http://hdl.handle.net/1880/45354 Thu, 20 Jun 2013 09:27:37 GMT 2013-06-20T09:27:37Z http://hdl.handle.net/1880/48066 Title: Security Trend Analysis with CVE Topic Models Authors: Neuhaus, Stephan; Zimmermann, Thomas Abstract: We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast: PHP: declining, with occasional SQL injection. Buffer Overflows: flattening out after decline. Format Strings: in steep decline. SQL Injection and XSS: remaining strong, and rising. Cross-Site Request Forgery: a sleeping giant perhaps, stirring. Application Servers: rising steeply. Fri, 13 Aug 2010 16:35:56 GMT http://hdl.handle.net/1880/48066 2010-08-13T16:35:56Z http://hdl.handle.net/1880/47432 Title: Appendix to Information Needs in Bug Reports: Improving Cooperation Between Developers and Users Authors: Breu, Silvia; Premraj, Rahul; Sillito, Jonathan; Zimmermann, Thomas Abstract: This technical report contains all data that is needed to replicate the paper “Information Needs in Bug Reports: Improving Cooperation Between Developers and Users” to be published at CSCW 2010 in Savannah, Georgia, USA. The accompanying zip file contains bug reports, cards with categorization, and R scripts that were used in the study. Fri, 25 Sep 2009 15:03:56 GMT http://hdl.handle.net/1880/47432 2009-09-25T15:03:56Z http://hdl.handle.net/1880/47362 Title: Expert Recommendation with Usage Expertise Authors: Ma, David; Schuler, David; Zimmermann, Thomas; Sillito, Jonathan Abstract: Global and distributed software development increases the need to find and connect developers with relevant expertise. Existing recommendation systems typically model expertise based on file changes (implementation expertise). While these approaches have shown success, they require a substantial recorded history of development for a project. Previously, we have proposed the concept of usage expertise, i.e., expertise manifested through the act of calling (using) a method. In this paper, we assess the viability of this concept by evaluating expert recommendations for the ASPECTJ and ECLIPSE projects. We find that both usage and implementation expertise have comparable levels of accuracy, which suggests that usage expertise may be used as a substitute measure. We also find a notable overlap of method calls across both projects, which suggests that usage expertise can be leveraged to recommend experts from different projects and thus for projects with little or no history. Thu, 09 Jul 2009 17:28:15 GMT http://hdl.handle.net/1880/47362 2009-07-09T17:28:15Z http://hdl.handle.net/1880/47006 Title: Frequently Asked Questions in Bug Reports Authors: Breu, Silvia; Premraj, Rahul; Sillito, Jonathan; Zimmermann, Thomas Abstract: Bug tracking systems play a central role in software development since they allow users and developers to submit and discuss bugs and new features. To better understand information and communication needs in bug tracking, we analysed what questions are asked in bug reports. We sampled 600 bug reports from the MOZILLA and ECLIPSE projects and located 947 questions in the reports. Next, we used an open card sort and identified eight categories of questions, which can further be broken down into forty groups. We show the value of this catalogue of frequently asked questions with a large quantitative and qualitative study on when questions are asked and how they are answered. A consequence of our results is that constant user involvement is crucial for successful bug reports and that better tools are needed to support this. Mon, 23 Mar 2009 16:05:29 GMT http://hdl.handle.net/1880/47006 2009-03-23T16:05:29Z