6,437 research outputs found
Interpersonal Conflicts During Code Review
Code review consists of manual inspection, discussion, and judgment of source code by developers other than the code's author. Due to discussions around competing ideas and group decision-making processes, interpersonal conflicts during code reviews are expected. This study systematically investigates how developers perceive code review conflicts and addresses interpersonal conflicts during code reviews as a theoretical construct. Through the thematic analysis of interviews conducted with 22 developers, we confirm that conflicts during code reviews are commonplace, anticipated and seen as normal by developers. Even though conflicts do happen and carry a negative impact for the review, conflicts-if resolved constructively-can also create value and bring improvement. Moreover, the analysis provided insights on how strongly conflicts during code review and its context (i.e., code, developer, team, organization) are intertwined. Finally, there are aspects specific to code review conflicts that call for the research and application of customized conflict resolution and management techniques, some of which are discussed in this paper. Data and material: https://doi.org/10.5281/zenodo.584879
Stourbridge College: report from the Inspectorate (FEFC inspection report; 42/94 and 34/98)
The Further Education Funding Council has a legal duty to make sure further education in England is properly assessed. The FEFC’s inspectorate inspects and reports on each college of further education according to a four-year cycle. This record comprises the reports for periods 1993-94 and 1997-98
Mitigating Turnover with Code Review Recommendation: Balancing Expertise, Workload, and Knowledge Distribution
Developer turnover is inevitable on software projects and leads to knowledge loss, a reduction in productivity, and an increase in defects. Mitigation strategies to deal with turnover tend to disrupt and increase workloads for developers. In this work, we suggest that through code review recommendation we can distribute knowledge and mitigate turnover with minimal impact on the development process. We evaluate review recommenders in the context of ensuring expertise during review, Expertise, reducing the review workload of the core team, CoreWorkload, and reducing the
Files at Risk to turnover, FaR. We find that prior work that assigns reviewers based on file ownership concentrates knowledge on a small group of core developers increasing risk of knowledge loss
from turnover by up to 65%. We propose learning and retention aware review recommenders that when combined are effective at reducing the risk of turnover by -29% but they unacceptably reduce
the overall expertise during reviews by -26%. We develop the Sophia recommender that suggest experts when none of the files under review are hoarded by developers but distributes knowledge when files are at risk. In this way, we are able to simultaneously increase expertise during review with a ΔExpertise of 6%, with a negligible impact on workload of ΔCoreWorkload of 0.09%, and reduce the files at risk by ΔFaR -28%. Sophia is integrated into GitHub pull requests allowing developers to select an appropriate expert or “learner” based on the context of the review. We release the Sophia bot as well as the code and data for replication purposes
An Efficient Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications
Defects in requirements specifications can have severe consequences during
the software development lifecycle. Some of them may result in poor product
quality and/or time and budget overruns due to incorrect or missing quality
characteristics, such as security. This characteristic requires special
attention in web applications because they have become a target for
manipulating sensible data. Several concerns make security difficult to deal
with. For instance, security requirements are often misunderstood and
improperly specified due to lack of security expertise and emphasis on security
during early stages of software development. This often leads to unspecified or
ill-defined security-related aspects. These concerns become even more
challenging in agile contexts, where lightweight documentation is typically
produced. To tackle this problem, we designed an approach for reviewing
security-related aspects in agile requirements specifications of web
applications. Our proposal considers user stories and security specifications
as inputs and relates those user stories to security properties via Natural
Language Processing. Based on the related security properties, our approach
identifies high-level security requirements from the Open Web Application
Security Project (OWASP) to be verified, and generates a reading technique to
support reviewers in detecting defects. We evaluate our approach via three
experiment trials conducted with 56 novice software engineers, measuring
effectiveness, efficiency, usefulness, and ease of use. We compare our approach
against using: (1) the OWASP high-level security requirements, and (2) a
perspective-based approach as proposed in contemporary state of the art. The
results strengthen our confidence that using our approach has a positive impact
(with large effect size) on the performance of inspectors in terms of
effectiveness and efficiency.Comment: Preprint accepted for publication at the Requirements Engineering
journal. arXiv admin note: text overlap with arXiv:1906.1143
- …