SlideShare a Scribd company logo

Analyzing Technical Lag in Open-Source Software

Ahmed Zerouali
Ahmed Zerouali

PhD thesis for more details: https://doi.org/10.13140/RG.2.2.14414.41287

Software
1 of 67
Download to read offline
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 1 16:00 Ahmed Zerouali Public PhD Defense “A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems”
A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Presented by: Ahmed Zerouali Advisor: Dr. Tom Mens Public PhD Defense Software Engineering Lab, Université de Mons - Belgium, 4 September 2019 Jury: Dr. Olivier Delgrange Dr. Alexandre Decan Dr. Jesus Gonzalez-Barahona Dr. Alexander Serebrenik
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Belgian Excellence of Science Research Project 2018- 2021 https://secoassist.github.io/ 3
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Background 4
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Focus IssuesUp-to-date 5
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Focus Don’t updateUpdate How can we help software developers to decide when and why they should update 6 ?
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Published papers 7
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag 8
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background Technical lag¹: the increasing difference between deployed software packages and the ideal available upstream packages. ¹ Gonzalez-Barahona, et al. "Technical Lag in Software Compilations: Measuring How Outdated a Software Deployment Is." IFIP International Conference on Open Source Systems. Springer, Cham, 2017. ➢ Ideal: stability, security, functionality, recency, etc. ➢ Difference: version updates, bugs, vulnerabilities, lines of code, commits, etc. 9
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background Credits: https://exploring-data.com/vis/npm-packages-dependencies/ +20M dependencies 10
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background package.json 11
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background 12 Semantic Versioning Examples: 0.0.1, 1.0.0, 1.2.3, 1.2.3-beta
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background Other: *, ==1.2.3, >1.2.3, <1.2.3, 1.2.x, 1.x.x 13
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Example 14 1.0.1 3.6.0 * 1.2.0 allowed 4.0.0 ^1.0.0 ^1.0.0 = [ 1.0.0, 2.0.0 [ dependent package P required package D up-to-date dependency
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Example 15 1.0.1 1.2.0 2.0.1 3.6.0 4.0.0 2.0.0 * ^1.0.0 = [ 1.0.0, 2.0.0 [ allowed 4.1.0 missing updates dependent package P required package D outdated ^1.0.0 dependency
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Example 16
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Followed research approach Qualitative analysis: surveys and interviews Tooling Quantitative analysis Technical lag formal framework Mixed-methods approach 17
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Qualitative analysis: surveys and interviews Tooling Quantitative analysis Mixed-methods approach Technical lag formal framework 18
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag > Qualitative analysis Semi-structured Interviews: ➢ 5 software practitioners ➢ Place: FOSDEM 2019 ➢ Highly educated interviewees with an average of 10 years of experience 19 Technical Lag is important, especially if we mix between the benefits of updating and the effort needed to do that.
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag > Qualitative analysis Online surveys: ➢ 17 candidates (from facebook groups) ➢ Highly educated interviewees with an average of 3 years of experience MCQ: What would be the most appropriate (ideal) version of a software library to use? 20 ★ Most stable (14) ★ Latest available (9) ★ Most documented (7) ★ Most secure (5)
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Qualitative analysis: surveys and interviews Tooling Quantitative analysis Mixed-methods approach Technical lag formal framework 21
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag 22 ∆ version ∆ time ∆ bugs ∆ vulnerabilities
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag ● is a set of component releases ● is a set of possible lag values ● ideal : → is a function returning the “ideal” component release ● delta : x → is a function computing the difference between two component releases ● agg : is a function aggregating the results of a set of lags 23
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag 24 Given a technical lag framework , we define: Aggregated Technical lag Technical lag Let be a set of components, then:
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Qualitative analysis: surveys and interviews Tooling Quantitative analysis Mixed-methods approach Technical lag formal framework 25
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag > Framework Instantiation 26
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages 27
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 28 Technical Lag in npm Packages Time-based instantiation of : ➢ Ideal: Highest available version ➢ Delta: Time Lag = date(ideal) - date(used) ➢ Aggregation: Max
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 29 Technical Lag in npm Packages Version-based instantiation of : ➢ Ideal: Highest available version ➢ Delta: Version lag = (∆Major, ∆Minor, ∆Patch) ➢ Aggregation: Sum
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 30 Technical Lag in npm Packages > Time-based instantiation 1.0.1 1.1.0 2.0.01.2.0 2.0.1 Dependent package Technical lag time lag = date(2.0.1) - date(1.1.0) Required package
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 31 Technical Lag in npm Packages > Version-based instantiation 1.0.1 1.1.0 2.0.01.2.0 2.0.1 Dependent package Technical lag 1 minor time lag = date(2.0.1) - date(1.1.0) Required package
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 32 Technical Lag in npm Packages > Version-based instantiation 1.0.1 1.1.0 2.0.01.2.0 2.0.1 Dependent package Technical lag 1 minor time lag = date(2.0.1) - date(1.1.0) 1 major Required package
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 33 Technical Lag in npm Packages > Version-based instantiation 1.0.1 1.1.0 2.0.01.2.0 2.0.1 Dependent package Technical lag 1 minor time lag = date(2.0.1) - date(1.1.0) version lag = (1 major, 1 minor ,1 patch) 1 major 1 patch Required package
