Damian Andrew Tamburri

Eindhoven University of Technology | TUE · Jheronimus Academy of Data Science

Social debt is analogous to technical debt in many ways: it represents the state of software development organisations as the result of “accumulated” decisions. In the case of social debt, decisions are about people and their interactions. Our objective was to study the causality around social debt in practice. In so doing, we conducted exploratory...

“Social debt” in software engineering informally refers to unforeseen project cost connected to a “suboptimal” development community. The causes of suboptimal development communities can be many, ranging from global distance to organisational barriers to wrong or uninformed socio-technical decisions (i.e., decisions that influence both social and t...

Software development is increasingly carried out by developer communities in a global setting. One way to prepare for development success is to uncover and harmonize these communities to exploit their collective, collaborative potential. A proposed decision tree can help practitioners do this.

Software engineering evolved from a rigid process to a dynamic interplay of people (e.g. stakeholders or developers). Organizational and social literature call this interplay an organizational social structure (OSS). Software practitioners still lack a systematic way to select, analyze and support OSSs best fitting their problems (e.g. software dev...

Many architectural languages have been proposed in the last fifteen years, each one with the chief aim of becoming the ideal language for specifying software architectures. What is evident nowadays, instead, is that architectural languages are defined by stakeholder concerns. Capturing all such concerns within a single, narrowly focused notation is...

As quantum computing matures, organizations must engage early with the technology and eventually adopt it in their business operations to achieve a competitive edge. At the same time, quantum computing experts (e.g., researchers and technology providers) expect extensive input and collaboration with potential adopters to explore new application are...

A discussion on the need for coordinated, governed, data-driven computing education initiatives of the future.

As the most successful realization of serverless, function as a service (FaaS) brings in a novel cloud computing paradigm that can save operating costs, reduce management effort, enable seamless scalability, and augment development productivity. Migration of an existing application to the serverless architecture is, however, an intricate task as a...

Openpilot is a vast open-source semi-automated driving system developed by comma.ai, with 200+ contributors and 750K lines of code according to the OpenHub open-source community-tracking portal. On the one hand, the documentation available gives insights on what Openpilot is capable of doing, how to install it and how people can contribute to it, w...

Serverless computing shifts the responsibilities of provisioning and managing cloud infrastructure resources from developers to cloud service providers, allowing developers to focus solely on their applications. Function-as-a-Service (FaaS) is a serverless computing approach that enables developers to develop their applications as event-driven func...

Service continuity entails establishing an observable and explainable continuum between customer experience and service operations. Such continuum is currently established manually, via service customer management operations (such as service incident management (IM)) often resulting in time‐consuming, human‐detrimental, and error‐prone activities....

Priorities in multi-criteria decision-making (MCDM) convey the relevance preference of one criterion over another, which is usually reflected by imposing the non-negativity and unit-sum constraints. The processing of such priorities is different than other unconstrained data, but this point is often neglected by researchers, which results in fallac...

Priorities in multi-criteria decision-making (MCDM) convey the relevance preference of one criterion over another, which is usually reflected by imposing the non-negativity and unit-sum constraints. The processing of such priorities is different than other unconstrained data, but this point is often neglected by researchers, which results in fallac...

Data mesh is an emerging domain-driven decentralized data architecture that aims to minimize or avoid operational bottlenecks associated with centralized, monolithic data architectures in enterprises. The topic has picked the practitioners' interest, and there is considerable gray literature on it. At the same time, we observe a lack of academic at...

Technical debt occurs in many different forms across software artifacts. One such form is connected to software architectures where debt emerges in the form of structural anti-patterns across architecture elements, namely, architecture smells. As defined in the literature, ``Architecture smells are recurrent architectural decisions that negatively...

Going data intensive requires much effort not only in the design, but also in system/infrastructure configuration and deployment; most of these activities still happen via heavy manual fine-tuning and often costly trial-and-error experimentation.This book chapter introduces the field of data engineering; sets out to list the key desiderata of moder...

Big data has drawn huge attention from researchers and policy and decision makers in governments and enterprises. As the speed of information growth exceeded Moore’s law at the beginning of this new century, excessive data is making great troubles to businesses and organizations. Nevertheless, great potential and highly useful value are hidden in t...

Over the last years, we faced an exponential growth of illegal online market services in the Dark Web, making it easier than ever before of acquiring illicit goods online via a simple service interaction. To study and understand this emerging illegal services economy, we developed a trend analysis and (dark-)web services monitoring tool: SENSEI, wh...

Considering the massive increase in the number of crimes in the last decade, as well as the outlook toward smarter cities and more sustainable urban living, the emerging cyber-physical space (CPS) obtained by the interaction of such physical spaces with the cyber elements around them (e.g., think of Internet-of-Things devices or hyperconnected mobi...

