More Web Proxy on the site http://driver.im/

research-article

Using social network analysis for mining collaboration data in a defect tracking system for risk and vulnerability analysis

Authors:

Ayushi RastogiAuthors Info & Claims

ISEC '11: Proceedings of the 4th India Software Engineering Conference

Pages 195 - 204

https://doi.org/10.1145/1953355.1953381

Published: 24 February 2011 Publication History

Abstract

Open source software projects are characterized as self organizing and dynamic in which volunteers around the world primarily driven by self-motivation (and not necessarily monetary compensation) contribute and collaborate to a software product. In contrast to close source or proprietary software, the organizational structure and task allocation in an open source project setting is unstructured. Software project managers perform risk, threat and vulnerability analysis to gain insights into the organizational structure for de-risking or risk mitigation. For example, it is important for a project manager to have an understanding of critical employees, core team, subject matter experts, sub-groups, leaders and communication bridges.

Software repositories such as defect tracking systems, versioning systems and mailing lists contains a wealth of valuable information that can be mined for solving practically useful software engineering tasks. In this paper, we present a systematic approach to mine defect tracking system for risk, threat and vulnerability analysis in a software project. We derive a collaboration network from a defect tracking system and apply social network analysis techniques to investigate the derived network for the purpose of risk and vulnerability analysis. We perform empirical analysis on bug report data of Mozilla Firefox project and present the results of our analysis. We demonstrate how important information pertaining to risk and vulnerability can be uncovered using network analysis techniques from static record keeping software archive such as the bug tracking system.

References

[1]

Christian Bird, Alex Gourley, Prem Devanbu, Michael Gertz, and Anand Swaminathan. Mining email social networks in postgres. In MSR '06: Proceedings of the 2006 international workshop on Mining software repositories, pages 185--186, New York, NY, USA, 2006. ACM.

Digital Library

[2]

Christian Bird, David Pattison, Raissa D'Souza, Vladimir Filkov, and Premkumar Devanbu. Latent social structure in open source projects. In SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, pages 24--35, New York, NY, USA, 2008. ACM.

Digital Library

[3]

Kathleen Carley, Jeffrey Reminga, Jon Storrick, and Dave Columbus. Ora: Organization risk analyzer, user's guide, technical report, cmu-isr-10-120. Technical report, Carnegie Mellon University, School of Computer Science, Institute for Software Research, 2010.

[4]

Kevin Crowston and James Howison. Assessing the health of open source communities. Computer, 39(5):89--91, 2006.

Digital Library

[5]

Kevin Crowston, Kangning Wei, Qing Li, and James Howison. Core and periphery in free/libre and open source software team communications. In HICSS '06: Proceedings of the 39th Annual Hawaii International Conference on System Sciences, page 118.1, Washington, DC, USA, 2006. IEEE Computer Society.

Digital Library

[6]

Wouter de Nooy, Andrej Mrvar, and Vladimir Batagelj. Exploratory Social Network Analysis with Pajek (Structural Analysis in the Social Sciences). Cambridge University Press, 2005.

Digital Library

[7]

Cleidson de Souza, Jon Froehlich, and Paul Dourish. Seeking the source: software source code as a social and technical artifact. In GROUP '05: Proceedings of the 2005 international ACM SIGGROUP conference on Supporting group work, pages 197--206, New York, NY, USA, 2005. ACM.

Digital Library

[8]

Nicolas Ducheneaut. Socialization in an open source software community: A socio-technical analysis. Comput. Supported Coop. Work, 14(4):323--368, 2005.

Digital Library

[9]

Ahmed E. Hassan and Tao Xie. Mining software engineering data. In Proceedings of the 32nd International Conference on Software Engineering (ICSE 2010), Companion Volume, Tutorial, Cape Town, South Africa, May 2010.

Digital Library

[10]

J. Howison, Keisuke Inoue, and Kevin Crowston. Social dynamics of free and open source team communications, volume 203/2006 of IFIP International Federation for Information Processing, pages 319--330. Springer, Boston, USA, June 2006.

[11]

Shih-Kun Huang and Kang-min Liu. Mining version histories to verify the learning process of legitimate peripheral participants. In MSR '05: Proceedings of the 2005 international workshop on Mining software repositories, pages 1--5, New York, NY, USA, 2005. ACM.

Digital Library

[12]

Huzefa Kagdi, Michael L. Collard, and Jonathan I. Maletic. A survey and taxonomy of approaches for mining software repositories in the context of software evolution. volume 19, pages 77--131, New York, NY, USA, 2007. John Wiley & Sons, Inc.

