Congratulations, Dr. Meneely!
Congratulations to our own Andy Meneely, who has passed his final PhD defense!
Title: “Investigating the Relationship between Developer Collaboration and Software Security”
Date: April 18, 2011
Time: 9:30 am
Place: EBII, Room 3211
Dr. Laurie Williams (advisor)
Dr. Tao Xie
Dr. Annie I. Anton
Dr. Jason Osborne
With each new developer to a software development team comes a greater challenge to manage the communication, coordination, and knowledge transfer amongst teammates. Lack of team cohesion, miscommunications, and misguided effort can lead to all kinds of problems, including security vulnerabilities and other quality concerns. In large software development projects, no single person can possibly know every aspect of the system, so the team members must be organized into various structures of communication and coordination. An understanding of developer collaboration from the perspective of the entire team could help the improvement of structuring development efforts.
This dissertation is comprised of three research projects surrounding what we call developer activity metrics. Mostly based on social network analysis, developer activity metrics are designed to quantify how groups of software developers are working with each other. Developer activity data originate from software development artifacts such as version control change logs and issue tracking systems. The developer activity data is transformed into a developer network designed to represent the socio-technical organization of labor in a team, specifically “who is working with whom” within the scope of a given development project. In the first study, we examine Linus’ Law in three open source products by analyzing statistical correlations between developer activity metrics and post-release security vulnerabilities at the source code file level. In the second project, we surveyed developers from the same three open source projects and found that developers’ perceptions of collaboration and expertise corroborate evidence of collaboration and expertise in developer activity metrics. Lastly, we gathered the results from the related work both inside software engineering and in the field of socio-technical research in general. We synthesized our results into a single paradigm with conjectures for future socio-technical research in software engineering.