearly half of the research investigates the structure of developer communities. Other frequent topics are prediction systems build using DSNs, collaboration behavior between developers, and the roles of developers. Moreover, we determined that many publications use a small sample size regarding the number of projects, which could be problematic for the external validity of the research. Our study uncovered several open issues in the state of the art, e.g., studying inter-company collaborations, using multiple information sources for DSN research, as well as general lack of reporting guidelines or replication studies.Comment: Accepted at the Journal of Systems and Softwar