1 research outputs found
Characterizing and Understanding Software Developer Networks in Security Development
To build secure software, developers often work together during software
development and maintenance to find, fix, and prevent security vulnerabilities.
Examining the nature of developer interactions during their security activities
regarding security introducing and fixing activities can provide insights for
improving current practices.
In this work, we conduct a large-scale empirical study to characterize and
understand developers' interactions during their security activities regarding
security introducing and fixing, which involves more than 16K security fixing
commits and over 28K security introducing commits from nine large-scale
open-source software projects. For our analysis, we first examine whether a
project is a hero-centric project when assessing developers' contribution in
their security activities. Then we study the interaction patterns between
developers, explore how the distribution of the patterns changes over time, and
study the impact of developers' interactions on the quality of projects. In
addition, we also characterize the nature of developer interaction in security
activities in comparison to developer interaction in non-security activities
(i.e., introducing and fixing non-security bugs). Among our findings we
identify that: most of the experimental projects are non hero-centric projects
when evaluating developers' contribution by using their security activities;
there exist common dominating interaction patterns across our experimental
projects; the distribution of interaction patterns has correlation with the
quality of software projects. We believe the findings from this study can help
developers understand how vulnerabilitiesoriginate and fix under the
interactions of software developers