Brendan Cleary

The (R) Evolution of social media in software engineering

Software developers rely on media to communicate, learn, collaborate, and coordinate with others. Recently, social media has dramatically changed the landscape of software engineering, challenging some old assumptions about how developers learn and work with one another. We see the rise of the social programmer who actively participates in online communities and openly contributes to the creation of a large body of crowdsourced socio-technical content. In this paper, we examine the past, present, and future roles of social media in software engineering. We provide a review of research that examines the use of different media channels in software engineering from 1968 to the present day. We also provide preliminary results from a large survey with developers that actively use social media to understand how they communicate and collaborate, and to gain insights into the challenges they face. We find that while this particular population values social media, traditional channels, such as face-to-face communication, are still considered crucial. We synthesize findings from our historical review and survey to propose a roadmap for future research on this topic. Finally, we discuss implications for research methods as we argue that social media is poised to bring about a paradigm shift in software engineering research.

Contemporary Peer Review in Action: Lessons from Open Source Development

Do you use software peer reviews? Are you happy with your current code review practices? Even though formal inspection is recognized as one of the most effective ways to improve software quality, many software organizations struggle to effectively implement a formal inspection regime. Open source projects use an agile peer review process-based on asynchronous, frequent, incremental reviews that are carried out by invested codevelopers-that contrasts with heavyweight inspection processes. The authors describe lessons from the OSS process that transfer to proprietary software development. They also present a selection of popular tools that support lightweight, collaborative, code review processes and nonintrusive metric collection.

Mutual assessment in the social programmer ecosystem: an empirical investigation of developer profile aggregators

The multitude of social media channels that programmers can use to participate in software development has given rise to online developer profiles that aggregate activity across many services. Studying members of such developer profile aggregators, we found an ecosystem that revolves around the social programmer. Developers are assessing each other to evaluate whether other developers are interesting, worth following, or worth collaborating with. They are self-conscious about being assessed, and thus manage their public images. They value passion for software development, new technologies, and learning. Some recruiters participate in the ecosystem and use it to find candidates for hiring; other recruiters struggle with the interpretation of signals and issues of trust. This mutual assessment is changing how software engineers collaborate and how they advance their skills.

A study of innovation diffusion through link sharing on stack overflow

It is poorly understood how developers discover and adopt software development innovations such as tools, libraries, frameworks, or web sites that support developers. Yet, being aware of and choosing appropriate tools and components can have a significant impact on the outcome of a software project. In our study, we investigate link sharing on Stack Overflow to gain insights into how software developers discover and disseminate innovations. We find that link sharing is a significant phenomenon on Stack Overflow, that Stack Overflow is an important resource for software development innovation dissemination and that its part of a larger interconnected network of online resources used and referenced by developers. This knowledge can guide researchers and practitioners who build tools and services that support software developers in the exploration, discovery, and adoption of software development innovations.

Using Interactive Management to Identify, Rank and Model Entrepreneurial Competencies as Universities’ Entrepreneurship Curricula

While the strong influence of entrepreneurial competencies on business performance is recognised, despite some doubts about the teachability of these competencies, a fundamental question has remained unanswered: what are the key entrepreneurial competencies that need to be developed in an entrepreneurship curriculum and how are these competencies interrelated? The current study used Interactive Management (IM) with a group of seven successful entrepreneurs to identify, clarify, rank order and build a consensus model describing the interdependencies between 12 entrepreneurial competencies. Results indicated that positivity and competitiveness are fundamental drivers of all other competencies in the consensus model. At the same time, determination and inquisitiveness were the most highly ranked competencies. Results are discussed in light of the ongoing challenges of defining the optimal scope and sequence of training in entrepreneurial curricula. This article fulfils an identified need to study specific entrepreneurial competencies that are to be promoted in university students.

ATLANTIS - Assembly Trace Analysis Environment

For malware authors, software is an ever fruitful source of vulnerabilities to exploit. Exploitability assessment through fuzzing aims to proactively identify potential vulnerabilities by monitoring the execution of a program while attempting to induce a crash. In order to determine if a particular program crash is exploitable (and to create a patch), the root cause of the crash must be identified. For particular classes of programs this analysis must be conducted without the aid of the original source code using execution traces generated at the assembly layer. Currently this analysis is a highly manual, text-driven activity with poor tool support. In this paper we present ATLANTIS, an assembly trace analysis environment that combines many of the features of modern IDEs with novel trace annotation and navigation techniques to support software security engineers performing exploitability analysis.

Analyzing the friendliness of exchanges in an online software developer community

Many online communities struggle with conflicts - e.g. between newcomers and elders - at some point. In July 2012, the Stack Exchange organization attempted to assess the overall “niceness” of the Stack Overflow community by rating the “friendliness” of 7,000 comments made on the site over a 4 year period. We performed a deeper examination of the comment dataset published by Stack Exchange. We find a high degree of comment repetition in the Stack Overflow database and suggest some simple heuristics that may help in automatically identifying unfriendly comments, providing managers of developer communities with simple means that could counter hostility.

Reconstructing program memory state from multi-gigabyte instruction traces to support interactive analysis

Exploitability analysis is the process of attempting to determine if a vulnerability in a program is exploitable. Fuzzing is a popular method of finding such vulnerabilities, in which a program is subjected to millions of generated program inputs until it crashes. Each program crash indicates a potential vulnerability that needs to be prioritized according to its potential for exploitation. The highest priority vulnerabilities need to be investigated by a security analyst by re-executing the program with the input that caused the crash while recording a trace of all executed assembly instructions and then performing analysis on the resulting trace. Recreating the entire memory state of the program at the time of the crash, or at any other point in the trace, is very important for helping the analyst build an understanding of the conditions that led to the crash. Unfortunately, tracing even a small program can create multimillion line trace files from which reconstructing memory state is a computationally intensive process and virtually impossible to do manually. In this paper we present an analysis of the problem of memory state reconstruction from very large execution traces. We report on a novel approach for reconstructing the entire memory state of a program from an execution trace that allows near realtime queries on the state of memory at any point in a programs execution trace. Finally we benchmark our approach showing storage and performance results in line with our theoretical calculations and demonstrate memory state query response times of less than 200ms for trace files up to 60 million lines.

Improving Tool Support for Software Reverse Engineering in a Security Context

Illegal cyberspace activities are increasing rapidly and many software engineers are using reverse engineering methods to respond to attacks. The security-sensitive nature of these tasks, such as the understanding of malware or the decryption of encrypted content, brings unique challenges to reverse engineering: work has to be done offline, files can rarely be shared, time pressure is immense, and there is a lack of tool and process support for capturing and sharing the knowledge obtained while trying to understand assembly code. To help us gain an understanding of this reverse engineering work, we conducted an exploratory study at a government research and development organization to explore their work processes, tools, and artifacts [1]. We have been using these findings to improve visualization and collaboration features in assembly reverse engineering tools. In this talk, we will present a review of the findings from our study, and present prototypes we have developed to improve capturing and sharing knowledge while analyzing security concerns.