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages > Example Time-based technical lag for the package debug: - ideal (2.6.9) = 3.1.0 - time_lag(2.6.9) = 26-09-2017 - 22-09-2017 = 4 days - version_lag(2.6.9) = (1,1,1) 34
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages > Example Time-based technical lag for the package ms: - time_lag(2.0.0) = 198 days 35
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages > Example Aggregated Time-based technical lag for the package release youtube-player@5.5.0: - time_lag(debug@2.6.9) = 4 days - time_lag(ms@2.0.0) = 198 days ➔ agglag({debug@2.6.9, ms@2.0.0}) = max (4 days, 198 days) = 198 days 36
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages New package releases have an increased technical lag. Technical lag is induced by version constraints Time lag induced by direct dependencies in npm package releases: 37
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages Time lag induced by transitive runtime dependencies in npm package releases: Technical lag is accumulated from a level to another in the dependency tree. 38
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm applications
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm applications Time lag induced by direct dependencies in GitHub applications: Technical lag in GitHub applications is higher than in npm package releases 40
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Docker Containers 41
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Background 42 ● Containers are isolated bundles of software packages ● Docker is one of the main tools for containerisation ● DockerHub is the largest repository for container images
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Background 43 What are the biggest barriers to putting containers in a production environment? - ClusterHQ
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Background 44
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Focus 45
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Background 1.0.1 1.1.0 2.0.01.2.1 2.1.0 Docker container C Technical lag technical lag = ∆ Versions (freshness) ∆ Vulnerabilities (security) ∆ Bugs (stability) Ideal Version deployed container Included Package version Available releases of a Debian package 46
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Software Freshness The majority of packages in Debian containers is up-to-date... … but most of the images contain outdated packages. How outdated are images? IDEAL = LATEST 47
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Software Freshness Outdated Debian packages in Docker containers induce a median version lag of 1 version. What is the version lag induced by the used Debian package releases? IDEAL = LATEST 48
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Software Security The number of vulnerabilities depends on the Debian release, and is moderately correlated with the number of outdated packages in a container. 49
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Software Security Few packages (2.5%) need to be downgraded in order to have the most secure version. Can we reduce security lag in DockerHub container images? IDEAL = Most Secure 50
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Survey 51
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers 52 1 out of 3 depending on a vulnerable npm package never update their dependency and remain vulnerable A. Decan et al. “On the impact of security vulnerabilities in the npm package dependency network”, MSR 2018. "37% of websites include a JavaScript library with a known open source vulnerability” T. Lauinger et al. "Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web", NDSS 2017. So what about Docker containers having npm packages? Security vulnerabilities in npm JavaScript
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers 53 ★ Old Node images might be missing many updates, including one major update. ★ All official Node-based images have vulnerable npm packages, with an average of 16 security vulnerabilities per image. ★ Older images are more likely to have more vulnerabilities.
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Qualitative analysis: surveys and interviews Tooling Quantitative analysis Mixed-methods approach Technical lag formal framework 54
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems ConPan: A tool to analyze packages in software containers > Existing tools 55
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems (*): https://github.com/neglectos/ConPan ConPan(*): “CONtainer Packages ANalyzer” ConPan: A tool to analyze packages in software containers > Overview 56
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Example: $ conpan -p debian -c google/mysql -d ~/ConPan/data/debian/ ConPan: A tool to analyze packages in software containers > From the CLI 57
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems ConPan: A tool to analyze packages in software containers > From the API 58
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems ConPan: A tool to analyze packages in software containers > From the API 59
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems ConPan: A tool to analyze packages in software containers > From the API 60
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Summary and Outlook 61
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Summary 62
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Future Work ● Other instantiations of the technical lag ○ Effort needed to reduce the technical lag ● Extend and enhance ConPan ● Cross ecosystems comparison ● Promote technical lag to be used by software developers 63
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Conclusion The technical lag could help open source software developers and deployers to keep their software in a healthy shape. 64
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems https://github.com/neglectos/PhD_Dissertation
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 66 Evolution of Dependency constraints in npm packages - Caret (^) usage is increasing over time. - Caret introduction coincides with Major version lag increase.
PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 67 The usage of strict constraint is much higher in external applications Evolution of Dependency constraints in GitHub applications

