Using social network analysis for mining collaboration data in a defect tracking system for risk and vulnerability analysis

Open source software projects are characterized as self organizing and dynamic in which volunteers around the world primarily driven by self-motivation (and not necessarily monetary compensation) contribute and collaborate to a software product. In contrast to close source or proprietary software, the organizational structure and task allocation in an open source project setting is unstructured. Software project managers perform risk, threat and vulnerability analysis to gain insights into the organizational structure for de-risking or risk mitigation. For example, it is important for a project manager to have an understanding of critical employees, core team, subject matter experts, sub-groups, leaders and communication bridges. Software repositories such as defect tracking systems, versioning systems and mailing lists contains a wealth of valuable information that can be mined for solving practically useful software engineering tasks. In this paper, we present a systematic approach to mine defect tracking system for risk, threat and vulnerability analysis in a software project. We derive a collaboration network from a defect tracking system and apply social network analysis techniques to investigate the derived network for the purpose of risk and vulnerability analysis. We perform empirical analysis on bug report data of Mozilla Firefox project and present the results of our analysis. We demonstrate how important information pertaining to risk and vulnerability can be uncovered using network analysis techniques from static record keeping software archive such as the bug tracking system.

[1]  Bethany S. Dohleman Exploratory social network analysis with Pajek , 2006 .

[2]  Tao Xie,et al.  Mining software engineering data , 2007, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[3]  J. Herbsleb,et al.  Two case studies of open source software development: Apache and Mozilla , 2002, TSEM.

[4]  Juan Martínez-Romo,et al.  Using Social Network Analysis Techniques to Study Collaboration between a FLOSS Community and a Company , 2008, OSS.

[5]  Jonathan I. Maletic,et al.  Journal of Software Maintenance and Evolution: Research and Practice Survey a Survey and Taxonomy of Approaches for Mining Software Repositories in the Context of Software Evolution , 2022 .

[6]  Vladimir Batagelj,et al.  Exploratory Social Network Analysis with Pajek , 2005 .

[7]  Shih-Kun Huang,et al.  Mining version histories to verify the learning process of Legitimate Peripheral Participants , 2005, MSR '05.

[8]  Anita Sarma,et al.  Tesseract: Interactive visual exploration of socio-technical relationships in software development , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[9]  Paul Dourish,et al.  Seeking the source: software source code as a social and technical artifact , 2005, GROUP.

[10]  Laurie A. Williams,et al.  Improving developer activity metrics with issue tracking annotations , 2010, WETSoM '10.

[11]  Kevin Crowston,et al.  Assessing the health of open source communities , 2006, Computer.

[12]  Daniela E. Damian,et al.  Mining Task-Based Social Networks to Explore Collaboration in Software Teams , 2009, IEEE Software.

[13]  Kevin Crowston,et al.  Social dynamics of free and open source team communications , 2006, OSS.

[14]  Brendan Murphy,et al.  Can developer-module networks predict failures? , 2008, SIGSOFT '08/FSE-16.

[15]  Ioannis Stamelos,et al.  Free/Open Source Software Learning Community and Web-Based Technologies , 2004 .

[16]  Mary E. Helander,et al.  Using Software Repositories to Investigate Socio-technical Congruence in Development Projects , 2007, Fourth International Workshop on Mining Software Repositories (MSR'07:ICSE Workshops 2007).

[17]  Ken-ichi Matsumoto,et al.  Accelerating cross-project knowledge collaboration using collaborative filtering and social networks , 2005, ACM SIGSOFT Softw. Eng. Notes.

[18]  Kevin Crowston,et al.  Core and Periphery in Free/Libre and Open Source Software Team Communications , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[19]  Jesús M. González-Barahona,et al.  Applying Social Network Analysis to the Information in CVS Repositories , 2004, MSR.

[20]  Premkumar T. Devanbu,et al.  Latent social structure in open source projects , 2008, SIGSOFT '08/FSE-16.

[21]  Michael Gertz,et al.  Mining email social networks in Postgres , 2006, MSR '06.

[22]  Kevin Crowston,et al.  Social Dynamics of FLOSS Team Communication Across Channels , 2008, OSS.

[23]  Jian Pei,et al.  Mining Software Engineering Data , 2007, ICSE Companion.

[24]  D HerbslebJames,et al.  Two case studies of open source software development , 2002 .

[25]  Nicolas Ducheneaut,et al.  Socialization in an Open Source Software Community: A Socio-Technical Analysis , 2005, Computer Supported Cooperative Work (CSCW).

[26]  Greg Madey,et al.  THE OPEN SOURCE SOFTWARE DEVELOPMENT PHENOMENON: AN ANALYSIS BASED ON SOCIAL NETWORK THEORY , 2002 .

[27]  Laurie A. Williams,et al.  Predicting failures with developer networks and social network analysis , 2008, SIGSOFT '08/FSE-16.

[28]  Jin Xu,et al.  Application of Social Network Analysis to the Study of Open Source Software , 2006 .

[29]  John Scott Social Network Analysis , 1988 .