Infrastructure‐as‐code (IaC) helps keep up with the demand for fast, reliable, high‐quality services by provisioning and managing infrastructures through configuration files. Those files ensure efficient and repeatable routines for system provisioning, but they might be affected by code smells that negatively affect quality and code maintenance. Re...

This special issue shows how the realm of infrastructure code has evolved to a status which—analyzed from a scientific perspective—can be considered mature, and rich in practices which can be seen as off-the-shelf approaches to continuous software engineering.

Machine learning is widely used to predict software defect-prone components, facilitating testing and improving application quality. In a recent meta-analysis on binary classification for software defect prediction, the so-called researcher bias —i.e., the group who conducts the study— has been shown to play a critical role; the analysis, however,...

Cloud applications are more and more microservice-oriented, but a concrete charting of the microservices architecture landscape -- namely, the space of technical options available for microservice software architects in their decision-making -- is still very much lacking, thereby limiting the ability of software architects to properly evaluate thei...

Blockchain architectures promise disruptive innovation but factually they pose many architectural restrictions to classical service-based applications and show considerable design, implementation, and operations overhead. Furthermore, the relation between such overheads and user benefits is not clear yet. To shed light on the aforementioned relatio...

Continuous Integration and Delivery (CI/CD) practices have shown several benefits for software development and operations, e.g., faster release cycles and early discovery of defects. For Cyber-Physical System (CPS) development, CI/CD can help achieving required goals, such as high dependability, yet it may be challenging to apply. This paper empiri...

p>Machine Learning Operations (MLOps) streamline the lifecycle of machine-learning models in production. In recent years, the topic has picked the interest of practitioners, and consequently, a considerable number of tools and gray literature on architecting MLOps environments has emerged. However, this has created a new problem for organizations:...

p>Machine Learning Operations (MLOps) streamline the lifecycle of machine-learning models in production. In recent years, the topic has picked the interest of practitioners, and consequently, a considerable number of tools and gray literature on architecting MLOps environments has emerged. However, this has created a new problem for organizations:...

In recent years, job advertisements through the web or social media represent an easy way to spread this information. However, social media are often a dangerous showcase of possibly labor exploitation advertisements. This paper aims to determine the potential indicators of labor exploitation for unskilled jobs offered in the Netherlands. Specifica...

Blockchain architectures promise disruptive innovation but factually they pose many architectural restrictions to classical service-based applications and show considerable design, implementation, and operations overhead. Furthermore, the relation between such overheads and user benefits is not clear yet. To shed light on the aforementioned relatio...

Linguistic anti-patterns are recurring poor practices concerning inconsistencies in the naming, documentation, and implementation of an entity. They impede the readability, understandability, and maintainability of source code. This paper attempts to detect linguistic anti-patterns in Infrastructure-as-Code (IaC) scripts used to provision and manag...

The deployment and management of Blockchain applications require non-trivial efforts given the unique characteristics of their infrastructure (i.e., immutability) and the complexity of the software systems being executed. The operation of Blockchain applications is still based on ad-hoc solutions that are error-prone, difficult to maintain and evol...

Internet of things (IoT) technologies are becoming a more and more widespread part of civilian life in common urban spaces, which are rapidly turning into cyber–physical spaces. Simultaneously, the fear of terrorism and crime in such public spaces is ever‐increasing. Due to the resulting increased demand for security, video‐based IoT surveillance s...

The speeding growth of the IT market and the spreading of disruptive technologies are leading towards more and more risky operations in need of constant upkeep, monitoring as well as proactive orchestration. On the one hand, the property allowing a system to be catered by automated monitoring and healing technology is defined as observability . On...

DevOps has become increasingly widespread, with companies employing its methods in different fields. In this context , MLOps automates Machine Learning pipelines by applying DevOps practices. Considering the high number of tools available and the high interest of the practitioners to be supported by tools to automate the steps of Machine Learning p...

This work consolidates and compounds previous investigations in recognizing defects for infrastructure‐as‐code (IaC) scripts using general software development quality metrics with a focus on defect severity but adding to previous work an explorative look at creating datasets, which may boost the predictive power of provided models—we call this not...

Internet of things (IoT) technologies are becoming a more and more widespread part of civilian life in common urban spaces, which are rapidly turning into cyber-physical spaces. Simultaneously, the fear of terrorism and crime in such public spaces is ever-increasing. Due to the resulting increased demand for security, video-based IoT surveillance s...

K-Anonymity is a property for the measurement, management, and governance of the data anonymization. Many implementations of k-anonymity have been described in state of the art, but most of them are not able to work with a large number of attributes in a "Big" dataset, i.e., a dataset drawn from Big Data. To address this significant shortcoming, we...

