Characterizing and Understanding Software Developer Networks in Security Development

by   Song Wang, et al.

To build secure software, developers often work together during software development and maintenance to find, fix, and prevent security vulnerabilities. Examining the nature of developer interactions during their security activities regarding security introducing and fixing activities can provide insights for improving current practices. In this work, we conduct a large-scale empirical study to characterize and understand developers' interactions during their security activities regarding security introducing and fixing, which involves more than 16K security fixing commits and over 28K security introducing commits from nine large-scale open-source software projects. For our analysis, we first examine whether a project is a hero-centric project when assessing developers' contribution in their security activities. Then we study the interaction patterns between developers, explore how the distribution of the patterns changes over time, and study the impact of developers' interactions on the quality of projects. In addition, we also characterize the nature of developer interaction in security activities in comparison to developer interaction in non-security activities (i.e., introducing and fixing non-security bugs). Among our findings we identify that: most of the experimental projects are non hero-centric projects when evaluating developers' contribution by using their security activities; there exist common dominating interaction patterns across our experimental projects; the distribution of interaction patterns has correlation with the quality of software projects. We believe the findings from this study can help developers understand how vulnerabilitiesoriginate and fix under the interactions of software developers.


Unveiling Elite Developers' Activities in Open Source Projects

Open-source developers, particularly the elite developers, maintain a di...

The Co-Evolution of Test Maintenance and Code Maintenance through the lens of Fine-Grained Semantic Changes

Automatic testing is a widely adopted technique for improving software q...

Well Begun is Half Done: An Empirical Study of Exploitability Impact of Base-Image Vulnerabilities

Container technology, (e.g., Docker) is being widely adopted for deployi...

Communicating on Security within Software Development Issue Tracking

During software development, balancing security and non security issues ...

Behind the Scenes: On the Relationship Between Developer Experience and Refactoring

Refactoring is widely recognized as one of the efficient techniques to m...

How are Diverse End-user Human-centric Issues Discussed on GitHub?

Many software systems fail to meet the needs of the diverse end-users in...

Do Design Metrics Capture Developers Perception of Quality? An Empirical Study on Self-Affirmed Refactoring Activities

Background. Refactoring is a critical task in software maintenance and i...

Please sign up or login with your details

Forgot password? Click here to reset