SP

S. Proksch

52 records found

Authored

Source code comments are a cornerstone of software documentation facilitating feature development and maintenance. Well-defined documentation formats, like Javadoc, make it easy to include structural metadata used to, for example, generate documentation manuals. However, the a ...

Software reuse is a common practice in modern software engineering to save time and energy while accelerating software delivery. Dependency managers like MAVEN offer a large ecosystem of reusable libraries that build the backbone of software reuse. Breaking changes, i.e., when ...

Reusing software libraries is a pillar of modern software engineering. In 2022, the average Java application depends on 40 third-party libraries. Relying on such libraries exposes a project to potential vulnerabilities and may put an application and its users at risk. Unfortunate ...

Type4Py

Practical Deep Similarity Learning-Based Type Inference for Python

Dynamic languages, such as Python and Javascript, trade static typing for developer flexibility and productivity. Lack of static typing can cause run-time exceptions and is a major factor for weak IDE support. To alleviate these issues, PEP 484 introduced optional type annotat ...

Automatic static analysis tools (ASATs) are instruments that support code quality assessment by automatically detecting defects and design issues. Despite their popularity, they are characterized by (i) a high false positive rate and (ii) the low comprehensibility of the generate ...

Configuration smells in continuous delivery pipelines

A linter and a six-month study on GitLab

An effective and efficient application of Continuous Integration (CI) and Delivery (CD) requires software projects to follow certain principles and good practices. Configuring such a CI/CD pipeline is challenging and error-prone. Therefore, automated linters have been proposed ...

Contributed

Recent large scale cyber security incidents such as the Equifax data breach, where the personal information of around 160 million Americans leaked, demonstrate the current risk of security vulnerabilities libraries which software projects depend on.
The usage of libraries for ...
We look at the Maven eco-system and how popularity of packages and its methods change. We want to know if there are any trends that can help developers more efficiently use their time. To look at the popularity we do package analysis and method analysis. We find that there is no ...
Even though previous studies have studied software artefacts on a package level, little research has been done on a method level. In this work, we perform a method-level analysis to determine how popularity disperses among methods within software libraries of Maven Central. We an ...
Maven Central Repository hosts over 9 million repositories which ease software reuse. Since its appearance, Maven has been studied and character- ized using different popularity and quality metrics, in order to identify defining patterns and possible improvements. This study aims ...
In this paper, we investigate whether developers of artifacts on Maven Central adhere to semantic versioning. We also investigate whether there is a link between violations in semantic versioning and the popularity of the violating method. Developers can violate semantic versioni ...
Researchers at the Delft University of Technology have developed Type4Py: a tool that uses Machine Learning to predict types for Python code. These predictions can be applied by developers to their python code to increase readability and can later be tested by a type-checker for ...
Dynamic programming languages (DPLs), such as Python and Ruby, are often used for their flexibility and fast development. The absence of static typing can lead to runtime exceptions and reduced program understandability. To overcome these problems, some DPLs have introduced optio ...
Incident management is one of the top priorities for IT companies. Within incident management the so-called major incidents, incidents with a severe impact on the company, require emergency actions to reduce this impact. An earlier detection of these major incidents will lead to ...

Method-Level Data in GitHub Pull Request Descriptions

Effects on Developers' Prioritization and Facilitation of Fixing Vulnerable Dependencies

Modern software development involves the usage of external third-party software projects as direct dependencies. Nonetheless, developers of a dependant project have no control over critical aspects such as development and testing of the dependency. This can put the reliant reposi ...
Software reuse in the form of dependencies has become widespread in software development. However, dependencies have the potential to suffer from vulnerabilities, thereby potentially putting depending projects at risk. Dependency analysis software can be used to manage vulnerable ...
Nowadays software development greatly relies upon using third-party source code. A logical consequence is that vulnerabilities from such sources can be propagated to applications making use of those. Tools like Dependabot can alert developers about packages they use, which entail ...
Metrics are widely used in the software engineering industry and can serve as Key Performance Indicators (KPIs), which are used by management to make informed decisions and understand the performance of the organisation. Many companies measure themselves against industry-standard ...
Software engineers often lack the domain knowledge needed to validate context specific parts of software. Domain experts do have this knowledge needed to validate the software, but often lack the expertise and tools to apply this knowledge in a way that tests the software product ...
Online controlled experimentation (OCE), also called A/B testing, is an often used tool in industry to determine if deploying changes into production is the right decision to make. Running experiments has shown an immense impact to the revenue of companies in industry, however th ...