Ahmed Zerouali

Ahmed Zerouali
Vrije Universiteit Brussel | VUB · Software Language Lab (SOFT)

Software Engineering PhD

About

29
Publications
7,105
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
286
Citations
Citations since 2016
29 Research Items
286 Citations
2016201720182019202020212022020406080
2016201720182019202020212022020406080
2016201720182019202020212022020406080
2016201720182019202020212022020406080
Introduction
I am currently a post-doctoral researcher at the Software Languages Lab of the Vrije Universiteit Brussel. My research focuses mainly on empirical software engineering, in particular software health and evolution, mining software repositories and software analytics. I am also interested in information security and data analysis. https://zerouali.net/
Additional affiliations
March 2020 - present
Vrije Universiteit Brussel
Position
  • PostDoc Position
September 2019 - February 2020
Université de Mons
Position
  • PostDoc Position
Education
September 2016 - August 2019
Université de Mons
Field of study
  • Software engineering

Publications

Publications (29)
Article
Full-text available
The increasing interest in open source software has led to the emergence of large language-specific package distributions of reusable software libraries, such as npm and RubyGems. These software packages can be subject to vulnerabilities that may expose dependent packages through explicitly declared dependencies. Using Snyk’s vulnerability database...
Conference Paper
Full-text available
Infrastructure as Code is the practice of automating the provisioning, configuration, and orchestration of network nodes using code in which variable values such as configuration parameters, node hostnames, etc. play a central role. Mistakes in these values are an important cause of infrastructure defects and corresponding outages. Ansible, a popul...
Chapter
It can be challenging to manage an open source package from a licensing perspective. License violations can be introduced by both direct and indirect package dependencies, which evolve independently. In this paper, we propose a license compatibility matrix as the foundation for a tool that can help maintainers assess the compliance of their package...
Article
The practice of backporting aims to bring the benefits of a bug or vulnerability fix from a higher to a lower release of a software package. When such a package adheres to semantic versioning, backports can be recognised as new releases in a lower major train. This is particularly useful in case a substantial number of software packages continues t...
Article
Full-text available
Ansible, a popular Infrastructure-as-Code platform, provides reusable collections of tasks called roles. Roles are often contributed by third parties, and like general-purpose libraries, they evolve. Therefore, new releases of roles need to be tagged with version numbers, for which Ansible recommends adhering to the semantic versioning format. Howe...
Preprint
Full-text available
The increasing interest in open source software has led to the emergence of large package distributions of reusable software libraries, such as npm and RubyGems. These software packages can be subject to security vulnerabilities that may expose dependent packages through explicitly declared dependencies. This article empirically studies security vu...
Conference Paper
Full-text available
Cloud-native applications increasingly provision infrastructure resources programmatically through Infrastructure as Code (IaC) scripts. These scripts have in turn become the subject of empirical software engineering research. However, an often-overlooked part are the software ecosystems that have grown around the IaC languages. For example, Galaxy...
Article
Docker is one of the most popular containerization technologies. A Docker container can be saved into an image including all environmental packages required to run it, such as system and third-party packages from language-specific package repositories. Relying on its modularity, an image can be shared and included in other images to simplify the wa...
Article
Full-text available
Container-based solutions, such as Docker, have become increasingly relevant in the software industry to facilitate deploying and maintaining software systems. Little is known, however, about how outdated such containers are at the moment of their release or when used in production. This article addresses this question, by measuring and comparing f...
Conference Paper
Full-text available
Ansible, a popular Infrastructure-as-Code platform, provides reusable collections of tasks called roles. Roles are often contributed by third parties, and like general-purpose libraries, they evolve. As such, new releases of roles need to be tagged with version numbers, for which Ansible recommends adhering to the semantic versioning format. Howeve...
Thesis
Full-text available
Software development practices have evolved quite a lot since the early days of programming. Most software projects today, especially in the open source software community, are using distributed versioning development practices. In addition, they heavily rely on reusing external software packages, to realize part of their functionality, rather than...
Conference Paper
Full-text available
Nowadays, software projects and in particular open source ones heavily rely on a plethora of tools (e.g., Git, GitHub) to support and coordinate development activities. Despite their paramount value, they foster to fragment members' contribution , since members can access them with different identities (e.g., email, username). Thus, researchers and...
Preprint
Full-text available
Packaging software into containers is becoming a common practice when deploying services in cloud and other environments. Docker is currently one of the most popular container technologies for building and deploying containers. A key part of this technology is the concept of registry, where container images are stored and shared. The largest one of...
Article
Reusable Open Source Software (OSS) components for major programming languages are available in package repositories. Developers rely on package management tools to automate deployments, specifying which package releases satisfy the needs of their applications. However, these specifications may lead to deploying package releases that are outdated,...
Preprint
Full-text available
Containerized applications, and in particular Docker images, are becoming a common solution in cloud environments to meet ever-increasing demands in terms of portability, reliability and fast deployment. A Docker image includes all environmental dependencies required to run it, such as specific versions of system and third-party packages. Leveragin...
Preprint
Full-text available
Software systems often leverage on open source software libraries to reuse functionalities. Such libraries are readily available through software package managers like npm for JavaScript. Due to the huge amount of packages available in such package distributions, developers often decide to rely on or contribute to a software package based on its po...
Preprint
Full-text available
Packaging software into containers is becoming a common practice when deploying services in cloud and other environments. Docker images are one of the most popular container technologies for building and deploying containers. A container image usually includes a collection of software packages, that can have bugs and security vulnerabilities that a...
Conference Paper
Full-text available
Source code analysis tools are designed to analyze code artifacts with different intents, which span from improving the quality and security of the software to easing refactoring and reverse engineering activities. However, most tools do not come with features to periodically schedule their analysis or to be executed on a battery of repositories, a...
Conference Paper
Full-text available
Source code analysis tools are designed to analyze code artifacts with different intents, which span from improving the quality and security of the software to easing refactoring and reverse engineering activities. However, most tools do not come with features to periodically schedule their analysis or to be executed on a battery of repositories, a...
Conference Paper
Full-text available
Software library packages are constantly evolving and increasing in number. Not updating to the latest available release of dependent libraries may negatively affect software development by not benefiting from new functionality, vulnerability and bug fixes available in more recent versions. On the other hand, automatically updating to the latest re...
Conference Paper
Full-text available
Open source cloud computing solutions, such as CloudStack and Eucalyptus, have become increasingly popular in recent years. Despite this popularity, a better understanding of the factors influencing user adoption is still under active research. For example, increased project agility may lead to solutions that remain competitive in a rapidly evolvin...
Preprint
Full-text available
Many software development projects frequently rely on testing-related libraries to test the functionality of the software product automatically and efficiently. To obtain insights in the nature of the evolution of testing library usage, we empirically analyzed the usage of eight testing-related libraries in 6,424 open source Java projects hosted on...
Conference Paper
Full-text available
Software development projects frequently rely on testing-related libraries to test the functionality of the software product automatically and efficiently. Many such libraries are available for Java, and developers face a hard time deciding which libraries are most appropriate for their project, or when to migrate to a competing library. We empiric...

