The role of library versions in Developer-ChatGPT conversations
Authors:
Rachna Raj, Diego Elias Costa
Venue:
MSR Mining Challenge, 2024
Dependency Management
Leveraging the Community to Support Open-Source Library Maintainers
Modern software relies heavily on open-source libraries, yet safely managing changes within these libraries remains challenging. Maintainers often lack constructive feedback or actionable guidance from their users to effectively evolve their projects. This project aims to address this gap by bridging the communication between maintainers and their users, fostering mutual support within the open-source community. By providing practical insights and useful tools, our ongoing work enables maintainers to proactively manage change and prevent issues before they impact users. Ultimately, this enhances software reliability, security, and maintainability: delivering direct value to businesses, developers, and supporting broader technological innovation.
Research Focus:
- How can we support open-source maintainers in better managing their software?
- How can information from software users help maintainers improve their software?
- Can tests from one software help make other software safer?
- Can looking at how people use software predict future problems?
Contacts:
Status:
Ongoing
Reducing Risks in Open-Source Software Through Continuous Monitoring
Open-source components are now integral to nearly every modern software system. However, their dynamic and decentralized nature makes them a frequent source of vulnerabilities and operational risks. Without ongoing visibility into these components and their updates, organizations remain exposed to security flaws, compatibility issues, and compliance challenges. This project focuses on developing scalable techniques for the continuous monitoring of open-source software and its supply chain. Our goal is to help developers and organizations stay ahead of threats by detecting risky changes early, improving transparency, and enabling smarter dependency decisions. These efforts directly contribute to building more secure, stable, and trustworthy software systems across the industry.
Research Focus:
- How can we automatically track and evaluate risks in open-source components?
- What techniques can detect problematic changes in libraries before they are adopted?
- Can we build systems that alert developers about vulnerabilities or outdated dependencies in real-time?
- How can we assess the trustworthiness of software supply chain over time?
Contact: Kawsar Ahmed Bhuiyan
Status: Ongoing
Related Publications:
Where to Go Now? Finding Alternatives for Declining Packages in the npm Ecosystem
Authors:
Suhaib Mujahid, Diego Elias Costa, Rabe Abdalkareem, Emad Shihab
Venue:
ASE'23: IEEE/ACM International Conference on Automated Software Engineering
Breaking Type-Safety in Go: An Empirical Study on the Usage of the unsafe Package
Authors:
Diego Costa, Suhaib Mujahid, Rabe Abdalkareem, and Emad Shihab
Venue:
IEEE Transactions on Software Engineering (TSE)