Background: Modern Code Review (MCR) is a key component for delivering high-quality software and sharing knowledge among developers. Effective reviews require an in-depth understanding of the code and demand from the reviewers to contextualize the change from different perspectives.

Aim: While there is a plethora of research on solutions that support developers to understand changed code, we have observed that many provide only narrow, specialized insights and very few aggregate information in a meaningful manner. Therefore, we aim to provide a vision of improving code understanding in MCR.

Method: We classified 53 research papers suggesting proposals to improve MCR code understanding. We use this classification, the needs expressed by code reviewers from previous research, and the information we have not found in the literature for extrapolation.

Results: We identified four major types of support systems and suggest an environment for contextualized code reviews. Furthermore, we illustrate with a set of scenarios how such an environment would improve the effectiveness of code reviews.

Conclusions: Current research focuses mostly on providing narrow support for developers. We outline a vision for how MCR can be improved by using context and reducing the cognitive load on developers. We hope our vision can foster future advancements in development environments. 

This paper presents our findings on the automatic summarization of Java methods within Ericsson, a global telecommunications company. We evaluate the performance of an approach called Automatic Semantic Augmentation of Prompts (ASAP), which uses a Large Language Model (LLM) to generate leading summary comments (Javadocs) for Java methods. ASAP enhances the LLM's prompt context by integrating static program analysis and information retrieval techniques to identify similar exemplar methods along with their developer-written Javadocs, and serves as the baseline in our study.

In contrast, we explore and compare the performance of four simpler approaches that do not require static program analysis, information retrieval, or the presence of exemplars as in the ASAP method. Our methods rely solely on the Java method body as input, making them lightweight and more suitable for rapid deployment in commercial software development environments.

We conducted experiments on an Ericsson software project and replicated the study using two widely-used open-source Java projects, Guava and Elasticsearch, to ensure the reliability of our results. Performance was measured across eight metrics that capture various aspects of similarity. Notably, one of our simpler approaches performed as well as or better than the ASAP method on both the Ericsson project and the open-source projects.

Additionally, we performed an ablation study to examine the impact of method names on Javadoc summary generation across our four proposed approaches and the ASAP method. By masking the method names and observing the generated summaries, we found that our approaches were statistically significantly less influenced by the absence of method names compared to the baseline. This suggests that our methods are more robust to variations in method names and may derive summaries more comprehensively from the method body than the ASAP approach. 

Context: Identifying source code expertise is useful in several situations. Activities like bug fixing and helping newcomers are best performed by knowledgeable developers. Some studies have proposed repository-mining techniques to identify source code experts. However, there is a gap in understanding which variables are most related to code knowledge and how they can be used for identifying expertise. Objective: This study explores models of expertise identification and how these models can be used to improve a Truck Factor algorithm. Methods: First, we built an oracle with the knowledge of developers from software projects. Then, we use this oracle to analyze the correlation between measures from the development history and source code knowledge. We investigate the use of linear and machine-learning models to identify file experts. Finally, we use the proposed models to improve a Truck Factor algorithm and analyze their performance using data from public and private repositories. Results: First Authorship and Recency of Modification have the highest positive and negative correlations with source code knowledge, respectively. Machine learning classifiers outperformed the linear techniques (F-Score = 71% to 73%) in the largest analyzed dataset, but this advantage is unclear in the smallest one. The Truck Factor algorithm using the proposed models could handle developers missed by the previous expertise model with the best average F-Score of 74%. It was perceived as more accurate in computing the Truck Factor of an industrial project. Conclusion: If we analyze F-Score, the studied models have similar performance. However, machine learning classifiers get higher Precision while linear models obtained the highest Recall. Therefore, choosing the best technique depends on the user's tolerance to false positives and negatives. Additionally, the proposed models significantly improved the accuracy of a Truck Factor algorithm, affirming their effectiveness in precisely identifying the key developers within software projects. © 2024 Elsevier B.V.

The microservice architecture enables organizations to shorten development cycles and deliver cloud-native applications rapidly. However, it also brings security concerns that need to be addressed by developers. Therefore, security testing in microservices becomes even more critical. Recent research papers indicate that security testing of microservices is often neglected for reasons such as lack of time, lack of experience in the security domain, and absence of automated test environments. Even though several security scanning tools exist to detect container, containerized workload management (Kubernetes), and network issues, none individually is sufficient to cover all security problems in microservices. Using multiple scanning tools increases the complexity of analyzing findings and mitigating security vulnerabilities. This paper presents a fully automated test tool suite that can help developers address security issues in microservices and resolve them. It targets to reduce time and effort in security activities by encapsulating open-source scanning tools into one suite and providing improved feedback. The developed security scanning suite is named Pomegranate. To develop Pomegranate, we employed Design Science and conducted our investigation in Ericsson. We have evaluated our tool using a static approach. The evaluation results indicate that the Pomegranate could be helpful to developers by providing simplified and classified outputs for security vulnerabilities in microservices. More than half of the practitioners who give us feedback found Pomegranate helpful in detecting and mitigating security problems in microservices. We conclude that a fully automated test tool suite can help developers to address most security issues in microservices. Based on the findings in this paper, the direction for future work is to conduct a dynamic validation of Pomegranate in a live project. © 2023 IEEE.

