Avatud lähtekoodiga tarkvaraprojektide vearaportite ja tehniliste sõltuvuste haldamise analüüsimine

Nüüdisaegses tarkvaraarenduses kasutatakse avatud lähtekoodiga tarkvara komponente, et vähendada korratava töö hulka. Tarkvaraarendajad lisavad vaba lähtekoodiga komponente oma projektidesse, omamata ülevaadet kasutatud komponentide arendamisest ja hooldamisest. Selle töö eesmärk on analüüsida tarkvaraprojektide vearaporteid ja sõltuvuste haldamist ning arendada välja kohased meetodid. Tarkvaraprojektides kasutatakse töö organiseerimiseks veahaldussüsteeme, mille abil hallatakse tööülesandeid, vearaporteid ja uusi kasutajanõudeid. Enamat kui 4000 avatud lähtekoodiga projekti analüüsides selgus, et paljud vearaportid jäävad pikaks ajaks lahendamata. Muu hulgas võib nii ka mõni kriitiline turvaviga parandamata jääda. Doktoritöös arendatakse välja meetod, mis võimaldab automaatselt hinnata vearaporti lahendamiseks kuluvat aega. Meetod põhineb veahaldussüsteemi talletunud andmete analüüsil. Vearaporti eluaja hindamine aitab projektiosalistel prioriseerida tööülesandeid ja planeerida ressursse. Töö teises osas uuritakse, kuidas avatud lähtekoodiga projektide koodis kolmanda poole komponente kasutatakse. Tarkvaraarendajad kasutavad varem väljaarendatud komponente, et kiirendada arendust ja vähendada korratava töö hulka. Samamoodi kasutavad spetsiifilised komponendid veel omakorda teisi komponente, misläbi moodustub komponentide vaheliste seoste kaudu sõltuvuslik võrgustik. Selles doktoritöös analüüsitakse sõltuvuste võrgustikku populaarsete programmeerimiskeelte näidetel. Töö käigus arendatud meetod on rakendatav sõltuvuste võrgustiku struktuuri ja kasvu analüüsimiseks. Töös demonstreeritakse, kuidas võrgustiku struktuuri analüüsi abil saab hinnata tarkvaraprojektide riski hõlmata sõltuvusahela kaudu mõni turvaviga. Doktoritöös arendatud meetodid ja tulemused aitavad avatud lähtekoodiga projektide vearaportite ja tehniliste sõltuvuste haldamise praktikat läbipaistvamaks muuta.Modern software development relies on open-source software to facilitate reuse and reduce redundant work. Software developers use open-source packages in their projects without having insights into how these components are being developed and maintained. The aim of this thesis is to develop approaches for analyzing issue and dependency management in software projects. Software projects organize their work with issue trackers, tools for tracking issues such as development tasks, bug reports, and feature requests. By analyzing issue handling in more than 4,000 open-source projects, we found that many issues are left open for long periods of time, which can result in bugs and vulnerabilities not being fixed in a timely manner. This thesis proposes a method for predicting the amount of time it takes to resolve an issue by using the historical data available in issue trackers. Methods for predicting issue lifetime can help software project managers to prioritize issues and allocate resources accordingly. Another problem studied in this thesis is how software dependencies are used. Software developers often include third-party open-source software packages in their project code as a dependency. The included dependencies can also have their own dependencies. A complex network of dependency relationships exists among open-source software packages. This thesis analyzes the structure and the evolution of dependency networks of three popular programming languages. We propose an approach to measure the growth and the evolution of dependency networks. This thesis demonstrates that dependency network analysis can quantify what is the likelihood of acquiring vulnerabilities through software packages and how it changes over time. The approaches and findings developed here could help to bring transparency into open-source projects with respect to how issues are handled, or dependencies are updated

Discovering mapping between artifact-centric business process models and execution logs

Klassikaliselt on kirjeldatud töövoogusi protsessidele orienteeritud kujul, kus keskendutakse tervele töövoole ja tegevustele selles. Hiljuti on esile kerkinud uudne, artefakti keskne modelleerimine, kus on oluliseks just äriobjektid ning nende vahelised seosed. Artefakti põhised meetodid nõuavad ka muudatusi protsessianalüüsi tehnikates. Üks võimalik protsesside analüüsi meetod on käivituslogide vastavuse kontrollimine protsessi mudeliga, mille abil saab tuvastada kas süsteem käitub nii nagu planeeritud. Mudeli ja logide vastavuse kontrollimiseks on vaja teada, millised sündmused logides vastavad millistele tegevustele mudelis. Töö eemärgiks on automaatselt tuvastada seosed artefakti põhiste protsessimudelites olevate tegevuste ja töövoosüsteemi logides olevate sündmuste vahel. Selline seose tuvastamine pole triviaalne, kuna võib esineda, et sündmuste nimed logides ja tegevuste nimed mudelis ei ole vastavuses. Näiteks ei jälgita samasid standardeid nimetamisel. Samuti on vaja seoste automaatne tuletamine, kui on teada, et logide ja mudeli vahel on mittesobivused ning kõiki sündmuseid ja tegevusi ei saagi vastavusse viia. Automaatne tuvastamine aitab lihtsustada kasutaja tööd. Lahenduseks pakutud meetod kasutab sisendina Procleti põhist mudelit ja käivituslogi süsteemist. Et leida seos mudeli ja logide vahel, viiakse mõlemad graafi kujule. Seosed leitakse iga artefakti kohta eraldi ning ei kasutata infot nende omavahelise suhtluse kohta. Iga artefakti kohta eraldatakse nende Petri võrk ning koostatakse käitumisrelatsioonid, mis väljendavad kuidas on tegevused antud artefaktis omavahel seotud. Sellest koostatakse graaf, mille tippudeks saavad tegevused ning kaarteks tippude vahel käitumisseosed nende vahel. Analoogselt koostatakse graaf iga logis esinenud olemi kohta. Kasutaja poolt sisestatud olemite ja artefaktide tüüpide vahelise seoste abil leitakse iga vastava olemi ja artefakti isendi tegevuste ja sündmuste vahelised seosed. Seoste leidmine taandub kahe graafi vaheliste tippude kujutuse leidmisele. Seoste leidmiseks esmalt arvutatakse sarnasused tegevuste nimede vahel ning selle põhjal leitakse kujutus, mis minimiseeriks teisenduskaugust graafide vahel antud kujutuse põhjal. Kujutuse leimiseks kasutatakse ahnet algoritmi. Praktilise eksperimendina testiti meetodit erinevate mudelite ja logide kombinatsioonidel. Tulemused näitavad, et meetod on võimeline seoseid leidma, kuid tulemuste kvaliteet sõltub palju tegevuste ja sündmuste nimede sarnasusest ja vähem struktuurilisest sarnasustest

Homophilic network decomposition: a community-centric analysis of online social services

In this paper we formulate the homophilic network decomposition problem: Is it possible to identify a network partition whose structure is able to characterize the degree of homophily of its nodes? The aim of our work is to understand the relations between the homophily of individuals and the topological features expressed by specific network substructures. We apply several community detection algorithms on three large-scale online social networks—Skype, LastFM and Google+—and advocate the need of identifying the right algorithm for each specific network in order to extract a homophilic network decomposition. Our results show clear relations between the topological features of communities and the degree of homophily of their nodes in three online social scenarios: product engagement in the Skype network, number of listened songs on LastFM and homogeneous level of education among users of Google+

Structure and dynamics of online service adoption spreading

peer-reviewed abstract submissionInternational audienceThe adoption of innovations, products and online services is commonly interpreted as a spreading process, which to a large extent is driven by social influence and mediated by the needs and capacities of individuals. Its modelling usually involves behavioural threshold mechanisms and predicts the evolution of explosive, system-wide adoption (known as a global cascade) if the system satisfies a set of theoretical conditions. However, these models fail to describe spreading in several real systems where, in spite of global adoption, the spreading does not follow a rapid cascading pattern, although threshold mechanisms play a role in their dynamics. In this work we propose a solution to this paradox through the analysis and modelling of online adoption in the world's largest voice over internet service, the social network of Skype. We provide empirical evidence about the distribution of behavioural thresholds and other structural and dynamical properties of this worldwide adoption process. Incorporating the observed features into a dynamical threshold model we show that the spread of online services is constrained by the fraction of non-adopters in the network. Such users who are not susceptible to product adoption can be considered as blocked nodes hindering the system into a quenched state where the evolution and structure of the global adoption cluster is very similar to the empirical observations. Model calculations and the analysis of the real social contagion process suggest that the structure of the adoption clusters differs radically from the case of rapid global cascading, since first-order triggering effects appear to be important only locally, while second-order and external effects are responsible for the emergence of global social adoption

Combining propensity and influence models for product adoption prediction

This paper studies the problem of selecting users in an online social network for targeted advertising so as to maximize the adoption of a given product. In previous work, two families of models have been considered to address this problem: direct targeting and network-based targeting. The former approach targets users with the highest propensity to adopt the product, while the latter approach targets users with the highest influence potential – that is users whose adoption is most likely to be followed by subsequent adoptions by peers. This paper proposes a hybrid approach that combines a notion of propensity and a notion of influence into a single utility function. We show that targeting a fixed number of high-utility users results in more adoptions than targeting either highly influential users or users with high propensity

Structure and dynamics of online service adoption spreading

peer-reviewed abstract submissionInternational audienceThe adoption of innovations, products and online services is commonly interpreted as a spreading process, which to a large extent is driven by social influence and mediated by the needs and capacities of individuals. Its modelling usually involves behavioural threshold mechanisms and predicts the evolution of explosive, system-wide adoption (known as a global cascade) if the system satisfies a set of theoretical conditions. However, these models fail to describe spreading in several real systems where, in spite of global adoption, the spreading does not follow a rapid cascading pattern, although threshold mechanisms play a role in their dynamics. In this work we propose a solution to this paradox through the analysis and modelling of online adoption in the world's largest voice over internet service, the social network of Skype. We provide empirical evidence about the distribution of behavioural thresholds and other structural and dynamical properties of this worldwide adoption process. Incorporating the observed features into a dynamical threshold model we show that the spread of online services is constrained by the fraction of non-adopters in the network. Such users who are not susceptible to product adoption can be considered as blocked nodes hindering the system into a quenched state where the evolution and structure of the global adoption cluster is very similar to the empirical observations. Model calculations and the analysis of the real social contagion process suggest that the structure of the adoption clusters differs radically from the case of rapid global cascading, since first-order triggering effects appear to be important only locally, while second-order and external effects are responsible for the emergence of global social adoption

Structure and Evolution of Package Dependency Networks

Software developers often include available open-source software packages into their projects to minimize redundant effort. However, adding a package to a project can also introduce risks, which can propagate through multiple levels of dependencies. Currently, not much is known about the structure of open-source package ecosystems of popular programming languages and the extent to which transitive bug propagation is possible. This paper analyzes the dependency network structure and evolution of the JavaScript, Ruby, and Rust ecosystems. The reported results reveal significant differences across language ecosystems. The results indicate that the number of transitive dependencies for JavaScript has grown 60% over the last year, suggesting that developers should look more carefully into their dependencies to understand what exactly is included. The study also reveals that vulnerability to a removal of the most popular package is increasing, yet most other packages have a decreasing impact on vulnerability. The findings of this study can inform the development of dependency management tools.Accepted author manuscriptSoftware Engineerin

Structure and dynamics of online service adoption spreading

peer-reviewed abstract submissionInternational audienceThe adoption of innovations, products and online services is commonly interpreted as a spreading process, which to a large extent is driven by social influence and mediated by the needs and capacities of individuals. Its modelling usually involves behavioural threshold mechanisms and predicts the evolution of explosive, system-wide adoption (known as a global cascade) if the system satisfies a set of theoretical conditions. However, these models fail to describe spreading in several real systems where, in spite of global adoption, the spreading does not follow a rapid cascading pattern, although threshold mechanisms play a role in their dynamics. In this work we propose a solution to this paradox through the analysis and modelling of online adoption in the world's largest voice over internet service, the social network of Skype. We provide empirical evidence about the distribution of behavioural thresholds and other structural and dynamical properties of this worldwide adoption process. Incorporating the observed features into a dynamical threshold model we show that the spread of online services is constrained by the fraction of non-adopters in the network. Such users who are not susceptible to product adoption can be considered as blocked nodes hindering the system into a quenched state where the evolution and structure of the global adoption cluster is very similar to the empirical observations. Model calculations and the analysis of the real social contagion process suggest that the structure of the adoption clusters differs radically from the case of rapid global cascading, since first-order triggering effects appear to be important only locally, while second-order and external effects are responsible for the emergence of global social adoption

Structure and Evolution of Package Dependency Networks

Software developers often include available open-source software packages into their projects to minimize redundant effort. However, adding a package to a project can also introduce risks, which can propagate through multiple levels of dependencies. Currently, not much is known about the structure of open-source package ecosystems of popular programming languages and the extent to which transitive bug propagation is possible. This paper analyzes the dependency network structure and evolution of the JavaScript, Ruby, and Rust ecosystems. The reported results reveal significant differences across language ecosystems. The results indicate that the number of transitive dependencies for JavaScript has grown 60% over the last year, suggesting that developers should look more carefully into their dependencies to understand what exactly is included. The study also reveals that vulnerability to a removal of the most popular package is increasing, yet most other packages have a decreasing impact on vulnerability. The findings of this study can inform the development of dependency management tools