Methodology for Validating Software Metrics
IEEE Transactions on Software Engineering
Data mining: practical machine learning tools and techniques with Java implementations
Data mining: practical machine learning tools and techniques with Java implementations
Emerald: Software Metrics and Models on the Desktop
IEEE Software
Code Churn: A Measure for Estimating the Impact of Code Change
ICSM '98 Proceedings of the International Conference on Software Maintenance
Toward a Software Testing and Reliability Early Warning Metric Suite
Proceedings of the 26th International Conference on Software Engineering
Use of relative code churn measures to predict system defect density
Proceedings of the 27th international conference on Software engineering
Predicting failures with developer networks and social network analysis
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Prioritizing software security fortification throughcode-level metrics
Proceedings of the 4th ACM workshop on Quality of protection
Toward Non-security Failures as a Predictor of Security Faults and Failures
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Author entropy vs. file size in the gnome suite of applications
MSR '09 Proceedings of the 2009 6th IEEE International Working Conference on Mining Software Repositories
Secure open source collaboration: an empirical study of linus' law
Proceedings of the 16th ACM conference on Computer and communications security
Strengthening the empirical analysis of the relationship between Linus' Law and software security
Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
IEEE Transactions on Software Engineering
The evolution of mobile apps: an exploratory study
Proceedings of the 2013 International Workshop on Software Development Lifecycle for Mobile
Hi-index | 0.00 |
A central part of software quality is finding bugs. One method of finding bugs is by measuring important aspects of the software product and the development process. In recent history, researchers have discovered evidence of a "code churn" effect whereby the degree to which a given source code file has changed over time is correlated with faults and vulnerabilities. Computing the code churn metric comes from counting source code differences in version control repositories. However, code churn does not take into account a critical factor of any software development team: the human factor, specifically who is making the changes. In this paper, we introduce a new class of human-centered metrics, "interactive churn metrics" as variants of code churn. Using the git blame tool, we identify the most recent developer who changed a given line of code in a file prior to a given revision. Then, for each line changed in a given revision, determined if the revision author was changing his or her own code ("self churn"), or the author was changing code last modified by somebody else ("interactive churn"). We derive and present several metrics from this concept. Finally, we conducted an empirical analysis of these metrics on the PHP programming language and its post-release vulnerabilities. We found that our interactive churn metrics are statistically correlated with post-release vulnerabilities and only weakly correlated with code churn metrics and source lines of code. The results indicate that interactive churn metrics are associated with software quality and are different from the code churn and source lines of code.