Recommended

Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Tom Mens
 
130705 zephyrin soh - how developers spend their effort during maintenance ...
130705 zephyrin soh - how developers spend their effort during maintenance ...130705 zephyrin soh - how developers spend their effort during maintenance ...
130705 zephyrin soh - how developers spend their effort during maintenance ...Ptidej Team
 
Cloud Resilience with Open Stack
Cloud Resilience with Open StackCloud Resilience with Open Stack
Cloud Resilience with Open StackJorge Cardoso
 
Rafail Brouzos thesis
Rafail Brouzos thesisRafail Brouzos thesis
Rafail Brouzos thesisManos Tsardoulias
 
ICSE2013
ICSE2013ICSE2013
ICSE2013swy351
 
ICSE2014
ICSE2014ICSE2014
ICSE2014swy351
 
MTV15
MTV15MTV15
MTV15Rico Angell
 
Runtime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsRuntime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsIRJET Journal
 

Recommended

Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Tom Mens
 
130705 zephyrin soh - how developers spend their effort during maintenance ...
130705 zephyrin soh - how developers spend their effort during maintenance ...130705 zephyrin soh - how developers spend their effort during maintenance ...
130705 zephyrin soh - how developers spend their effort during maintenance ...Ptidej Team
 
Cloud Resilience with Open Stack
Cloud Resilience with Open StackCloud Resilience with Open Stack
Cloud Resilience with Open StackJorge Cardoso
 
Rafail Brouzos thesis
Rafail Brouzos thesisRafail Brouzos thesis
Rafail Brouzos thesisManos Tsardoulias
 
ICSE2013
ICSE2013ICSE2013
ICSE2013swy351
 
ICSE2014
ICSE2014ICSE2014
ICSE2014swy351
 
MTV15
MTV15MTV15
MTV15Rico Angell
 
Runtime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsRuntime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsIRJET Journal
 
On the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsOn the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsTom Mens
 
ProDebt's Lessons Learned from Planning Technical Debt Strategically
ProDebt's Lessons Learned from Planning Technical Debt StrategicallyProDebt's Lessons Learned from Planning Technical Debt Strategically
ProDebt's Lessons Learned from Planning Technical Debt StrategicallyQAware GmbH
 
On the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency networkOn the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency networkeconst
 
Technical lag in npm and docker ecosystems
Technical lag in npm and docker ecosystemsTechnical lag in npm and docker ecosystems
Technical lag in npm and docker ecosystemsAhmed Zerouali
 
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...University of Antwerp
 
Measuring Your Code
Measuring Your CodeMeasuring Your Code
Measuring Your CodeNate Abele
 
An Empirical Analysis of Technical Lag in npm Package Dependencies
An Empirical Analysis of Technical Lag in npm Package DependenciesAn Empirical Analysis of Technical Lag in npm Package Dependencies
An Empirical Analysis of Technical Lag in npm Package DependenciesAhmed Zerouali
 
In cluster open source testing framework - Microservices Meetup
In cluster open source testing framework - Microservices MeetupIn cluster open source testing framework - Microservices Meetup
In cluster open source testing framework - Microservices MeetupNeil Gehani
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesTao Xie
 
Periodic Table of Agile Principles and Practices
Periodic Table of Agile Principles and PracticesPeriodic Table of Agile Principles and Practices
Periodic Table of Agile Principles and PracticesJérôme Kehrli
 
Recent Research in Search Based Software Testing
Recent Research in Search Based Software TestingRecent Research in Search Based Software Testing
Recent Research in Search Based Software Testingjfrchicanog
 
Agile Development in a Regulated Environment
Agile Development in a Regulated EnvironmentAgile Development in a Regulated Environment
Agile Development in a Regulated EnvironmentTechWell
 
36x48_new_modelling_cloud_infrastructure
36x48_new_modelling_cloud_infrastructure36x48_new_modelling_cloud_infrastructure
36x48_new_modelling_cloud_infrastructureWashington Garcia
 
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...Sauce Labs
 
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINAL
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINALJun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINAL
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINALAlex Tarra
 
20101026 ASAP Seminar
20101026 ASAP Seminar20101026 ASAP Seminar
20101026 ASAP SeminarJonathan Blakes
 
Software Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringSoftware Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringTao Xie
 
QRS16: NOTICE: A Framework for Non-functional Testing of Compilers
QRS16: NOTICE: A Framework for Non-functional Testing of CompilersQRS16: NOTICE: A Framework for Non-functional Testing of Compilers
QRS16: NOTICE: A Framework for Non-functional Testing of CompilersMohamed BOUSSAA
 