Digital Library

[13]

Luis, González Barahona, and Gregorio Robles. Applying social network analysis to the information in cvs repositories. In Proceedings of the Mining Software Repositories Workshop. 26th International Conference on Software Engineering, 2004.

[14]

Freeh V. Tynan R. Madey, G. The open source software development phenomenon: An analysis based on social network theory. In Americas Conference on Information Systems (AMCIS), pages 1806--1813, Dallas, TX, USA, 2002.

[15]

Juan Martinez-Romo, Gregorio Robles, Jesús M. González-Barahona, and Miguel Ortuño-Perez. Using social network analysis techniques to study collaboration between a floss community and a company. In Barbara Russo, Ernesto Damiani, Scott A. Hissam, Björn Lundell, and Giancarlo Succi, editors, OSS, volume 275 of IFIP, pages 171--186. Springer, 2008.

[16]

Andrew Meneely, Mackenzie Corcoran, and Laurie Williams. Improving developer activity metrics with issue tracking annotations. In WETSoM '10: Proceedings of the 2010 ICSE Workshop on Emerging Trends in Software Metrics, pages 75--80, New York, NY, USA, 2010. ACM.

Digital Library

[17]

Andrew Meneely, Laurie Williams, Will Snipes, and Jason Osborne. Predicting failures with developer networks and social network analysis. In SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, pages 13--23, New York, NY, USA, 2008. ACM.

Digital Library

[18]

Audris Mockus, Roy T. Fielding, and James D. Herbsleb. Two case studies of open source software development: Apache and mozilla. ACM Trans. Softw. Eng. Methodol., 11(3):309--346, 2002.

Digital Library

[19]

Masao Ohira, Naoki Ohsugi, Tetsuya Ohoka, and Ken-ichi Matsumoto. Accelerating cross-project knowledge collaboration using collaborative filtering and social networks. SIGSOFT Softw. Eng. Notes, 30(4):1--5, 2005.

Digital Library

[20]

Martin Pinzger, Nachiappan Nagappan, and Brendan Murphy. Can developer-module networks predict failures? In SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, pages 2--12, New York, NY, USA, 2008. ACM.

Digital Library

[21]

Anita Sarma, Larry Maccherone, Patrick Wagstrom, and James Herbsleb. Tesseract: Interactive visual exploration of socio-technical relationships in software development. In ICSE '09: Proceedings of the 31st International Conference on Software Engineering, pages 23--33, Washington, DC, USA, 2009. IEEE Computer Society.

Digital Library

[22]

J. Scott. Social network analysis: A handbook. Sage, 2000.

[23]

Athanasis Karoulis Ioannis Stamelos Sowe, Sulayman K. and G. L. Bleris. Free/open source software learning community and web-based technologies. IEEE Learning Technology Newsletter, 6(1):26--29, 2004.

[24]

Giuseppe Valetto, Mary Helander, Kate Ehrlich, Sunita Chulani, Mark Wegman, and Clay Williams. Using software repositories to investigate socio-technical congruence in development projects. In MSR '07: Proceedings of the Fourth International Workshop on Mining Software Repositories, page 25, Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

[25]

Andrea Wiggins, James Howison, and Kevin Crowston. Social dynamics of floss team communication across channels. In Fourth International Conference on Open Source Software, volume 275/2008, pages 131--142, Milant, Italy, 07/2008 2008. Springer Boston.

[26]

Timo Wolf, Adrian Schröter, Daniela Damian, Lucas D. Panjer, and Thanh H. D. Nguyen. Mining task-based social networks to explore collaboration in software teams. IEEE Softw., 26(1):58--66, 2009.

Digital Library

[27]

J. Xu, S. Christley, and G. Madey. Application of Social Network Analysis to the Study of Open Source Software, pages 247--269. Elsevier, 2006.

Cited By

Schreiber R(2024)Organizational Influence on Security Development in Open-Source Software ProjectsInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.35665915:1(1-20)Online publication date: 15-Oct-2024
https://doi.org/10.4018/IJSSSP.356659
Bock TAlznauer NJoblin MApel S(2023)Automatic Core-Developer Identification on GitHub: A Validation StudyACM Transactions on Software Engineering and Methodology10.1145/359380332:6(1-29)Online publication date: 30-Sep-2023
https://dl.acm.org/doi/10.1145/3593803
Bunmapob PLimpiyakorn Y(2022)Exploring Defect Data with Network Visualization2022 IEEE 2nd International Conference on Software Engineering and Artificial Intelligence (SEAI)10.1109/SEAI55746.2022.9832052(204-208)Online publication date: 10-Jun-2022
https://doi.org/10.1109/SEAI55746.2022.9832052
Show More Cited By

