A Large-scale Study of Security Vulnerability Support on Developer Q&amp;A Websites

Le, Triet Huynh Minh; Croft, Roland; Hin, David; Babar, Muhammad Ali

doi:10.1145/3463274.3463331

Cited by 12 publications

(7 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Minh Le et al [14] analyse developers' Security Vulnerabilities (SVs) discussions on two major Q&A websites, SO and Security StackExchange (SSE). Using topic modeling, they examined 71,329 SV posts to identify 13 main discussion topics.…”

Section: Mining Software Issues Across Qanda Repositoriesmentioning

confidence: 99%

“…Method: Drawing from the work of [40,41,14], we utilized average values of (P1) views, (P2) score, (P3) favorite count, and (P4) comments to gauge the popularity of developers' topics. Concurrently, we computed three metrics-(D1) percentage of accepted answers, (D2) median duration (minutes) to receive an accepted answer since creation, and (D3) average percentage of answers to views-to assess topic difficulty.…”

Section: Research Questionsmentioning

confidence: 99%

“…Latent Dirichlet Allocation (LDA) [20] is among the most popular unsupervised topic modeling algorithms frequently employed to extract topics from text corpus [36]. It has been used in different other domains [45,46], such as continuous software engineering [12], Docker development [13], requirements engineering [47], and security vulnerability [14]. Following the work of Mansooreh et al [12], we define a question's title, body, and corresponding answers as one input document for the LDA model and output the number of frequently occurring topics identified in the text corpus.…”

Section: Topic Modellingmentioning

confidence: 99%

“…Recently, researchers have used supervised (deep & machine learning) and unsupervised learning (topic Modelling) techniques to analyze a wide range of software development-related issues encountered by developers on Q&A websites [11]. These studies have proposed automated methods to extract developers' discussion posts on various topics, such as challenges in continuous software engineering [12], identifying challenges in Docker development [13], security vulnerability [14], software bug detection [15], developers' communications and their implications [16], non-functional requirements [17], design patterns [18], and software maintenance and evolution [19]. Nonetheless, we have not found any research that specifically investigates developers' discussions on Q&A platforms with a focus on software development approaches.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Software development process evolution and paradigm shift - a case study of Malaysian companies

Khan

Akbar

2022

murjet

View full text Add to dashboard Cite

Due to the consequences of global software development (GSD), the traditional approaches of software development evolved into lightweight agile methods. The agile methods got overwhelming response from software development companies due to their obvious support to GSD. In this regard, limited research work has been presented on software process evolution and process paradigm shift in context of GSD. Most of the work presented on GSD mainly focus on the companies in Europe, America, Australia and other western countries. Existing research work highlight the standard benefits and challenges of GSD but do not investigate its effect on software development processes and associated reasons causing the affect particularly in Malaysian software development companies. The research work presented in this paper addresses this issue and investigates the effects of GSD on software processes, software process evolution and paradigm shift and finds the current software processes being used in Malaysian companies. Also, it further determines the GSD factors and reasons behind the change and selection of a software development process. GSD factors affecting the software processes have been termed as challenges. Structured interviews have been conducted to collect qualitative data from industry professionals involved in GSD. General inductive approach has been used for qualitative data analysis and findings. The results show that after GSD, Malaysian companies are mostly following agile methods. The traditional and ad-hoc approaches used before GSD have been replaced by the lightweight agile methodologies. Few of the companies are still following ad-hoc approaches mainly due to size of the project and company as most of the Malaysian companies are small and medium size. The research is significant that it provides clear insight into software process paradigm in Malaysian companies. The outcome of the research provides foundations for the standardization of software processes, process improvement, selection and quality enhancement approaches in Malaysian companies.

show abstract

Section: Mining Software Issues Across Qanda Repositoriesmentioning

confidence: 99%

Section: Research Questionsmentioning

confidence: 99%

Section: Topic Modellingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Software development process evolution and paradigm shift - a case study of Malaysian companies

Khan

Akbar

2022

murjet

View full text Add to dashboard Cite

show abstract

“…Whilst some of our topics overlap with the existing security-related LDA research (Yang et al 2016;Zahedi et al 2018;Le et al 2020a), our overall taxonomy differs substantially as we avoid technology specific topics and ensure generalizability for comparison. Furthermore, due to the consideration of programming language our analyzed posts differ substantially.…”

Section: Topic Modelling Of Software Engineeringmentioning

confidence: 99%

An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages

Croft¹,

Xie²,

Zahedi³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration of security in the choice of a programming language may lead to potential ramifications for secure development. Whilst theoretical analysis of the supposed security properties of different programming languages has been conducted, there has been relatively little effort to empirically explore the actual security challenges experienced by developers. We have performed a large-scale study of the security challenges of 15 programming languages by quantitatively and qualitatively analysing the developers' discussions from Stack Overflow and GitHub. By leveraging topic modelling, we have derived a taxonomy of 18 major security challenges for 6 topic categories. We have also conducted comparative analysis to understand how the identified challenges vary regarding the different programming languages and data sources. Our findings suggest that the challenges and their characteristics differ substantially for different programming languages and data sources, i.e., Stack Overflow and GitHub. The findings provide evidence-based insights and understanding of security challenges related to different programming languages to software professionals (i.e., practitioners or researchers). The reported taxonomy of security challenges can assist both practitioners and researchers in better understanding and traversing the secure development landscape. This study highlights the importance of the choice of technology, e.g., programming language, in secure software engineering. Hence, the findings are expected to motivate practitioners to consider the potential impact of the choice of programming languages on software security.

show abstract

An empirical study of developers’ discussions about security challenges of different programming languages

et al. 2021

View full text Add to dashboard Cite

A Large-scale Study of Security Vulnerability Support on Developer Q&A Websites

Cited by 12 publications

References 32 publications

Software development process evolution and paradigm shift - a case study of Malaysian companies

Software development process evolution and paradigm shift - a case study of Malaysian companies

An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages

An empirical study of developers’ discussions about security challenges of different programming languages

Contact Info

Product

Resources

About