Towards Better Understanding of Software Quality Evolution through Commit-Impact Analysis

Behnamghader, Pooyan; Alfayez, Reem; Srisopha, Kamonphop; Boehm, Barry

doi:10.1109/qrs.2017.36

Cited by 27 publications

(32 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The new dependency is available and the build configuration (eg, build.gradle ) is syntactically correct. However, the new revisions do not compile as the dependency is not backward compatible …”

Section: Squaad Toolsetmentioning

confidence: 99%

“…It enables analysis of the conflicts and synergies between different quality attributes and the difference between developers in terms of their impact on software quality. Our integrated tool‐based approach has been documented in multiple research publications empowering their empirical studies and is used by a major governmental entity.…”

Section: Squaad Toolsetmentioning

confidence: 99%

“…SQUAAD is designed to target a module, compile its distinct revisions, and run static/dynamic analysis on it. Before conducting a large‐scale analysis, SQUAAD runs a light‐weight mining task on the software's Git repository to determine which commit changes a module (impactful commits) and the evolutionary relationship between those commits . Then it automatically (1) distributes hundreds of revisions on multiple cloud instances, (2) compiles each revision using default and/or user defined configurations, (3) provisions the environment and runs static/dynamic programming analysis techniques on each revision, (4) collects the generated artifacts, (5) either parses them to extract quality attributes or compares them to each other to calculate the difference (eg, by architectural distance metrics), and (6) runs various statistical analysis on software quality evolution.…”

Section: Squaad Toolsetmentioning

confidence: 99%

“…For example, one of our recent maintainability trends analysis involves a total of 19,580 examined revisions from 38 Apache‐family systems across a timespan from January 2002 through March 2017, comprising 586 MSLOC. In this analysis, to obtain software quality, we used three widely used open‐source static analysis tools: FindBugs, PMD, and SonarQube.…”

Section: Squaad Toolsetmentioning

confidence: 99%

See 3 more Smart Citations

Anticipatory development processes for reducing total ownership costs and schedules

Boehm

Behnamghader

2019

Systems Engineering

Self Cite

View full text Add to dashboard Cite

Many systems and software processes overfocus on getting a project and product from an initial set of requirements to an Initial Operational Capability (IOC). Examples are most waterfall and V models. Projects following such processes may pass acceptance tests for functionality and performance, but may leave the product with serious maintainability shortfalls. Many agile processes focus on users' initial usage priorities, but often make development commitments for earlier needs that are incompatible with achieving later critical needs (eg, security, safety). Incremental development process models can do better, but often later increments may find that the earlier increments have not prepared them for ease of modification and repair. Besides increasing Total Ownership Costs (TOCs), long mean times to repair result in long downtimes, which can be critical to an organization's income and reputation. Furthermore, many of these shortfalls take the form of Technical Debt (TD), in that the later they are fixed, the more slow and expensive will be the fixes. This paper summarizes three process frameworks and tools providing more anticipatory ways to improve systems and software maintainability and life‐cycle cost‐effectiveness. The first framework is an Opportunity Tree for identifying and anticipating such ways. The second framework, Software Quality Understanding by Analysis of Abundant Data (SQUAAD), is a toolset for tracking a software project's incremental code commits, and analyzing and visualizing each commit's incremental and cumulative TD. The third framework is a Software/Systems Maintenance Readiness Framework (SMRF), that identifies needed maintenance readiness levels at development decision reviews, similar to the Technology Readiness Levels (TRLs) framework.

show abstract

Section: Squaad Toolsetmentioning

confidence: 99%

Section: Squaad Toolsetmentioning

confidence: 99%

Section: Squaad Toolsetmentioning

confidence: 99%

Section: Squaad Toolsetmentioning

confidence: 99%

See 2 more Smart Citations

Anticipatory development processes for reducing total ownership costs and schedules

Boehm

Behnamghader

2019

Systems Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…We may find for instance Behnamghader et al [9] that investigates the effect of commits in software quality evolution, or the Q-Rapids project [10] which proposes the elicitation of QRs from software and project repositories. The extension of these approaches to investigate relations among these QRs is a potential line of research.…”

Section: Key Questionsmentioning

confidence: 99%

Conflicts and Synergies among Quality Requirements

Boehm

Franch

2017

2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C)

Self Cite

View full text Add to dashboard Cite

Abstract-Analyses of the interactions among quality requirements (QRs) have often found that optimizing on one QR will cause serious problems with other QRs. As just one relevant example, one large project had an Integrated Product Team optimize the system for Security. In doing so, it reduced its vulnerability profile by having a single-agent key distribution system and a single copy of the data base -only to have the Reliability engineers point on that these were system-critical single points of failure. The project's Security-optimized architecture also created conflicts with the system's Performance, Usability, and Modifiability. Of course, optimizing the system for Security had synergies with Reliability in having high levels of Confidentiality, Integrity, and Availability. This panel aims at fostering discussion on these relationships among QRs and how the use of data repositories may help discovering them.

show abstract

Vulnerability diffusions in software product networks

Kang

Templeton

2023

J of Ops Management

View full text Add to dashboard Cite

During software product development, the combination of digital resources (such as application programming interfaces and software development kits) establishes loose and tight edges between nodes, which form a software product network (SPN). These edges serve as observable conduits that may help practitioners and researchers better understand how vulnerabilities diffuse through SPNs. We apply network theory to analyze data from over 12 years of records extracted from the National Vulnerability Database. We contribute novel measures established using machine learning to gauge the properties influencing vulnerability diffusion within an SPN. We observed an SPN having a discernable shape that changed over time via network updates. We propose hypotheses and find empirical evidence that vulnerability diffusion is influenced by edge dynamics, developer responses, and their interaction. Implications for practice are that increased developer responses reduce software vulnerability diffusion attributed to edge dynamics.

show abstract

Towards Better Understanding of Software Quality Evolution through Commit-Impact Analysis

Cited by 27 publications

References 15 publications

Anticipatory development processes for reducing total ownership costs and schedules

Anticipatory development processes for reducing total ownership costs and schedules

Conflicts and Synergies among Quality Requirements

Vulnerability diffusions in software product networks

Contact Info

Product

Resources

About