Index Terms

Using social network analysis for mining collaboration data in a defect tracking system for risk and vulnerability analysis

Recommendations

Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques: A Survey

Software security vulnerabilities are one of the critical issues in the realm of computer security. Due to their potential high severity impacts, many different approaches have been proposed in the past decades to mitigate the damages of software ...
Research on Network Risk Situation Assessment Based on Threat Analysis
ISISE '08: Proceedings of the 2008 International Symposium on Information Science and Engieering - Volume 02

A risk situation evaluation model for network security is proposed based on analyzing security threat status. This method first perceived and identified the characteristics of critical risk factors, such as asset, vulnerability and threat, from multi-...
Mining Vulnerability and Code Repositories to Study Software Security
LADC '24: Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing
Software vulnerabilities are present in most software applications. However, vulnerability detection techniques usually suffer from the same issues: reporting items that are not actual vulnerabilities or not detecting all vulnerabilities. There are ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ISEC '11: Proceedings of the 4th India Software Engineering Conference

February 2011

229 pages

ISBN:9781450305594

DOI:10.1145/1953355

General Chairs:
Arun Bahulkar
Tata Consultancy Services, India
,
K. Kesavasamy
Tata Consultancy Services, India
,
Program Chairs:
T. V. Prabhakar
Indian Institute of Technology Kanpur, India
,
Gautam Shroff
Tata Consultancy Services, India

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Computer Society of India: Computer Society of India

In-Cooperation

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 February 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISEC '11

Sponsor:

Computer Society of India

ISEC '11: Indian Software Engineering Conference

February 24 - 27, 2011

Kerala, Thiruvananthapuram, India

Acceptance Rates

Overall Acceptance Rate 76 of 315 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
941
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Schreiber R(2024)Organizational Influence on Security Development in Open-Source Software ProjectsInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.35665915:1(1-20)Online publication date: 15-Oct-2024
https://doi.org/10.4018/IJSSSP.356659
Bock TAlznauer NJoblin MApel S(2023)Automatic Core-Developer Identification on GitHub: A Validation StudyACM Transactions on Software Engineering and Methodology10.1145/359380332:6(1-29)Online publication date: 30-Sep-2023
https://dl.acm.org/doi/10.1145/3593803
Bunmapob PLimpiyakorn Y(2022)Exploring Defect Data with Network Visualization2022 IEEE 2nd International Conference on Software Engineering and Artificial Intelligence (SEAI)10.1109/SEAI55746.2022.9832052(204-208)Online publication date: 10-Jun-2022
https://doi.org/10.1109/SEAI55746.2022.9832052
Sharma PSavarimuthu TStanger N(2021)Influence of Roles in Decision-Making during OSS Development — A Study of PythonProceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering10.1145/3463274.3463326(50-59)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3463274.3463326
Wang SNagappan N(2021)Characterizing and Understanding Software Developer Networks in Security Development2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE52982.2021.00061(534-545)Online publication date: Oct-2021
https://doi.org/10.1109/ISSRE52982.2021.00061
Abdelrahman Aljemabi MWang ZSaleh M(2021)Mining social collaboration patterns in developer social networksIET Software10.1049/iet-sen.2019.0316Online publication date: 13-Jan-2021
https://doi.org/10.1049/iet-sen.2019.0316
Gote CScholtes ISchweitzer F(2021)Analysing Time-Stamped Co-Editing Networks in Software Development Teams using git2netEmpirical Software Engineering10.1007/s10664-020-09928-226:4Online publication date: 26-May-2021
https://doi.org/10.1007/s10664-020-09928-2
Schreiber RZylka M(2020)Social Network Analysis in Software Development Projects: A Systematic Literature ReviewInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819402050014X30:03(321-362)Online publication date: 28-Apr-2020
https://doi.org/10.1142/S021819402050014X
Gote CScholtes ISchweitzer FStorey MAdams BHaiduc S(2019)git2netProceedings of the 16th International Conference on Mining Software Repositories10.1109/MSR.2019.00070(433-444)Online publication date: 26-May-2019
https://dl.acm.org/doi/10.1109/MSR.2019.00070
Aljemabi MWang Z(2018)Empirical Study on the Evolution of Developer Social NetworksIEEE Access10.1109/ACCESS.2018.28684276(51049-51060)Online publication date: 2018
https://doi.org/10.1109/ACCESS.2018.2868427
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents