Software code review is an inspection of a change by independent third-party developer in order to identify and fix defects before integration. Effectively performing can improve the overall software quality. In recent years, Modern Code Review (MCR), lightweight tool-based inspection, has been widely adopted both proprietary open-source systems. Finding appropriate code-reviewers MCR necessary step reviewing change. However, little research known difficulty finding distributed development...

Code review is of primary importance in modern software development. It widely recognized that peer an efficient and effective practice for improving quality reducing defect proneness. For successful process, reviewers should have a deep experience knowledge with the code being reviewed, familiar to work collaborate together. However, one main challenging tasks find most appropriate submitted changes. So far, assignment still manual, costly time-consuming task. In this paper, we introduce...

Links are an essential feature of the World Wide Web, and source code repositories no exception. However, despite their many undisputed benefits, links can suffer from decay, insufficient versioning, lack bidirectional traceability. In this paper, we investigate role contained in comments these perspectives. We conducted a large-scale study around 9.6 million to establish prevalence, used mixed-methods approach identify links' targets, purposes, evolutionary aspects. found that prevalent...

Although peer code review is widely adopted in both commercial and open source development, existing studies suggest that such reviews often contain a significant amount of non-useful comments. Unfortunately, to date, no tools or techniques exist can provide automatic support improving those In this paper, we first report comparative study between useful comments where contrast them using their textual characteristics, reviewers' experience. Then, based on the findings from study, develop...

Service-Oriented Architecture (SOA) is an emerging paradigm that has radically changed the way software applications are architected, designed and implemented. SOA allows developers to structure their systems as a set of ready-made, reusable compostable services. The leading technology used today for implementing Web Services. Indeed, like all software, services prone change constantly add new user requirements or adapt environment changes. Poorly planned changes may risk introducing...

Abstract Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that are slow respond threat vulnerability, sometimes taking four eleven months act. To ensure quick adoption and propagation release contains fix ( fixing ), we conduct empirical investigation identify lags may occur between vulnerable its package-side )....

Effectively performing code review increases the quality of software and reduces occurrence defects. However, this requires reviewers with experiences deep understandings system code. Manual selection such can be a costly time-consuming task. To reduce cost, we propose reviewer recommendation algorithm determining file path similarity called FPS algorithm. Using three OSS projects as case studies, was accurate up to 77.97%, which significantly outperformed previous approach.

In this paper, we present a collection of Modern Code Review data for five open source projects. The showcases mined from both an integrated peer review system and code repositories. We easy-to-use richer structure to retrieve the (a) People, (b) Process, (c) Product aspects review. This paper presents extraction methodology, dataset structure, database dumps.

It has become common practice for software projects to adopt third-party libraries, allowing developers full access functions that otherwise will take time and effort create them-selves. Regardless of migration involved, are encouraged maintain their library dependencies by updating any outdated dependency, so as remain safe from potential threats such vulnerabilities. Through a manual inspection total 60 client three cases high severity vulnerabilities, we investigate whether or not clients...

We present four datasets that are focused on the general roles of OSS peer review members. With data mined from both an integrated system and code source repositories, our rich comprise was automatically recorded. Using Android project as a case study, we describe extraction methodology, their application used for three separate studies. Our available online at http://sdlab.naist.jp/reviewmining/.

System maintainers face several challenges stemming from a system and its library dependencies evolving separately. Novice may lack the historical knowledge required to efficiently manage an inherited system. While some libraries are regularly updated, systems keep dependency on older versions. On other hand, be unaware that have settled different version of library. In this paper, we visualize how relation between evolves two perspectives. Our system-centric plots (SDP) successive versions...

With the popularity of open source library (re)use in both industrial and settings, `trust' plays vital role third-party adoption. Trust involves assumption functional non-functional correctness. Even with aid dependency management build tools such as Maven Gradle, research have still found a latency to trust latest release library. In this paper, we investigate OSS libraries. Our study 6,374 systems Super Repository suggests that 82% are more trusting adopting existing systems. We uncover...

Abstract Discussions is a new feature of GitHub for asking questions or discussing topics outside specific Issues Pull Requests. Before being available to all projects in December 2020, it had been tested on selected open source software projects. To understand how developers use this novel feature, they perceive it, and impacts the development processes, we conducted mixed-methods study based early adopters discussions from January until July 2020. We found that: (1) errors, unexpected...

Modern code review (MCR) is now broadly adopted as an established and effective software quality assurance practice, with increasing number of open-source well commercial projects identifying a crucial practice. During the MCR process, developers review, provide constructive feedback, and/or critique each others' patches before change merged into codebase. Nevertheless, basically human task that involves technical, personal social aspects. Existing literature hint existence poor reviewing...

Papua New Guinea (PNG) is an emerging tech society with opportunity to overcome geographic and social boundaries, in order engage the global market. However, current landscape, dominated by Big Tech Silicon Valley other multinational companies Global North, tends overlook requirements of economies such as PNG. This becoming more obvious issues algorithmic bias (in product deployments) digital divide (as case non-affordable commercial software) are affecting PNG users. The Open Source...

The increasing complexity of software dependencies has led to the emergence automated dependency management tools, such as Dependabot. However, these tools often overwhelm developers with a high volume alerts and notifications, leading alert fatigue. This paper presents position on using Artificial Intelligence (AI) agents negotiators reduce We then examine specific use cases where AI can facilitate negotiations, when working external or managing complex, multi-component systems. Our...

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust security policies enhance project security. Current research reveals that many perform poorly on OpenSSF criteria, indicating a need for stronger practices and underscoring value SECURITY.md files structured vulnerability reporting. This study aims provide...