The evolution of the laws of software evolution. A discussion based on a systematic literature review

After more than 40 years of life, software evolution should be considered as a mature field. However, despite such a long history, many research questions still remain open, and controversial studies about the validity of the laws of software evolution are common. During the first part of these 40 years the laws themselves evolved to adapt to changes in both the research and the software industry environments. This process of adaption to new paradigms, standards, and practices stopped about 15 years ago, when the laws were revised for the last time. However, most controversial studies have been raised during this latter period. Based on a systematic and comprehensive literature review, in this paper we describe how and when the laws, and the software evolution field, evolved. We also address the current state of affairs about the validity of the laws, how they are perceived by the research community, and the developments and challenges that are likely to occur in the coming years

Analysis of operating system diversity for intrusion tolerance

One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper, we present a study with operating system's (OS's) vulnerability data from the NIST National Vulnerability Database (NVD). We have analyzed the vulnerabilities of 11 different OSs over a period of 18 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSs. Hence, although there are a few caveats on the use of NVD data to support definitive conclusions, our analysis shows that by selecting appropriate OSs, one can preclude (or reduce substantially) common vulnerabilities from occurring in the replicas of the intrusion-tolerant system

“It Takes All Kinds”: A Simulation Modeling Perspective on Motivation and Coordination in Libre Software Development Projects

This paper presents a stochastic simulation model to study implications of the mechanisms by which individual software developers’ efforts are allocated within large and complex open source software projects. It illuminates the role of different forms of “motivations-at-the-margin” in the micro-level resource allocation process of distributed and decentralized multi-agent engineering undertakings of this kind. We parameterize the model by isolating the parameter ranges in which it generates structures of code that share certain empirical regularities found to characterize actual projects. We find that, in this range, a variety of different motivations are represented within the community of developers. There is a correspondence between the indicated mixture of motivations and the distribution of avowed motivations for engaging in FLOSS development, found in the survey responses of developers who were participants in large projects.free and open source software (FLOSS), libre software engineering, maintainability, reliability, functional diversity, modularity, developers’ motivations, user-innovation, peer-esteem, reputational reward systems, agent-based modeling, stochastic simulation, stigmergy, morphogenesis.

Improving Open Source Software Maintenance

Maintenance is inevitable for almost any software. Software maintenance is required to fix bugs, to add new features, to improve performance, and/or to adapt to a changed environment. In this article, we examine change in cognitive complexity and its impacts on maintenance in the context of open source software (OSS). Relationships of the change in cognitive complexity with the change in the number of reported bugs, time taken to fix the bugs, and contributions from new developers are examined and are all found to be statistically significant. In addition, several control variables, such as software size, age, development status, and programmer skills are included in the analyses. The results have strong implications for OSS project administrators; they must continually measure software complexity and be actively involved in managing it in order to have successful and sustainable OSS products

An Investigation into quality assurance of the Open Source Software Development model

A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of PhilosophyThe Open Source Software Development (OSSD) model has launched products in rapid succession and with high quality, without following traditional quality practices of accepted software development models (Raymond 1999). Some OSSD projects challenge established quality assurance approaches, claiming to be successful through partial contrary techniques of standard software development. However, empirical studies of quality assurance practices for Open Source Software (OSS) are rare (Glass 2001). Therefore, further research is required to evaluate the quality assurance processes and methods within the OSSD model. The aim of this research is to improve the understanding of quality assurance practices under the OSSD model. The OSSD model is characterised by a collaborative, distributed development approach with public communication, free participation, free entry to the project for newcomers and unlimited access to the source code. The research examines applied quality assurance practices from a process view rather than from a product view. The research follows ideographic and nomothetic methodologies and adopts an antipositivist epistemological approach. An empirical research of applied quality assurance practices in OSS projects is conducted through the literature research. The survey research method is used to gain empirical evidence about applied practices. The findings are used to validate the theoretical knowledge and to obtain further expertise about practical approaches. The findings contribute to the development of a quality assurance framework for standard OSSD approaches. The result is an appropriate quality model with metrics that the requirements of the OSSD support. An ideographic approach with case studies is used to extend the body of knowledge and to assess the feasibility and applicability of the quality assurance framework. In conclusion, the study provides further understanding of the applied quality assurance processes under the OSSD model and shows how a quality assurance framework can support the development processes with guidelines and measurements

The Impact of Social Netowrking on Software Design Quality and Development Effort in Open Source Projects

This paper focuses on Open Source (OS) social networks. The literature indicates that OS networks have a few nodes with a number of relationships significantly higher than the network’s average, called hubs. It also provides numerous metrics that help verify whether a node is a hub, called centrality metrics. This paper posits that higher values of centrality metrics are positively correlated with project success. Second, it posits that higher values of centrality metrics are positively correlated with the ability of a project to attract new contributions. Third, it posits that projects with greater success have a lower software design quality. Hypotheses are tested on a sample of 56 applications written in Java from the SourceForge.net online OS repository. The corresponding social network is built by considering all the contributors, both developers and administrators, of our application sample and all contributors directly or indirectly connected with them within SourceForge.net, with a total of 57,142 nodes. Empirical results support our hypotheses, indicating that centrality metrics are significant drivers of project success that should be monitored from the perspective of a project administrator or team manager. However, they also prove that successful projects tend to have a significantly lower design quality of software. This has a number of consequences that could be visible to users and cause negative feedback effects over time

A Comprehensive Review and Synthesis of Open Source Research

The open source movement has grown steadily and matured in recent years, and this growth has been mirrored by a rise in open source related research. The objective of this paper is to pause and reflect on the state of the field. We start by conducting a comprehensive literature review of open source research, and organize the resulting 618 peer-reviewed articles into a taxonomy. Elements of this taxonomy are defined and described. We then draw on a number of existing categorization schemes to develop a framework to situate open source research within a wider nomological network. Building on concepts from systems theory, we propose a holistic framework of open source research. This framework incorporates current research, as represented by the taxonomy, identifies gaps and areas of overlap, and charts a path for future work

Assessing the effect of source code characteristics on changeability

Maintenance is the phase of the software lifecycle that comprises any modification after the delivery of an application. Modifications during this phase include correcting faults, improving internal attributes, as well as adapting the application to different environments. As application knowledge and architectural integrity degrade over time, so does the facility with which changes to the application are introduced. Thus, eliminating source code that presents characteristics that hamper maintenance becomes necessary if the application is to evolve. We group these characteristics under the term Source Code Issues. Even though there is support for detecting Source Code Issues, the extent of their harmfulness for maintenance remains unknown. One of the most studied Source Code Issue is cloning. Clones are duplicated code, usually created as programmers copy, paste, and customize existing source code. However, there is no agreement on the harmfulness of clones. This thesis proposes and follows a novel methodology to assess the effect of clones on the changeability of methods. Changeability is the ease with which a source code entity is modified. It is assessed through metrics calculated from the history of changes of the methods. The impact of clones on the changeability of methods is measured by comparing the metrics of methods that contain clones to those that do not. Source code characteristics are then tested to establish whether they are endemic of methods whose changeability decay increase when cloned. In addition to findings on the harmfulness of cloning, this thesis contributes a methodology that can be applied to assess the harmfulness of other Source Code Issues. The contributions of this thesis are twofold. First, the findings answer the question about the harmfulness of clones on changeability by showing that cloned methods are more likely to change, and that some cloned methods have significantly higher changeability decay when cloned. Furthermore, it offers a characterization of such harmful clones. Second, the methodology provides a guide to analyze the effect of Source Code Characteristics in changeability; and therefore, can be adapted for other Source Code Issues