Technical Lag in Software Ecosystems
Technical Lag in Software EcosystemsTechnical Lag in Software Ecosystems
Technical Lag in Software EcosystemsAhmed Zerouali
 
Scientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & SociologyScientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & SociologyNeil Chue Hong
 
Prevalence and Evolution of License Violations in npm and RubyGems Dependency...
Prevalence and Evolution of License Violations in npm and RubyGems Dependency...Prevalence and Evolution of License Violations in npm and RubyGems Dependency...
Prevalence and Evolution of License Violations in npm and RubyGems Dependency...Ahmed Zerouali
 
Analysis And Observations Of The Evolution Of Testing Library Usage
Analysis And Observations Of The Evolution Of Testing Library UsageAnalysis And Observations Of The Evolution Of Testing Library Usage
Analysis And Observations Of The Evolution Of Testing Library UsageAhmed Zerouali
 

More Related Content

Similar to Analyzing Technical Lag in Open-Source Software

On the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsOn the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsTom Mens
 
ProDebt's Lessons Learned from Planning Technical Debt Strategically
ProDebt's Lessons Learned from Planning Technical Debt StrategicallyProDebt's Lessons Learned from Planning Technical Debt Strategically
ProDebt's Lessons Learned from Planning Technical Debt StrategicallyQAware GmbH
 
On the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency networkOn the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency networkeconst
 
Technical lag in npm and docker ecosystems
Technical lag in npm and docker ecosystemsTechnical lag in npm and docker ecosystems
Technical lag in npm and docker ecosystemsAhmed Zerouali
 
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...University of Antwerp
 
Measuring Your Code
Measuring Your CodeMeasuring Your Code
Measuring Your CodeNate Abele
 
An Empirical Analysis of Technical Lag in npm Package Dependencies
An Empirical Analysis of Technical Lag in npm Package DependenciesAn Empirical Analysis of Technical Lag in npm Package Dependencies
An Empirical Analysis of Technical Lag in npm Package DependenciesAhmed Zerouali
 
In cluster open source testing framework - Microservices Meetup
In cluster open source testing framework - Microservices MeetupIn cluster open source testing framework - Microservices Meetup
In cluster open source testing framework - Microservices MeetupNeil Gehani
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesTao Xie
 
Periodic Table of Agile Principles and Practices
Periodic Table of Agile Principles and PracticesPeriodic Table of Agile Principles and Practices
Periodic Table of Agile Principles and PracticesJérôme Kehrli
 
Recent Research in Search Based Software Testing
Recent Research in Search Based Software TestingRecent Research in Search Based Software Testing
Recent Research in Search Based Software Testingjfrchicanog
 
Agile Development in a Regulated Environment
Agile Development in a Regulated EnvironmentAgile Development in a Regulated Environment
Agile Development in a Regulated EnvironmentTechWell
 
36x48_new_modelling_cloud_infrastructure
36x48_new_modelling_cloud_infrastructure36x48_new_modelling_cloud_infrastructure
36x48_new_modelling_cloud_infrastructureWashington Garcia
 
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...Sauce Labs
 
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINAL
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINALJun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINAL
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINALAlex Tarra
 
Software Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringSoftware Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringTao Xie
 
QRS16: NOTICE: A Framework for Non-functional Testing of Compilers
QRS16: NOTICE: A Framework for Non-functional Testing of CompilersQRS16: NOTICE: A Framework for Non-functional Testing of Compilers
QRS16: NOTICE: A Framework for Non-functional Testing of CompilersMohamed BOUSSAA
 
Technical Lag in Software Ecosystems
Technical Lag in Software EcosystemsTechnical Lag in Software Ecosystems
Technical Lag in Software EcosystemsAhmed Zerouali
 
Scientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & SociologyScientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & SociologyNeil Chue Hong
 

Similar to Analyzing Technical Lag in Open-Source Software (20)

On the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsOn the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystems
 
ProDebt's Lessons Learned from Planning Technical Debt Strategically
ProDebt's Lessons Learned from Planning Technical Debt StrategicallyProDebt's Lessons Learned from Planning Technical Debt Strategically
ProDebt's Lessons Learned from Planning Technical Debt Strategically
 
On the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency networkOn the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency network
 
Technical lag in npm and docker ecosystems
Technical lag in npm and docker ecosystemsTechnical lag in npm and docker ecosystems
Technical lag in npm and docker ecosystems
 
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...
Keynote VST2020 (Workshop on Validation, Analysis and Evolution of Software ...
 
