[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2597073.2597117acmconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
Article

Security and emotion: sentiment analysis of security discussions on GitHub

Published: 31 May 2014 Publication History

Abstract

Application security is becoming increasingly prevalent during software and especially web application development. Consequently, countermeasures are continuously being discussed and built into applications, with the goal of reducing the risk that unauthorized code will be able to access, steal, modify, or delete sensitive data. In this paper we gauged the presence and atmosphere surrounding security-related discussions on GitHub, as mined from discussions around commits and pull requests. First, we found that security related discussions account for approximately 10% of all discussions on GitHub. Second, we found that more negative emotions are expressed in security-related discussions than in other discussions. These findings confirm the importance of properly training developers to address security concerns in their applications as well as the need to test applications thoroughly for security vulnerabilities in order to reduce frustration and improve overall project atmosphere.

References

[1]
C. Clifton, R. Cooley, J. Rennie, TopCat: data mining for topic identification in a text corpus, Knowledge and Data Engineering, IEEE Transactions on, vol.16, no.8, pp.949-964, Aug. 2004
[2]
G. Gousios, The GHTorrent dataset and tool suite, In MSR, pp.233-236, IEEE, 2013
[3]
G. Gousios, B. Vasilescu, A. Serebrenik, A. Zaidman, Lean GHTorrent: GitHub data on demand, In 11th MSR, IEEE, 2014
[4]
M. Howard, S. Lipner, The Security Development Lifecycle, Microsoft Press, May 2006
[5]
R. Kissel, Glossary of Key Information Security Terms, NIST Interagency/Internal Report (NISTIR) - 7298rev2, 5 Jun. 2013
[6]
List of 20+ Sentiment Analysis APIs, http://blog.mashape.com/post/48757031167/ list-of-20-sentiment-analysis-apis, Accessed on February 4, 2014
[7]
D. Mitropoulos, G. Gousios, D. Spinellis, Measuring the Occurrence of Security-Related Bugs through Software Evolution, Informatics (PCI), 2012 16th Panhellenic Conference on, pp. 117-122, 5-7 Oct. 2012
[8]
Python NLTK Demos and Natural Language Text Processing APIs, http://text-processing.com/, Accessed on February 4, 2014
[9]
Security within a development lifecycle, http://www.blackhat.com/presentations/bh-europe-04/ bh-eu-04-elio.pdf, Accessed on February 4, 2014
[10]
S. Sista, R. Schwartz, T. R. Leek, J. Makhoul, An algorithm for unsupervised topic discovery from broadcast news stories, In HLT ’02. Morgan Kaufmann Publishers Inc., pp. 110-114, 2002
[11]
B. Vasilescu, V. Filkov, A. Serebrenik, StackOverflow and GitHub: associations between software development and crowdsourced knowledge, In 2013 ASE/IEEE International Conference on Social Computing, pp.188-195, 2013.
[12]
B. Vasilescu, A. Serebrenik, M. G. J. van den Brand, The Babel of software development: Linguistic diversity in Open Source, In SocInfo (LNCS 8238), pp.391-404, Springer, 2013
[13]
C. Wartena, R. Brussee, Topic Detection by Clustering Keywords, Database and Expert Systems Application, 2008. DEXA ’08. 19th International Workshop on, pp.54-58, 1-5 Sept. 2008

Cited By

View all
  • (2024)PatUntrack: Automated Generating Patch Examples for Issue Reports without Tracked Insecure CodeProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3694982(1-13)Online publication date: 27-Oct-2024
  • (2024)An Exploratory Mixed-methods Study on General Data Protection Regulation (GDPR) Compliance in Open-Source SoftwareProceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3674805.3686692(325-336)Online publication date: 24-Oct-2024
  • (2024)Automatic Data Labeling for Software Vulnerability Prediction Models: How Far Are We?Proceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3674805.3686675(131-142)Online publication date: 24-Oct-2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
MSR 2014: Proceedings of the 11th Working Conference on Mining Software Repositories
May 2014
427 pages
ISBN:9781450328630
DOI:10.1145/2597073
  • General Chair:
  • Premkumar Devanbu,
  • Program Chairs:
  • Sung Kim,
  • Martin Pinzger
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

  • TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 May 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. GitHub
  2. Security
  3. mining challenge
  4. sentiment analysis

Qualifiers

  • Article

Conference

ICSE '14
Sponsor:

Upcoming Conference

ICSE 2025

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)95
  • Downloads (Last 6 weeks)11
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)PatUntrack: Automated Generating Patch Examples for Issue Reports without Tracked Insecure CodeProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3694982(1-13)Online publication date: 27-Oct-2024
  • (2024)An Exploratory Mixed-methods Study on General Data Protection Regulation (GDPR) Compliance in Open-Source SoftwareProceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3674805.3686692(325-336)Online publication date: 24-Oct-2024
  • (2024)Automatic Data Labeling for Software Vulnerability Prediction Models: How Far Are We?Proceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3674805.3686675(131-142)Online publication date: 24-Oct-2024
  • (2024)Can GPT-4 Replicate Empirical Software Engineering Research?Proceedings of the ACM on Software Engineering10.1145/36607671:FSE(1330-1353)Online publication date: 12-Jul-2024
  • (2024)What Do Developers Feel About Fast-Growing Programming Languages? An Exploratory StudyProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644422(178-189)Online publication date: 15-Apr-2024
  • (2024)Sentiment of Technical Debt Security Questions on Stack Overflow: A Replication Study2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00089(821-829)Online publication date: 12-Mar-2024
  • (2024)Comparative Study of Reinforcement Learning in GitHub Pull Request Outcome Predictions2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00057(489-500)Online publication date: 12-Mar-2024
  • (2024)What are the emotions of developers towards deep learning documentation? - An exploratory study on Stack Overflow postsInformation and Software Technology10.1016/j.infsof.2024.107655(107655)Online publication date: Dec-2024
  • (2024)An exploratory study of software artifacts on GitHub from the lens of documentationInformation and Software Technology10.1016/j.infsof.2024.107425(107425)Online publication date: Feb-2024
  • (2024)Analyzing the Correlation Between Toxic Comments and Code QualityJournal of Software: Evolution and Process10.1002/smr.2739Online publication date: 12-Nov-2024
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media