English
Related papers

Related papers: Drop it All or Pick it Up? How Developers Responde…

200 papers

GitHub recommends that projects adopt a security file that outlines vulnerability reporting procedures. However, the effectiveness and operational challenges of such files are not yet fully understood. This study aims to clarify the…

Software Engineering · Computer Science 2025-10-17 Rintaro Kanaji , Brittany Reid , Yutaro Kashiwa , Raula Gaikovina Kula , Hajimu Iida

Vulnerabilities in open source packages can be a security risk for the client projects that use these packages as dependencies. When a new vulnerability is discovered in a package, the package should quickly release a fix in a new version,…

Cryptography and Security · Computer Science 2021-12-14 Nasif Imtiaz , Aniqa Khanom , Laurie Williams

This study investigates vulnerabilities within the Maven ecosystem by analyzing a comprehensive dataset of 14,459,139 releases. Our analysis reveals the most critical weaknesses that pose significant threats to developers and their projects…

Software Engineering · Computer Science 2025-03-31 Costain Nachuma , Md Mosharaf Hossan , Asif Kamal Turzo , Minhaz F. Zibran

Software projects frequently use automation tools to perform repetitive activities in the distributed software development process. Recently, GitHub introduced GitHub Actions, a feature providing automated workflows for software projects.…

Software Engineering · Computer Science 2024-01-24 Mairieli Wessel , Joseph Vargovich , Marco A. Gerosa , Christoph Treude

To build secure software, developers often work together during software development and maintenance to find, fix, and prevent security vulnerabilities. Examining the nature of developer interactions during their security activities…

Software Engineering · Computer Science 2019-07-30 Song Wang , Nachi Nagappan

When a group of people strives to understand new information, struggle ensues as various ideas compete for attention. Steep learning curves are surmounted as teams learn together. To understand how these team dynamics play out in software…

Social and Information Networks · Computer Science 2019-07-11 Pamela Bilo Thomas , Rachel Krohn , Tim Weninger

Open-source developers, particularly the elite developers, maintain a diverse portfolio of contributing activities. They do not only commit source code but also spend a significant amount of effort on other communicative, organizational,…

Software Engineering · Computer Science 2019-11-15 Zhendong Wang , Yang Feng , Yi Wang , James A. Jones , David Redmiles

In open-source projects, anyone can contribute, so it is important to have an active continuous integration and continuous delivery (CI/CD) pipeline in addition to a protocol for reporting security concerns, especially in projects that are…

Software Engineering · Computer Science 2023-10-16 Jessy Ayala , Joshua Garcia

Developers use different means to document the security concerns of their code. Because of all of these opportunities, they may forget where the information is stored, or others may not be aware of it, and leave it unmaintained for so long…

Software Engineering · Computer Science 2025-01-15 Moritz Mock , Thomas Forrer , Barbara Russo

Developers often insert temporary "print" or "log" instructions into their code to help them better understand runtime behavior, usually when the code is not behaving as they expected. Despite the fact that such monitoring instructions, or…

Software Engineering · Computer Science 2025-04-18 Yi-Hung Chou , Yiyang Min , April Yi Wang , James A. Jones

Software developers reuse third-party packages that are hosted in package registries. At build time, a package manager resolves and fetches the direct and indirect dependencies of a project. Most package managers also generate a lockfile,…

Software Engineering · Computer Science 2026-04-03 Yogya Gamage , Deepika Tiwari , Martin Monperrus , Benoit Baudry

Developers write logging statements to generate logs that provide run-time information for various tasks. The readability of log messages in the logging statements (i.e., the descriptive text) is rather crucial to the value of the generated…

Software Engineering · Computer Science 2023-08-21 Zhenhao Li , An Ran Chen , Xing Hu , Xin Xia , Tse-Hsun Chen , Weiyi Shang

In open-source software (OSS), software vulnerabilities have significantly increased. Although researchers have investigated the perspectives of vulnerability reporters and OSS contributor security practices, understanding the perspectives…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Vulnerabilities from third-party libraries (TPLs) have been unveiled to threaten the Maven ecosystem. Despite patches being released promptly after vulnerabilities are disclosed, the libraries and applications in the community still use the…

Software Engineering · Computer Science 2023-08-08 Lyuye Zhang , Chengwei Liu , Sen Chen , Zhengzi Xu , Lingling Fan , Lida Zhao , Yiran Zhang , Yang Liu

Bug fixing is a complex and time-consuming task in software development. Bug localization research tends to focus on the accuracy of automated tools that suggest source code files for developers to look at. However, little is known about…

Software Engineering · Computer Science 2026-05-07 Pablo Diaz Pedreira , Tamara Lopez , Michel Wermelinger

Logging statements are central to debugging, failure diagnosis, and production observability, yet writing them requires developers to decide where to place a logging statement, which API and severity level to use, and what runtime…

Software Engineering · Computer Science 2026-04-21 Renyi Zhong , Yichen Li , Yulun Wu , Jinxi Kuang , Yintong Huo , Michael R. Lyu

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

When a group of people strives to understand new information, struggle ensues as various ideas compete for attention. Steep learning curves are surmounted as teams learn together. To understand how these team dynamics play out in software…

Social and Information Networks · Computer Science 2020-03-03 Pamela Bilo Thomas , Rachel Krohn , Tim Weninger

A software release note is one of the essential documents in the software development life cycle. The software release contains a set of information, e.g., bug fixes and security fixes. Release notes are used in different phases, e.g.,…

Software Engineering · Computer Science 2022-04-13 Sristy Sumana Nath , Banani Roy

Timely resolution and disclosure of vulnerabilities are essential for maintaining the security of open-source software. However, many vulnerabilities remain unreported, unpatched, or undisclosed for extended periods, exposing users to…

Cryptography and Security · Computer Science 2026-03-31 Arjun Sridharkumar , Sara Al Hajj Ibrahim , Jiayuan Zhou , Yuliang Wang , Safwat Hassan , Ahmed E. Hassan , Shurui Zhou