Maximilian Steff's research while affiliated with Free University of Bozen-Bolzano and other places

Publications (8)

Article
This paper evaluates a metric suite to predict vulnerable Java classes based on how much the design of an application has changed over time. It refers to this concept as design churn in analogy with code churn. Based on a validation on 10 Android applications, it shows that several design churn metrics are in fact significantly associated with vuln...
Article
Code changes propagate. Type, frequency, size of changes typically explain and even predict impact of changes in software products. What can changes tell about software processes? In this study, we propose a novel method to render software processes by graphs of linked commits as carriers of change information. Mining histories in such commit graph...
Conference Paper
We present commit graphs, a graph representation of the commit history in version control systems. The graph is structured by commonly changed files between commits. We derive two analysis patterns relating to bug-fixing commits and system modularity.
Conference Paper
Release Planning is the process of decision making about what features are to be implemented (or revised) in which release of a software product. While release planning for proprietary software products is well-studied, little investigation has been performed for open source products. Various types of feature dependencies are known to impact both t...
Conference Paper
Full-text available
Many approaches to determine the fault-proneness of code artifacts rely on historical data of and about these artifacts. These data include the code and how it was changed over time, and information about the changes from version control systems. Each of these can be considered at different levels of granularity. The level of granularity can substa...
Article
Full-text available
Logical couplings between files in the commit history of a software repository are instances of files being changed together. The evolution of couplings over commits' history has been used for the localization and prediction of software defects in software reliability. Couplings have been represented in class graphs and change histories on the clas...
Conference Paper
Full-text available
Since its origins, the diffusion of the OSS phenomenon and the information about it has been entrusted to the Internet and its virtual communities of developers. This public mass of data has attracted the interest of researchers and practitioners aiming at formalizing it into a body of knowledge. To this aim, in 2005, a new series of conferences on...
Conference Paper
Full-text available
While there are many software metrics measuring the architecture of a system and its quality, few are able to assess architectural change qualitatively. Given the sheer size and complexity of current software systems, modifying the architecture of a system can have severe, unintended consequences. We present a method to measure architectural change...

Citations

... Using this data, we explore four research questions to see whether HARMLESS can better resolve the aforementioned limitations of traditional VPMs: RQ1: Can human inspection effort be saved by applying HARMLESS to find a certain percentage of vulnerabilities? Simulated on the Mozilla Firefox data without prior known vulnerabilities as training data, we show that 60, 70, 80, 90, 95, 99% of the known vulnerabilities can be found by inspecting around 6,8,10,16,20, 34% of the source code files, respectively. These results show that a good amount of human effort can be saved by applying HARMLESS. ...
... We used commit graphs in [1] and [3]. In [1], we examined the incidence of bug-fixing commits in commit histories and the topological properties of commits in the commit graph. ...
Reference: Commit graphs
... In this paper, we focus on a view on software architecture that describes the relations among source files. In that regard, mining version control systems has been widely accepted as the justified approach to retrieving information on changes associated with bug fixes, and, thus, on decaying components of a software system [4][5][6][7]. Based on historical and structural data derived from many projects' repositories, as well as on Baldwin and Clark's design rule theory [8], a group of researchers proposed and empirically validated a suite of hotspot patterns, which are the rules for determining recurring architectural problems that occur in complex software systems and incur high maintenance costs [3], [9][10][11]. ...
... Steff and Russo [86,87] presented a Neighborhood Hash Kernel (NHK) based method for detecting structural changes (including refactorings) between classes and dependencies (defined as fan-out count). Fan-out implicitly covers added and deleted dependencies. ...
... Furthermore, the focus of OSS prediction studies in general has been restricted to a small number of projects, which limits the generalizability of the methods and results. Such claims thus need empirical evidence (Russo;Mulazzani;Russo;& Steff, 2011). In this paper, we present a literature review with the aim to provide an in-depth analysis of the prediction research work targeted at analyzing open source projects. ...