Network

Cited By

Projects

Projects (3)
Project
Software ecosystems are the most promising avenue for organzing the software needs of the digital era. Jointly funded by F.R.S.-FNRS and FWO-Vlaanderen, the Excellence of Science Project SECO-ASSIST aims to realize a scientific breakthrough to nurture the ecosystems of the future, by providing novel software recommendation techniques that address the resilience, evolvability, heterogeneity, and social interaction. To achieve this the project partners will combine their expertise in social networks (UMONS), software testing (UAntwerpen), software reuse (VUB), and database evolution (UNamur).
Project
The research program is organized in three research streams: A) Product quality in cloud-related software development projects B) Process quality in cloud-related software development C) Operations' quality in cloud systems
Project
The main goal of this project is to study and understand the database usage practices in data-intensive software systems (DISS), how these practices evolve over time, and how to improve upon these practices. During the proposed project we will develop a theoretical framework that will be empirically validated and calibrated through statistical analysis of the interaction between programs (source and executable code) and databases, in order to identify particular trends, trend breaks, usage patterns, bad practices and good practices, and in order to identify the most popular technologies and paradigm switches at a given point in time. We will also study the co-evolution between programs and databases, in order to identify evolutionary patterns and migration scenarios to different database technologies, and to provide recommendations when carrying out particular database evolution tasks.