Social debts in software teams are gaining increasing attention from the research community due to their potential adverse effects on software quality. For instance, community smells are indicators of sub-optimal organizational structures and may well lead to the emergence of social debt. Previous studies analyzed which factors influence the emerge...

The increasing heterogeneity of the VM offerings on public IaaS clouds gives rise to a very large number of deployment options for constructing distributed, multi-component cloud applications. However, selecting an appropriate deployment variant , i.e., a valid combination of deployment options, to meet required performance levels is non-trivia...

Forming members of an organisation into coherent groups or teams is an important issue in any large-scale software engineering endeavour, especially so in agile software development where teams rely heavily on self-organisation and organisational flexibility. But is there a recurrent organisational structure pattern in agile software engineering te...

Heterogeneous applications are getting more and more complex, making the authoring of their deployment models an error-prone and demanding task. Heterogeneous resources also make performance optimization of applications complex. In this chapter, we will present the quality assurance and application optimization support of the SODALITE framework, wh...

Data deluge is growing exponentially, but the consumption of the data is not growing at the same pace. DataOps is an emerging family of techniques and tools that harnesses the potential of data continuously whilst incrementally using complex cloud systems orchestration techniques. This paper offers a proof-of-concept implementation of a DataOps pip...

This article introduces a novel DevOps methodology for serverless software delivery and evolution, developed and tested on three large-scale industrial case studies in the scope of the European Union (EU) Horizon-2020 Framework Programme within a Research and Innovation Action (RIA) called RADON. RADON aimed at developing a DevOps framework to crea...

Travel time information is used as input or auxiliary data for tasks such as dynamic navigation, infrastructure planning, congestion control, and accident detection. Various data-driven Travel Time Prediction (TTP) methods have been proposed in recent years. One of the most challenging tasks in TTP is developing and selecting the most appropriate p...

Data originating from open-source software projects provide valuable information to enhance software quality. In the scope of Software Defect Prediction, one of the most challenging parts is extracting valid data about failure-prone software components from these repositories, which can help develop more robust software. In particular, collecting d...

The open-source phenomenon has reached unimaginable proportions to a point in which it is virtually impossible to find large applications that do not rely on open-source as well. However, such proportions may turn into a risk if the organizational and socio-technical aspects (e.g., the contribution and release schemes) behind open-source communitie...

Software engineering projects are now more than ever a community effort. In the recent past, researchers have shown that their success not only depends on source code quality, but also on other aspects like the balance of power distance, culture, and global engineering practices, and more. In such a scenario, understanding the characteristics of th...

Data Markets are becoming increasingly popular but are very challenging to deploy and maintain successfully. We discuss some of the challenges related to the success of data markets, focusing particularly on the diverse challenge of assessing data quality. We introduce a novel, holistic approach whereby a blockchain-based smart contract called a Qu...

Quantum computing is quickly turning from a promise to reality, witnessing the launch of several cloud-based services that provide access to quantum resources, simulators, runtimes, and programming tools, all through the cloud. Unfortunately, however, existing solutions typically implicitly assume intimate knowledge about quantum computing concepts...

IoT-based applications need to be dynamically orchestrated on cloud-edge infrastructures for reasons such as performance, regulations, or cost. In this context, a crucial problem is facilitating the work of DevOps teams in deploying, monitoring, European Commission grant no. 825480 (H2020), SODALITE. and managing such applications by providing nece...

Three of the key impediments that need to be addressed to unlock the true potential of smart contract-based applications include: (i) a lack of operational capabilities to leverage trustworthiness, (ii) limited ability for reuse in volatile and heterogenous application contexts, and (iii) inherent coding complexity that hinders not only involvement...

Background: Technical Debt is a consolidated notion in software engineering research and practice. However, the estimation of its impact (interest of the debt) is still imprecise and requires heavy empirical and experimental inquiry. Objective: We aim at developing a data-driven approach to calculate the interest of Technical Debt in terms of delay...

This paper describes a large-scale empirical study investigating the relevance of socio-technical congruence over key basic software quality metrics, namely, bugs and churn. That is, we explore whether alignment or misalignment of social communication structures and technical dependencies in large software projects influences software quality. To t...

We report on a large-scale empirical study investigating the relevance of socio-technical congruence over key basic software quality metrics, namely, bugs and churn. In particular, we explore whether alignment or misalignment of social communication structures and technical dependencies in large software projects influences software quality. To thi...

\ell_1$ regularization has been used for logistic regression to circumvent the overfitting and use the estimated sparse coefficient for feature selection. However, the challenge of such a regularization is that the $\ell_1$ norm is not differentiable, making the standard algorithms for convex optimization not applicable to this problem. This paper...

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS dependencies. In this paper, we study the extent to which the output of off-the-shelf static code analyzers can b...