MSR 2020
Mon 29 - Tue 30 June 2020
co-located with ICSE 2020

“Software security is undoubtedly a major concern in today’s software engineering. Although the level of awareness of security issues is often high, practical experiences show that neither preventive actions nor reactions to possible issues are always addressed properly in reality. By analyzing large quantities of commits in the open-source communities, typical security-related activities can be categorized, as well as we can explore language peculiarities to learn and improve our security management processes and practices.
With the help of the Software Heritage Graph Dataset, we investigated the commits of two of the most popular script language - Python and JavaScript - projects collected from public repositories and identified those that might refer to security-related changes, vulnerability fixes in particular. On the one hand, we identified the types of security issues (in terms of CWE groups) referred to in commit messages and compared their numbers within the two communities. On the other hand, we examined the average time elapsing between the publish date of a security issue and the first reference to it in a commit. We found that there is a large intersection in the issue types addressed by the two communities, but most prevalent issues are specific to a language. Moreover, neither the JavaScript nor the Python community reacts very fast to appearing security issues.”

Mon 29 Jun
Times are displayed in time zone: (UTC) Coordinated Universal Time change

12:00 - 13:00: MSR Mining ChallengeMining Challenge / Technical Papers at MSR:Zoom2
Chair(s): Antoine PietriInria, Stefano ZacchiroliUniversité de Paris and Inria, Diomidis SpinellisAthens University of Economics and Business

Q/A & Discussion of Session Papers over Zoom (Joining info available on Slack)

12:00 - 12:20
Live Q&A
Cheating Death: A Statistical Survival Analysis of Publicly Available Python ProjectsMSR - Mining Challenge
Mining Challenge
Pre-print Media Attached
12:20 - 12:40
Live Q&A
An investigation to find motives behind cross-platform forks from Software Heritage datasetMSR - Mining Challenge
Mining Challenge
A: Avijit BhattacharjeeUniversity of Saskatchewan, Canada, A: Sristy Sumana NathDepartment of Computer Science, University of Saskatchewan, A: Shurui ZhouCarnegie Mellon University, USA / University of Toronto, CA, A: Debasish Chakroborti, A: Banani RoyUniversity of Saskatchewan, A: Chanchal K. RoyUniversity of Saskatchewan, A: Kevin SchneiderUniversity of Saskatchewan
DOI Pre-print Media Attached
12:40 - 13:00
Live Q&A
Exploring the Security Awareness of the Python and JavaScript Open Source CommunitiesMSR - Mining Challenge
Mining Challenge
Gabor Antal, Márton Keleti, A: Peter HegedusUniversity of Szeged
Pre-print Media Attached