MSR 2020
Mon 29 - Tue 30 June 2020
co-located with ICSE 2020

“Software security is undoubtedly a major concern in today’s software engineering. Although the level of awareness of security issues is often high, practical experiences show that neither preventive actions nor reactions to possible issues are always addressed properly in reality. By analyzing large quantities of commits in the open-source communities, typical security-related activities can be categorized, as well as we can explore language peculiarities to learn and improve our security management processes and practices.
With the help of the Software Heritage Graph Dataset, we investigated the commits of two of the most popular script language - Python and JavaScript - projects collected from public repositories and identified those that might refer to security-related changes, vulnerability fixes in particular. On the one hand, we identified the types of security issues (in terms of CWE groups) referred to in commit messages and compared their numbers within the two communities. On the other hand, we examined the average time elapsing between the publish date of a security issue and the first reference to it in a commit. We found that there is a large intersection in the issue types addressed by the two communities, but most prevalent issues are specific to a language. Moreover, neither the JavaScript nor the Python community reacts very fast to appearing security issues.”

Mon 29 Jun
Times are displayed in time zone: (UTC) Coordinated Universal Time change

12:00 - 13:00: MSR Mining ChallengeMining Challenge / Technical Papers at MSR:Zoom2
Chair(s): Antoine PietriInria, Stefano ZacchiroliUniversité de Paris and Inria, Diomidis SpinellisAthens University of Economics and Business

Q/A & Discussion of Session Papers over Zoom (Joining info available on Slack)

12:00 - 12:20
Live Q&A
Mining Challenge
Pre-print Media Attached
12:20 - 12:40
Live Q&A
Mining Challenge
A: Avijit BhattacharjeeUniversity of Saskatchewan, Canada, A: Sristy Sumana Nath, A: Shurui ZhouCarnegie Mellon University, USA / University of Toronto, CA, A: Debasish Chakroborti, A: Banani RoyUniversity of Saskatchewan, A: Chanchal K. RoyUniversity of Saskatchewan, A: Kevin SchneiderUniversity of Saskatchewan
DOI Pre-print Media Attached
12:40 - 13:00
Live Q&A
Mining Challenge
Gabor Antal, Márton Keleti, A: Peter HegedusUniversity of Szeged
Pre-print Media Attached