Coordination Practices for Software Quality Assurance Activities in Open-source Software Ecosystems

Thumbnail Image
Lin, Jia-Huei
Software Quality Assurance , Software Ecosystems , Vulnerabilities , Linux , WordPress
Open source software ecosystems continue to gain popularity and significant importance. A software ecosystem consists of tens of thousands of software projects with complex relations among them. Users can install these projects in any combination. Due to the complex relations among the projects and the diversity of combined installation of such projects, coordination between developers is necessary to ensure the quality of both their own projects and the entire ecosystem. For coordination for software quality assurance activities, a software ecosystem usually does not have guidelines for developers to ensure the quality of each software project. In this thesis, we leverage data from large-scale software ecosystems, i.e., Linux and WordPress, in an effort to gain a better understanding of the current coordination practices for software quality assurance. In particular, we examine four areas of coordination activities for software quality assurance in software ecosystems: upstream bug coordination, vulnerability coordination, vulnerability fixing and disclosure coordination, and release coordination of co-evolving software projects, all within an ecosystem. In this thesis, we discuss the motivation and approach to study these four areas of coordination activities and perform empirical studies on the software ecosystems. Our results suggest the need of automated tools to track upstream bug coordination to facilitate in-depth investigation. Developers across software ecosystems coordinate to develop a vulnerability fix but work parallelly afterward. Co-evolving software projects need coordination mechanisms as they interfere with each other due to shared resources.
External DOI