Measuring Your Code
Measuring Your CodeMeasuring Your Code
Measuring Your Code
 
An Empirical Analysis of Technical Lag in npm Package Dependencies
An Empirical Analysis of Technical Lag in npm Package DependenciesAn Empirical Analysis of Technical Lag in npm Package Dependencies
An Empirical Analysis of Technical Lag in npm Package Dependencies
 
In cluster open source testing framework - Microservices Meetup
In cluster open source testing framework - Microservices MeetupIn cluster open source testing framework - Microservices Meetup
In cluster open source testing framework - Microservices Meetup
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and Challenges
 
Periodic Table of Agile Principles and Practices
Periodic Table of Agile Principles and PracticesPeriodic Table of Agile Principles and Practices
Periodic Table of Agile Principles and Practices
 
Recent Research in Search Based Software Testing
Recent Research in Search Based Software TestingRecent Research in Search Based Software Testing
Recent Research in Search Based Software Testing
 
Agile Development in a Regulated Environment
Agile Development in a Regulated EnvironmentAgile Development in a Regulated Environment
Agile Development in a Regulated Environment
 
36x48_new_modelling_cloud_infrastructure
36x48_new_modelling_cloud_infrastructure36x48_new_modelling_cloud_infrastructure
36x48_new_modelling_cloud_infrastructure
 
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...
Slow, Flaky and Legacy Tests: FTFY - Our New Testing Strategy at Net-A-Porter...
 
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINAL
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINALJun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINAL
Jun 08 - PMWT Featured Paper -Tarabykin - XP PAPER - FINAL
 
20101026 ASAP Seminar
20101026 ASAP Seminar20101026 ASAP Seminar
20101026 ASAP Seminar
 
Software Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringSoftware Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software Engineering
 
QRS16: NOTICE: A Framework for Non-functional Testing of Compilers
QRS16: NOTICE: A Framework for Non-functional Testing of CompilersQRS16: NOTICE: A Framework for Non-functional Testing of Compilers
QRS16: NOTICE: A Framework for Non-functional Testing of Compilers
 
Technical Lag in Software Ecosystems
Technical Lag in Software EcosystemsTechnical Lag in Software Ecosystems
Technical Lag in Software Ecosystems
 
Scientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & SociologyScientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & Sociology
 

More from Ahmed Zerouali

Prevalence and Evolution of License Violations in npm and RubyGems Dependency...
Prevalence and Evolution of License Violations in npm and RubyGems Dependency...Prevalence and Evolution of License Violations in npm and RubyGems Dependency...
Prevalence and Evolution of License Violations in npm and RubyGems Dependency...Ahmed Zerouali
 
Analysis And Observations Of The Evolution Of Testing Library Usage
Analysis And Observations Of The Evolution Of Testing Library UsageAnalysis And Observations Of The Evolution Of Testing Library Usage
Analysis And Observations Of The Evolution Of Testing Library UsageAhmed Zerouali
 
On Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm PackagesOn Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm PackagesAhmed Zerouali
 
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...Ahmed Zerouali
 
A multi-dimensional analysis of technical lag in Debian-based Docker images
A multi-dimensional analysis of technical lag in Debian-based Docker imagesA multi-dimensional analysis of technical lag in Debian-based Docker images
A multi-dimensional analysis of technical lag in Debian-based Docker imagesAhmed Zerouali
 
Evolution of Technical Lag in DockerHub images - Benevol20
Evolution of Technical Lag in DockerHub images - Benevol20Evolution of Technical Lag in DockerHub images - Benevol20
Evolution of Technical Lag in DockerHub images - Benevol20Ahmed Zerouali
 
Analyzing Packages in Docker images hosted On DockerHub
Analyzing Packages in Docker images hosted On DockerHubAnalyzing Packages in Docker images hosted On DockerHub
Analyzing Packages in Docker images hosted On DockerHubAhmed Zerouali
 
On the Diversity of Software Package Popularity Metrics: An Empirical Study o...
On the Diversity of Software Package Popularity Metrics: An Empirical Study o...On the Diversity of Software Package Popularity Metrics: An Empirical Study o...
On the Diversity of Software Package Popularity Metrics: An Empirical Study o...Ahmed Zerouali
 
ConPan: A Tool to Analyze Packages in Software Containers
ConPan: A Tool to Analyze Packages in Software ContainersConPan: A Tool to Analyze Packages in Software Containers
ConPan: A Tool to Analyze Packages in Software ContainersAhmed Zerouali
 
Technical Lag in Docker Containers
Technical Lag in Docker ContainersTechnical Lag in Docker Containers
Technical Lag in Docker ContainersAhmed Zerouali
 
Analyzing the Evolution of Testing Library Usage in Open Source Java Projects
Analyzing the Evolution of Testing Library Usage in Open Source Java ProjectsAnalyzing the Evolution of Testing Library Usage in Open Source Java Projects
Analyzing the Evolution of Testing Library Usage in Open Source Java ProjectsAhmed Zerouali
 
