Modern software relies heavily on open-source libraries, yet safely managing changes within these libraries remains challenging. Maintainers often lack constructive feedback or actionable guidance from their users to effectively evolve their projects. This project aims to address this gap by bridging the communication between maintainers and their users, fostering mutual support within the open-source community. By providing practical insights and useful tools, our ongoing work enables maintainers to proactively manage change and prevent issues before they impact users. Ultimately, this enhances software reliability, security, and maintainability: delivering direct value to businesses, developers, and supporting broader technological innovation.
Ongoing
Open-source components are now integral to nearly every modern software system. However, their dynamic and decentralized nature makes them a frequent source of vulnerabilities and operational risks. Without ongoing visibility into these components and their updates, organizations remain exposed to security flaws, compatibility issues, and compliance challenges. This project focuses on developing scalable techniques for the continuous monitoring of open-source software and its supply chain. Our goal is to help developers and organizations stay ahead of threats by detecting risky changes early, improving transparency, and enabling smarter dependency decisions. These efforts directly contribute to building more secure, stable, and trustworthy software systems across the industry.
Rachna Raj, Diego Elias Costa
International Conference on Software Engineering (ICSE)
Rachna Raj, Diego Elias Costa
MSR Mining Challenge, 2024
Suhaib Mujahid, Diego Elias Costa, Rabe Abdalkareem, Emad Shihab
ASE'23: IEEE/ACM International Conference on Automated Software Engineering
Diego Costa, Suhaib Mujahid, Rabe Abdalkareem, and Emad Shihab
IEEE Transactions on Software Engineering (TSE)