Stefano Zacchiroli« What’s next for #RegisteredReports? » https://www.nature.com/articles/d41586-019-02674-6 #openscience #reproducibility #msr2020 (h/t Neil Ernst)
Jesus M. Gonzalez-BarahonaWhat changed in OpenSSL after Heartbleed? https://arxiv.org/abs/2005.14242 Very interested paper by James Walden, presented in #MSR2020 These charts say it all. For more details, have a look at the paper (start with conclusions)
The Impact of a Major Security Event on an Open Source Project: The Case of OpenSSL
Context: The Heartbleed vulnerability brought OpenSSL to international attention in 2014. The almost moribund project was a key security component in public web servers and over a billion mobile devices. This vulnerability led to new investments in OpenSSL. Objective: The goal of this study is to determine how the Heartbleed vulnerability changed the software evolution of OpenSSL. We study changes in vulnerabilities, code quality, project activity, and software engineering practices. Method: We use a mixed methods approach, collecting multiple types of quantitative data and qualitative data from web sites and an interview with a developer who worked on post-Heartbleed changes. We use regression discontinuity analysis to determine changes in levels and slopes of code and project activity metrics resulting from Heartbleed. Results: The OpenSSL project made tremendous improvements to code quality and security after Heartbleed. By the end of 2016, the number of commits per month had tripled, 91 vulnerabilities were found and fixed, code complexity decreased significantly, and OpenSSL obtained a CII best practices badge, certifying its use of good open source development practices. Conclusions: The OpenSSL project provides a model of how an open source project can adapt and improve after a security event. The evolution of OpenSSL shows that the number of known vulnerabilities is not a useful indicator of project security. A small number of vulnerabilities may simply indicate that a project does not expend much effort to finding vulnerabilities. This study suggests that project activity and CII badge best practices may be better indicators of code quality and security than vulnerability counts.
Highlight: with increasing diversity in Git hosting and practices, we should not assume that forking always happen via the "fork" button on one platform. There is much more than that and we need a global view, in the style of Software Heritage, to avoid undercounting software forks. #MSR2020
In our paper « Forking without Clicking » (preprint: https://hal.inria.fr/hal-02527811/document) we have compared 3 ways of determining that VCS repositories are #fork of one another and discussed the respective methodological implications. It will be presented at #MSR2020 at 10:30 UTC today.
Hi, #MSR2020 people! If you're retrieving data from software development repos (>20 kinds of them, from GitHub to Stackoverflow, from Meetup to Bugzilla), considering using Perceval, from the @GrimoireLab toolset https://github.com/chaoss/grimoirelab-perceval Just "pip3 install perceval", and run it!
It was a really good experience to review for #MSR2020. Thanks a lot, muchas gracias!!!!
---
RT @msrconf
#MSR2020 Distinguished Reviewer Awards to Serge Demeyer, Andre Hora, Nikolaos Tsantalis, @mauricioaniche , @MaleknazNayebi, @jgbarah, Francisco Servant, and @xLeitix
https://twitter.com/msrconf/status/1277592112536657920
---
RT @msrconf
#MSR2020 Distinguished Reviewer Awards to Serge Demeyer, Andre Hora, Nikolaos Tsantalis, @mauricioaniche , @MaleknazNayebi, @jgbarah, Francisco Servant, and @xLeitix
https://twitter.com/msrconf/status/1277592112536657920
Thread about my presentation "Mining Software Repositories While Respecting Privacy", with slides and video already publicly available. If you are attending @msrconf join us on Monday, 14:30 UTC, right after the keynote https://2020.msrconf.org/details/msr-2020-Education/1/Mining-Software-Repositories-While-Respecting-Privacy #MSR2020
---
RT @jgbarah
If you're retrieving data from repositories related to software development (@github, @git…
https://twitter.com/jgbarah/status/1276417807098548225
---
RT @jgbarah
If you're retrieving data from repositories related to software development (@github, @git…
https://twitter.com/jgbarah/status/1276417807098548225
Mining Software Repositories While Respecting Privacy (MSR 2020 - Education) - MSR 2020
This year educational track will feature three kinds of submissions. In addition to tutorials and collection of educational resources launched last year, this year we also introduce educational posters. Tutorials: the track chairs will invite several researchers to address topics of broad interest for community. Shared educational resources. The goal of this activity is to create a hub of community educational collaboration and curation of educational resources relevant to Mining Software Repositories. Educational resources can be lessons, MOOCs, tools, educational datasets, tutorial ...
If you are attending #MSR2020, come to the session in the Educational Track https://2020.msrconf.org/details/msr-2020-Education/1/Mining-Software-Repositories-While-Respecting-Privacy on Monday 29th, 14:30 - 15:00 CEST. We'll discuss all of this & more ;-)
Mining Software Repositories While Respecting Privacy (MSR 2020 - Education) - MSR 2020
This year educational track will feature three kinds of submissions. In addition to tutorials and collection of educational resources launched last year, this year we also introduce educational posters. Tutorials: the track chairs will invite several researchers to address topics of broad interest for community. Shared educational resources. The goal of this activity is to create a hub of community educational collaboration and curation of educational resources relevant to Mining Software Repositories. Educational resources can be lessons, MOOCs, tools, educational datasets, tutorial ...
The pre-recorded video of the presentation is available in YouTube, have a look at it for more details on mining software repositories while respecting privacy https://www.youtube.com/watch?v=O6er2YpE8XQ #MSR2020 Slides (with even more details): https://jgbarah.github.io/presentations/research-privacy/slides.pdf
Mining Software Repositories While Respecting Privacy
From the ethical point of view, read "Ethical Mining – A Case Study on MSR Mining Challenges", also in #MSR2020, by Nicolas Gold & @JensKrinke
---
RT @JensKrinke
Nicolas Gold and I (@uclcs) will be discussing our work on Ethical Mining of Software Repositories in the Visions & Reflections Session on Tuesday at 16:00 UTC at @msrconf. We should discuss ethics openly and often! Talk/paper at http://bit.ly/msr-ethics #msr20trailers #msr2…
https://twitter.com/JensKrinke/status/1276138988840108037
---
RT @JensKrinke
Nicolas Gold and I (@uclcs) will be discussing our work on Ethical Mining of Software Repositories in the Visions & Reflections Session on Tuesday at 16:00 UTC at @msrconf. We should discuss ethics openly and often! Talk/paper at http://bit.ly/msr-ethics #msr20trailers #msr2…
https://twitter.com/JensKrinke/status/1276138988840108037
Ethical Mining – A Case Study on MSR Mining Challenges (MSR 2020 - Technical Papers) - MSR 2020
The Mining Software Repositories (MSR) conference is the premier conference for data science, machine learning, and artificial intelligence in software engineering. The goal of the conference is to improve software engineering practices by uncovering interesting and actionable information about software systems and projects using the vast amounts of software data such as source control systems, defect tracking systems, code review repositories, archived communications between project personnel, question-and-answer sites, CI build servers, and run-time telemetry. Mining this information can ...