An Empirical Comparison of the Development History of CloudStack and Eucalyptus
An Empirical Comparison of the Development History of CloudStack and EucalyptusAn Empirical Comparison of the Development History of CloudStack and Eucalyptus
An Empirical Comparison of the Development History of CloudStack and EucalyptusAhmed Zerouali
 
Analyzing the Evolution of Testing Library Usage in Open Source Java Projects
Analyzing the Evolution of Testing Library Usage in Open Source Java ProjectsAnalyzing the Evolution of Testing Library Usage in Open Source Java Projects
Analyzing the Evolution of Testing Library Usage in Open Source Java ProjectsAhmed Zerouali
 

More from Ahmed Zerouali (13)

Prevalence and Evolution of License Violations in npm and RubyGems Dependency...
Prevalence and Evolution of License Violations in npm and RubyGems Dependency...Prevalence and Evolution of License Violations in npm and RubyGems Dependency...
Prevalence and Evolution of License Violations in npm and RubyGems Dependency...
 
Analysis And Observations Of The Evolution Of Testing Library Usage
Analysis And Observations Of The Evolution Of Testing Library UsageAnalysis And Observations Of The Evolution Of Testing Library Usage
Analysis And Observations Of The Evolution Of Testing Library Usage
 
On Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm PackagesOn Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm Packages
 
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
 
A multi-dimensional analysis of technical lag in Debian-based Docker images
A multi-dimensional analysis of technical lag in Debian-based Docker imagesA multi-dimensional analysis of technical lag in Debian-based Docker images
A multi-dimensional analysis of technical lag in Debian-based Docker images
 
Evolution of Technical Lag in DockerHub images - Benevol20
Evolution of Technical Lag in DockerHub images - Benevol20Evolution of Technical Lag in DockerHub images - Benevol20
Evolution of Technical Lag in DockerHub images - Benevol20
 
Analyzing Packages in Docker images hosted On DockerHub
Analyzing Packages in Docker images hosted On DockerHubAnalyzing Packages in Docker images hosted On DockerHub
Analyzing Packages in Docker images hosted On DockerHub
 
On the Diversity of Software Package Popularity Metrics: An Empirical Study o...
On the Diversity of Software Package Popularity Metrics: An Empirical Study o...On the Diversity of Software Package Popularity Metrics: An Empirical Study o...
On the Diversity of Software Package Popularity Metrics: An Empirical Study o...
 
ConPan: A Tool to Analyze Packages in Software Containers
ConPan: A Tool to Analyze Packages in Software ContainersConPan: A Tool to Analyze Packages in Software Containers
ConPan: A Tool to Analyze Packages in Software Containers
 
Technical Lag in Docker Containers
Technical Lag in Docker ContainersTechnical Lag in Docker Containers
Technical Lag in Docker Containers
 
Analyzing the Evolution of Testing Library Usage in Open Source Java Projects
Analyzing the Evolution of Testing Library Usage in Open Source Java ProjectsAnalyzing the Evolution of Testing Library Usage in Open Source Java Projects
Analyzing the Evolution of Testing Library Usage in Open Source Java Projects
 
An Empirical Comparison of the Development History of CloudStack and Eucalyptus
An Empirical Comparison of the Development History of CloudStack and EucalyptusAn Empirical Comparison of the Development History of CloudStack and Eucalyptus
An Empirical Comparison of the Development History of CloudStack and Eucalyptus
 
Analyzing the Evolution of Testing Library Usage in Open Source Java Projects
Analyzing the Evolution of Testing Library Usage in Open Source Java ProjectsAnalyzing the Evolution of Testing Library Usage in Open Source Java Projects
Analyzing the Evolution of Testing Library Usage in Open Source Java Projects
 

Recently uploaded

SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 

Recently uploaded (20)

SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 

Analyzing Technical Lag in Open-Source Software

  • 1. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 1 16:00 Ahmed Zerouali Public PhD Defense “A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems”
  • 2. A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Presented by: Ahmed Zerouali Advisor: Dr. Tom Mens Public PhD Defense Software Engineering Lab, Université de Mons - Belgium, 4 September 2019 Jury: Dr. Olivier Delgrange Dr. Alexandre Decan Dr. Jesus Gonzalez-Barahona Dr. Alexander Serebrenik
  • 3. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Belgian Excellence of Science Research Project 2018- 2021 https://secoassist.github.io/ 3
  • 4. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Background 4
  • 5. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Focus IssuesUp-to-date 5
  • 6. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Focus Don’t updateUpdate How can we help software developers to decide when and why they should update 6 ?
  • 7. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Published papers 7
  • 8. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag 8
  • 9. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background Technical lag¹: the increasing difference between deployed software packages and the ideal available upstream packages. ¹ Gonzalez-Barahona, et al. "Technical Lag in Software Compilations: Measuring How Outdated a Software Deployment Is." IFIP International Conference on Open Source Systems. Springer, Cham, 2017. ➢ Ideal: stability, security, functionality, recency, etc. ➢ Difference: version updates, bugs, vulnerabilities, lines of code, commits, etc. 9
  • 10. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background Credits: https://exploring-data.com/vis/npm-packages-dependencies/ +20M dependencies 10
  • 11. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background package.json 11
  • 12. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background 12 Semantic Versioning Examples: 0.0.1, 1.0.0, 1.2.3, 1.2.3-beta
  • 13. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Background Other: *, ==1.2.3, >1.2.3, <1.2.3, 1.2.x, 1.x.x 13
  • 14. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Example 14 1.0.1 3.6.0 * 1.2.0 allowed 4.0.0 ^1.0.0 ^1.0.0 = [ 1.0.0, 2.0.0 [ dependent package P required package D up-to-date dependency
  • 15. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Example 15 1.0.1 1.2.0 2.0.1 3.6.0 4.0.0 2.0.0 * ^1.0.0 = [ 1.0.0, 2.0.0 [ allowed 4.1.0 missing updates dependent package P required package D outdated ^1.0.0 dependency
  • 16. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag > Example 16
  • 17. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Followed research approach Qualitative analysis: surveys and interviews Tooling Quantitative analysis Technical lag formal framework Mixed-methods approach 17
  • 18. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Qualitative analysis: surveys and interviews Tooling Quantitative analysis Mixed-methods approach Technical lag formal framework 18
  • 19. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag > Qualitative analysis Semi-structured Interviews: ➢ 5 software practitioners ➢ Place: FOSDEM 2019 ➢ Highly educated interviewees with an average of 10 years of experience 19 Technical Lag is important, especially if we mix between the benefits of updating and the effort needed to do that.
  • 20. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag > Qualitative analysis Online surveys: ➢ 17 candidates (from facebook groups) ➢ Highly educated interviewees with an average of 3 years of experience MCQ: What would be the most appropriate (ideal) version of a software library to use? 20 ★ Most stable (14) ★ Latest available (9) ★ Most documented (7) ★ Most secure (5)
  • 21. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Qualitative analysis: surveys and interviews Tooling Quantitative analysis Mixed-methods approach Technical lag formal framework 21
  • 22. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical lag 22 ∆ version ∆ time ∆ bugs ∆ vulnerabilities
  • 23. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag ● is a set of component releases ● is a set of possible lag values ● ideal : → is a function returning the “ideal” component release ● delta : x → is a function computing the difference between two component releases ● agg : is a function aggregating the results of a set of lags 23
  • 24. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag 24 Given a technical lag framework , we define: Aggregated Technical lag Technical lag Let be a set of components, then:
  • 25. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Qualitative analysis: surveys and interviews Tooling Quantitative analysis Mixed-methods approach Technical lag formal framework 25
  • 26. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems A Framework for Technical Lag > Framework Instantiation 26
  • 27. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages 27
  • 28. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 28 Technical Lag in npm Packages Time-based instantiation of : ➢ Ideal: Highest available version ➢ Delta: Time Lag = date(ideal) - date(used) ➢ Aggregation: Max
  • 29. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 29 Technical Lag in npm Packages Version-based instantiation of : ➢ Ideal: Highest available version ➢ Delta: Version lag = (∆Major, ∆Minor, ∆Patch) ➢ Aggregation: Sum
  • 30. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 30 Technical Lag in npm Packages > Time-based instantiation 1.0.1 1.1.0 2.0.01.2.0 2.0.1 Dependent package Technical lag time lag = date(2.0.1) - date(1.1.0) Required package
  • 31. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 31 Technical Lag in npm Packages > Version-based instantiation 1.0.1 1.1.0 2.0.01.2.0 2.0.1 Dependent package Technical lag 1 minor time lag = date(2.0.1) - date(1.1.0) Required package
  • 32. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 32 Technical Lag in npm Packages > Version-based instantiation 1.0.1 1.1.0 2.0.01.2.0 2.0.1 Dependent package Technical lag 1 minor time lag = date(2.0.1) - date(1.1.0) 1 major Required package
  • 33. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 33 Technical Lag in npm Packages > Version-based instantiation 1.0.1 1.1.0 2.0.01.2.0 2.0.1 Dependent package Technical lag 1 minor time lag = date(2.0.1) - date(1.1.0) version lag = (1 major, 1 minor ,1 patch) 1 major 1 patch Required package
