
Registered user since Fri 5 May 2023
Contributions
View general profile
Registered user since Fri 5 May 2023
Contributions
Industrial applications heavily integrate open-source software libraries nowadays. Beyond the benefits that libraries bring, they can also impose a real threat in case a library is affected by a vulnerability but its community is not active in creating a fixing release. Therefore, I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities. Since most research in this field is limited due to lack of features, labels, and transitive links, and thus is not applicable in industry, my approach aims to close this gap by capturing the impact of direct and transitive dependencies in terms of their maintenance activities. Automatically monitoring the maintenance activities of dependencies reduces the manual effort of application maintainers and supports application security by continuously having well-maintained dependencies.
Link to publication DOI Pre-print File AttachedChanges to a software project are inevitable as the software requires continuous adaptations, improvements, and corrections throughout maintenance. Identifying the purpose and impact of changes made to the codebase is critical in software engineering. However, manually identifying and characterizing software changes can be a time-consuming and tedious process that adds to the workload of software engineers. To address this challenge, several attempts have been made to automatically identify and demystify intents of software changes based on software artifacts such as commit change logs, issue reports, change messages, source code files, and software documentation. However, these existing approaches have their limitations. These include a lack of data, limited performance, and an inability to evaluate compound changes. This paper presents a doctoral research proposal that aims to automate the process of identifying commit-level changes in software projects using software repository mining and code representation learning models. The research background, state-of-the-art, research objectives, research agenda, and threats to validity are discussed.
Link to publication DOI