3,338 research outputs found
An Empirical Study of Security Issues Posted in Open Source Projects
When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features
User Review-Based Change File Localization for Mobile Applications
In the current mobile app development, novel and emerging DevOps practices
(e.g., Continuous Delivery, Integration, and user feedback analysis) and tools
are becoming more widespread. For instance, the integration of user feedback
(provided in the form of user reviews) in the software release cycle represents
a valuable asset for the maintenance and evolution of mobile apps. To fully
make use of these assets, it is highly desirable for developers to establish
semantic links between the user reviews and the software artefacts to be
changed (e.g., source code and documentation), and thus to localize the
potential files to change for addressing the user feedback. In this paper, we
propose RISING (Review Integration via claSsification, clusterIng, and
linkiNG), an automated approach to support the continuous integration of user
feedback via classification, clustering, and linking of user reviews. RISING
leverages domain-specific constraint information and semi-supervised learning
to group user reviews into multiple fine-grained clusters concerning similar
users' requests. Then, by combining the textual information from both commit
messages and source code, it automatically localizes potential change files to
accommodate the users' requests. Our empirical studies demonstrate that the
proposed approach outperforms the state-of-the-art baseline work in terms of
clustering and localization accuracy, and thus produces more reliable results.Comment: 15 pages, 3 figures, 8 table
SocioEconomicMag Meets a Platform for SES-Diverse College Students: A Case Study
Emerging research shows that individual differences in how people use
technology sometimes cluster by socioeconomic status (SES) and that when
technology is not socioeconomically inclusive, low-SES individuals may abandon
it. To understand how to improve technology's SES-inclusivity, we present a
multi-phase case study on SocioEconomicMag (SESMag), an emerging inspection
method for socio+economic inclusivity. In our 16-month case study, a software
team developing a learning management platform used SESMag to evaluate and then
to improve their platform's SES-inclusivity. The results showed that (1) the
practitioners identified SES-inclusivity bugs in 76% of the features they
evaluated; (2) these inclusivity bugs actually arise among low-SES college
students; and (3) the SESMag process pointed ways towards fixing these bugs.
Finally, (4) a user study with SES-diverse college students showed that the
platform's SES-inclusivity eradicated 45-54% of the bugs; for some types of
bugs, the bug instance eradication rate was 80% or higher.Comment: 26 pages, 7 figure
- …