Gender in open-source software development
Alexander Serebrenik (Technical University of Eindhoven, Netherlands)

This talk provides a brief overview of several recent studies of gender and gender diversity in software development teams. Some of the main findings are that more gender-diverse software teams are more productive and less likely to exhibit suboptimal communication patterns. In addition, social capital obtained by collaborating on open source projects is beneficial for duration of engagement in an open source project. Involvement in very different projects is also beneficial for people of all genders, and more so for women than for men.

Presentation slides

Youtube video of the presentation

When, how, and why mobile app developers update third-party libraries they rely on?
Dario Di Nucci (Vrije Universiteit Brussel, Belgium)

One of the most common strategies to develop new software is to reuse existing source code, which is available in comprehensive third-party library packages. However, these libraries are subject to frequent change to offer new functionalities, fix bugs or address security issues. The way such changes are propagated have been well-studied for traditional software applications, but little is known for mobile software application. This talk aims to bridge this gap by reporting on the results of an empirical study of 2,752 mobile Android apps. We investigated (i) whether mobile developers update third-party libraries, (ii) how much such apps lag behind the latest version of their dependencies, (iii) which are the categories of libraries that are more prone to be updated, and (iv) what are the common patterns followed by developers when updating a library. Then, we performed a survey with 73 mobile developers that aims at shedding lights on the reasons behind their behaviors. The study revealed that mobile developers rarely update libraries, and when they do, they mainly tend to update libraries related to the Graphical User Interface. Avoiding bug propagation and making the app compatible with new Android releases are the top reasons why developers update their libraries.

Presentation slides

Youtube video of the presentation

Mining software repositories in times of GDPR
Jesus Gonzalez-Barahona (Universidad Rey Juan Carlos, Madrid, Spain)

The EU General Data Protection Regulation (GDPR) and other privacy regulations are shaping a new environment for researchers using data from publicly available software repositories, be them public or private. In addition, other ethical constraints may also apply to personal information available from those repositories. However, the public nature of many of them, and the interest they have for conducting potentially useful empirical research, makes them a very special case, which does not seem to be the core case on which regulations, and even ethical guidelines, seem to focus. Given this situation, this talk will introduce some of the constraints that researchers should take into account, outline the open problems that lie ahead of us, and discuss ideas on how to build a trustable relationship with the FOSS communities that are producing the data we use, and making it public for a reason.

Presentation slides

Youtube video of the presentation

Testing Research in Software Ecosystems
Henrique Rocha (Universiteit Antwerpen, Belgium)

This talk shows the research conducted on software testing at LORE (lab on reengineering) in UAntwerpen. First, we explain important state-of-the-art testing techniques such as Mutation Testing, Test Amplification, and Test Transplantation. We show the results, opportunities, and challenges for the current testing research in ecosystems. Finally, we present other research projects related to open source software and software ecosystems.

Youtube video of the presentation

A Longitudinal Analysis of Bug Handling Across Eclipse Releases
Zeinab Abou Khalil (University of Mons, Belgium, and University of Lille, France)

Abstract : Large open source software projects, like Eclipse, follow a continuous software development process, with a regular release cycle. During each release, new bugs are reported, triaged and resolved. Previous studies have focused on various aspects of bug fixing, such as bug triaging, bug prediction, and bug process analysis. Most studies, however, do not distinguish between what happens before and after each scheduled release. We are also unaware of studies that compare bug fixing activities across different project releases. This paper presents an empirical analysis of the bug handling process of Eclipse over a 15-year period, considering 138K bug reports from Bugzilla, including 16 annual Eclipse releases and two quarterly releases in 2018. We compare the bug resolution rate, the fixing rate, the bug triaging time and the fixing time before and after each release date, and we study the possible impact of "release pressure". Among others, our results reveal that Eclipse bug handling activity is improving over time, with an important decrease in the number of reported bugs before releases, an increase in the bug fixing rate and an increasingly balanced bug handling workload before and after releases. The recent transition from an annual to a quarterly release cycle continued to improve the bug handling process. (Paper accepted at ICSME 2019)

Paper

A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems
Public PhD Defense. Ahmed Zerouali (University of Mons, Belgium)
PhD dissertation

Advisor: Tom Mens
Jury members: Olivier Delgrange, Alexandre Decan, Jesus Gonzalez-Barahona, Alexander Serebrenik

Software development practices have evolved quite a lot since the early days of programming. Most open source software projects today are using distributed versioning development practices.They heavily rely on reusing external software packages, to realize part of their functionality, rather than needing to implement these functionalities themselves. Reusable open source software components for major programming languages and operating systems are stored in public package repositories where they are developed and evolved together within the same environment. Developers rely on package management tools to automate deployments, specifying which package releases satisfy the needs of their applications. However, these specifications may lead to deploying package releases that are outdated or otherwise undesirable because they do not include bug fixes, security fixes, or new functionality. In contrast, automatically updating to a more recent release may introduce incompatibility issues. While this delicate problem is important at the level of individual packages, it becomes even more relevant at the level of large distributions of software packages where packages depend, directly or indirectly, on a large number of other packages.

The goal of this PhD dissertation is to capture and quantify this delicate balance between the need of updating to the ideal release and the risk of having breaking changes. We formalize a generic model of technical lag, a concept that quantifies to which extent a deployed collection of components is outdated with respect to the ideal deployment. Then, we show how to operationalise this model for different case studies and we empirically analyze its evolution in npm, Debian and Docker ecosystems. Finally, we develop a tool to support Docker deployers in assessing the health of the software included in their containers.

Presentation slides

Youtube video of the presentation