  • 34. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages > Example Time-based technical lag for the package debug: - ideal (2.6.9) = 3.1.0 - time_lag(2.6.9) = 26-09-2017 - 22-09-2017 = 4 days - version_lag(2.6.9) = (1,1,1) 34
  • 35. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages > Example Time-based technical lag for the package ms: - time_lag(2.0.0) = 198 days 35
  • 36. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages > Example Aggregated Time-based technical lag for the package release youtube-player@5.5.0: - time_lag(debug@2.6.9) = 4 days - time_lag(ms@2.0.0) = 198 days ➔ agglag({debug@2.6.9, ms@2.0.0}) = max (4 days, 198 days) = 198 days 36
  • 37. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages New package releases have an increased technical lag. Technical lag is induced by version constraints Time lag induced by direct dependencies in npm package releases: 37
  • 38. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm Packages Time lag induced by transitive runtime dependencies in npm package releases: Technical lag is accumulated from a level to another in the dependency tree. 38
  • 39. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm applications
  • 40. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in npm applications Time lag induced by direct dependencies in GitHub applications: Technical lag in GitHub applications is higher than in npm package releases 40
  • 41. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Docker Containers 41
  • 42. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Background 42 ● Containers are isolated bundles of software packages ● Docker is one of the main tools for containerisation ● DockerHub is the largest repository for container images
  • 43. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Background 43 What are the biggest barriers to putting containers in a production environment? - ClusterHQ
  • 44. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Background 44
  • 45. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Focus 45
  • 46. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Background 1.0.1 1.1.0 2.0.01.2.1 2.1.0 Docker container C Technical lag technical lag = ∆ Versions (freshness) ∆ Vulnerabilities (security) ∆ Bugs (stability) Ideal Version deployed container Included Package version Available releases of a Debian package 46
  • 47. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Software Freshness The majority of packages in Debian containers is up-to-date... … but most of the images contain outdated packages. How outdated are images? IDEAL = LATEST 47
  • 48. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Software Freshness Outdated Debian packages in Docker containers induce a median version lag of 1 version. What is the version lag induced by the used Debian package releases? IDEAL = LATEST 48
  • 49. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Software Security The number of vulnerabilities depends on the Debian release, and is moderately correlated with the number of outdated packages in a container. 49
  • 50. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Software Security Few packages (2.5%) need to be downgraded in order to have the most secure version. Can we reduce security lag in DockerHub container images? IDEAL = Most Secure 50
  • 51. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers > Survey 51
  • 52. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers 52 1 out of 3 depending on a vulnerable npm package never update their dependency and remain vulnerable A. Decan et al. “On the impact of security vulnerabilities in the npm package dependency network”, MSR 2018. "37% of websites include a JavaScript library with a known open source vulnerability” T. Lauinger et al. "Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web", NDSS 2017. So what about Docker containers having npm packages? Security vulnerabilities in npm JavaScript
  • 53. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Technical Lag in Docker Containers 53 ★ Old Node images might be missing many updates, including one major update. ★ All official Node-based images have vulnerable npm packages, with an average of 16 security vulnerabilities per image. ★ Older images are more likely to have more vulnerabilities.
  • 54. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Qualitative analysis: surveys and interviews Tooling Quantitative analysis Mixed-methods approach Technical lag formal framework 54
  • 55. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems ConPan: A tool to analyze packages in software containers > Existing tools 55
  • 56. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems (*): https://github.com/neglectos/ConPan ConPan(*): “CONtainer Packages ANalyzer” ConPan: A tool to analyze packages in software containers > Overview 56
  • 57. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Example: $ conpan -p debian -c google/mysql -d ~/ConPan/data/debian/ ConPan: A tool to analyze packages in software containers > From the CLI 57
  • 58. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems ConPan: A tool to analyze packages in software containers > From the API 58
  • 59. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems ConPan: A tool to analyze packages in software containers > From the API 59
  • 60. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems ConPan: A tool to analyze packages in software containers > From the API 60
  • 61. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Summary and Outlook 61
  • 62. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Summary 62
  • 63. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Future Work ● Other instantiations of the technical lag ○ Effort needed to reduce the technical lag ● Extend and enhance ConPan ● Cross ecosystems comparison ● Promote technical lag to be used by software developers 63
  • 64. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems Conclusion The technical lag could help open source software developers and deployers to keep their software in a healthy shape. 64
  • 65. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems https://github.com/neglectos/PhD_Dissertation
  • 66. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 66 Evolution of Dependency constraints in npm packages - Caret (^) usage is increasing over time. - Caret introduction coincides with Major version lag increase.
  • 67. PhD Thesis A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems 67 The usage of strict constraint is much higher in external applications Evolution of Dependency constraints in GitHub applications