Amiangshu Bosu

Building reputation in StackOverflow: An empirical investigation

StackOverflow (SO) contributors are recognized by reputation scores. Earning a high reputation score requires technical expertise and sustained effort. We analyzed the SO data from four perspectives to understand the dynamics of reputation building on SO. The results of our analysis provide guidance to new SO contributors who want to earn high reputation scores quickly. In particular, the results indicate that the following activities can help to build reputation quickly: answering questions related to tags with lower expertise density, answering questions promptly, being the first one to answer a question, being active during off peak hours, and contributing to diverse areas.

Characteristics of useful code reviews: an empirical study at Microsoft

Over the past decade, both open source and commercial software projects have adopted contemporary peer code review practices as a quality control mechanism. Prior research has shown that developers spend a large amount of time and effort performing code reviews. Therefore, identifying factors that lead to useful code reviews can benefit projects by increasing code review effectiveness and quality. In a three-stage mixed research study, we qualitatively investigated what aspects of code reviews make them useful to developers, used our findings to build and verify a classification model that can distinguish between useful and not useful code review feedback, and finally we used this classifier to classify review comments enabling us to empirically investigate factors that lead to more effective code review feedback. In total, we analyzed 1.5 millions review comments from five Microsoft projects and uncovered many factors that affect the usefulness of review feedback. For example, we found that the proportion of useful comments made by a reviewer increases dramatically in the first year that he or she is at Microsoft but tends to plateau afterwards. In contrast, we found that the more files that are in a change, the lower the proportion of comments in the code review that will be of value to the author of the change. Based on our findings, we provide recommendations for practitioners to improve effectiveness of code reviews.

Impact of developer reputation on code review outcomes in OSS projects: an empirical investigation

<u>Context:</u> Gaining an identity and building a good reputation are important motivations for Open Source Software (OSS) developers. It is unclear whether these motivations have any actual impact on OSS project success. <u>Goal:</u> To identify how an OSS developers reputation affects the outcome of his/her code review requests. <u>Method:</u> We conducted a social network analysis (SNA) of the code review data from eight popular OSS projects. Working on the assumption that core developers have better reputation than peripheral developers, we developed an approach, Core Identification using K-means (CIK) to divide the OSS developers into core and periphery groups based on six SNA centrality measures. We then compared the outcome of the code review process for members of the two groups. <u>Results:</u> The results suggest that the core developers receive quicker first feedback on their review request, complete the review process in shorter time, and are more likely to have their code changes accepted into the project codebase. Peripheral developers may have to wait 2 - 19 times (or 12 - 96 hours) longer than core developers for the review process of their code to complete. <u>Conclusion:</u> We recommend that projects allocate resources or create tool support to triage the code review requests to motivate prospective developers through quick feedback.

Impact of Peer Code Review on Peer Impression Formation: A Survey

Peer code review has been adopted as an effective quality improvement practice by many Open Source Software (OSS) communities. In addition to increasing software quality, there is anecdotal evidence that peer code review has other benefits, including: sharing knowledge, sharing expertise, sharing development techniques, and most importantly building accurate peer impressions between the code review participants. To further investigate the presence of these benefits, we surveyed members of popular OSS communities who were involved with peer code review. We used established scales from Psychology, Information science, and Organizational Behavior to create survey questions. We also enforced multiple reliability and validity measures to ensure higher confidence in the survey results. In this paper, we present a subset of the surveys results focused on better understanding four aspects of peer impression formation: trust, reliability, perception of expertise, and friendship. The results indicate that there is indeed a high level of trust, reliability, perception of expertise, and friendship between OSS peers who have participated in code review for a period of time. Because code review involves examining someone elses code, unsurprisingly, peer code review helped most in building a perception of expertise between code review partners.

Peer impressions in open source organizations: A survey

Abstract In virtual organizations, such as Open Source Software (OSS) communities, we expect that the impressions members have about each other play an important role in fostering effective collaboration. However, there is little empirical evidence about how peer impressions form and change in virtual organizations. This paper reports the results from a survey designed to understand the peer impression formation process among OSS participants in terms of perceived expertise, trustworthiness, productivity, experiences collaborating, and other factors that make collaboration easy or difficult. While the majority of survey respondents reported positive experiences, a non-trivial fraction had negative experiences. In particular, volunteer participants were more likely to report negative experiences than participants who were paid. The results showed that factors related to a persons project contribution (e.g., quality and understandability of committed codes, important design related decisions, and critical fixes made) were more important than factors related to work style or personal traits. Although OSS participants are very task focused, the respondents believed that meeting their peers in person is beneficial for forming peer impressions. Having an appropriate impression of ones OSS peers is crucial, but the impression formation process is complicated and different from the process in traditional organizations.

Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation

Peer code review, as an effective quality improvement practice, has also been considered important for reducing security vulnerabilities. There is a lack of empirical evidence to quantify and support this claim. Therefore, we propose a research plan to analyze mature open source projects to gather empirical evidence regarding the relationship between peer code review and security vulnerabilities. As a proof-of-concept, we analyzed the Chromium OS project and found that reviewers identified potential vulnerabilities in 32 review requests.

Peer code review in open source communitiesusing reviewboard

Peer code review is an effective method to reduce the number of defects and maintain source code integrity. Peer re-views in most of the Open Source Software (OSS) communities are conducted via mailing list, which are difficult to manage at times. Code review tools aim to ease the review process and keep track of the review requests. In this paper, we describe preliminary results of our study to evaluate code review process using a popular open source code review tool (ReviewBoard) in OSS communities. Some of our study findings are similar to the findings of previous studies on code reviews. In the projects under our study, we found that, most of the revisions are not submitted for peer review. More than 80% of the review requests are responded by two or less number of reviewers. Top committers of the projects are also top contributors of code reviews. Most of the review requests get prompt feedback within a day; however, some requests might wait for feed-back for a long time. Most importantly, we have identified some interesting directions for future research.

Characteristics of the vulnerable code changes identified through peer code review

To effectively utilize the efforts of scarce security experts, this study aims to provide empirical evidence about the characteristics of security vulnerabilities. Using a three-stage, manual analysis of peer code review data from 10 popular Open Source Software (OSS) projects, this study identified 413 potentially vulnerable code changes (VCC). Some key results include: 1) the most experienced contributors authored the majority of the VCCs, 2) while less experienced authors wrote fewer VCCs, their code changes were 1.5 to 24 times more likely to be vulnerable, 3) employees of the organization sponsoring the OSS projects are more likely to write VCCs.

How Do Social Interaction Networks Influence Peer Impressions Formation? A Case Study

Due to their lack of physical interaction, Free and Open Source Software (FOSS) participants form impressions of their teammates largely based on sociotechnical mechanisms including: code commits, code reviews, mailing-lists, and bug comments. These mechanisms may have different effects on peer impression formation. This paper describes a social network analysis of the WikiMedia project to determine which type of interaction has the most favorable characteristics for impressions formation. The results suggest that due to lower centralization, high interactivity, and high degree of interactions between participants, the code review interactions have the most favorable characteristics to support impression formation among FOSS participants.

When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study

We analyzed peer code review data of the Android Open Source Project (AOSP) to understand whether code changes that introduce security vulnerabilities, referred to as vulnerable code changes (VCC), occur at certain intervals. Using a systematic manual analysis process, we identified 60 VCCs. Our results suggest that AOSP developers were more likely to write VCCs prior to AOSP releases, while during the post-release period they wrote fewer VCCs.