Today's software industry is global, virtual, and depending more than ever on strong and reliable processes. Stakeholders and infrastructure are distributed across the globe, posing challenges that go beyond those with co-located teams and servers. Software Engineering continues to be a complex undertaking, with projects challenged to meet expectations, especially regarding costs. We know that Software Engineering is an ever-changing discipline, with the result that firms and their employees must regularly embrace new methods, tools, technologies, and processes. In 2020, the International Conference on Global Software Engineering (ICGSE) and the International Conference on Systems and Software Processes (ICSSP) joined forces aiming to create a holistic understanding of the software landscape both from the perspective of human and infrastructure distribution and also the processes to support software development. Unfortunately, these challenges have become even more personal to many more in 2020 due to the disruption introduced by the COVID-19 pandemic, which forced both conferences to be held virtually. As an outcome of the joint event, we selected a set of the best papers from the two conferences, which were invited to submit extended versions to this Special Issue in the Journal of Software: Maintenance and Evolution. Dedicated committees were established to identify the best papers. Eight papers were invited and ultimately, seven of these invited papers have made it into this Special Issue. © 2023 John Wiley & Sons, Ltd.

On June 26–28, 2020, the International Conference on Software and Systems Processes (ICSSP 2020) and the International Conference on Global Software Engineering (ICGSE 2020) were held in virtual settings during the first year of the COVID pandemic. Several submissions to the joint event have been selected for inclusion in this special issue, focusing on impactful and timely contributions to machine learning (ML). At present, many in our field are enthusiastic about the potential of ML, yet some risks should not be casually overlooked or summarily dismissed. Each ML implementation is subtly different from any other implementation, and the risk profile varies greatly based on the approach adopted and the implementation context. The ICSSP/ICGSE 2020 Program Committees have encouraged submissions that explore the risks and benefits associated with ML so that the important discussion regarding ML efficacy and advocacy can be further elaborated. Four contributions have been included in this special issue. © 2023 John Wiley & Sons, Ltd.

Background: Modern Code Review (MCR) is a lightweight alternative to traditional code inspections. While secondary studies on MCR exist, it is uanknown whether the research community has targeted themes that practitioners consider important.Objectives: The objectives are to provide an overview of MCR research, analyze the practitioners' opinions on the importance of MCR research, investigate the alignment between research and practice, and propose future MCR research avenues.Method: We conducted a systematic mapping study to survey state of the art until and including 2021, employed the Q-Methodology to analyze the practitioners' perception of the relevance of MCR research, and analyzed the primary studies' research impact.Results: We analyzed 244 primary studies, resulting in five themes. As a result of the 1,300 survey data points, we found that the respondents are positive about research investigating the impact of MCR on product quality and MCR process properties. In contrast, they are negative about human factor- and support systems-related research.Conclusion: These results indicate a misalignment between the state of the art and the themes deemed important by most survey respondents. Researchers should focus on solutions that can improve the state of MCR practice. We provide an MCR research agenda that can potentially increase the impact of MCR research. © 2023 Copyright held by the owner/author(s).

Labeling issues with the skills required to complete them can help contributors to choose tasks in Open Source Software projects. However, manually labeling issues is time-consuming and error-prone, and current automated approaches are mostly limited to classifying issues as bugs/non-bugs. We investigate the feasibility and relevance of automatically labeling issues with what we call “API-domains,” which are high-level categories of APIs. Therefore, we posit that the APIs used in the source code affected by an issue can be a proxy for the type of skills (e.g., DB, security, UI) needed to work on the issue. We ran a user study (n=74) to assess API-domain labels’ relevancy to potential contributors, leveraged the issues’ descriptions and the project history to build prediction models, and validated the predictions with contributors (n=20) of the projects. Our results show that (i) newcomers to the project consider API-domain labels useful in choosing tasks, (ii) labels can be predicted with a precision of 84% and a recall of 78.6% on average, (iii) the results of the predictions reached up to 71.3% in precision and 52.5% in recall when training with a project and testing in another (transfer learning), and (iv) project contributors consider most of the predictions helpful in identifying needed skills. These findings suggest our approach can be applied in practice to automatically label issues, assisting developers in finding tasks that better match their skills. © 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.

Context: Addressing women's under-representation in the soft-ware industry, a widely recognized concern, requires attracting as well as retaining more women. Hearing from women practitioners, particularly those positioned in multi-cultural settings, about their challenges and and adopting their lived experienced solutions can support the design of programs to resolve the under-representation issue. Goal: We investigated the challenges women face in global software development teams, particularly what motivates women to leave their company; how those challenges might break down according to demographics; and strategies to mitigate the identified challenges. Method: To achieve this goal, we conducted an ex-ploratory case study in Ericsson, a global technology company. We surveyed 94 women and employed mixed-methods to analyze the data. Results: Our findings reveal that women face socio-cultural challenges, including work-life balance issues, benevolent and hos-tile sexism, lack of recognition and peer parity, impostor syndrome, glass ceiling bias effects, the prove-it-again phenomenon, and the maternal wall. The participants of our research provided different suggestions to address/mitigate the reported challenges, including sabbatical policies, flexibility of location and time, parenthood support, soft skills training for managers, equality of payment and opportunities between genders, mentoring and role models to sup-port career growth, directives to hire more women, inclusive groups and events, women's empowerment, and recognition for women's success. The framework of challenges and suggestions can inspire further initiatives both in academia and industry to onboard and retain women. Women represent less than 24% of employees in software development industry and experience various types of prejudice and bias. Even in companies that care about Diversity & Inclusion, 'untying the mooring ropes' of socio-cultural problems is hard. Hearing from women, especially those working in a multi-cultural organization, about their challenges and adopting their suggestions can be vital to design programs and resolve the under-representation issue. In this work we work closely with a large software development or-ganization which invests and believes in diversity and inclusion. We listened to women and the challenges they face in global soft-ware development teams of this company and what these women suggest reduce the problems and increase retention. Our research showed that women face work-life balance issues and encounter invisible barriers that prevent them from rising to top positions. They also suffer micro-aggression and sexism, need to show com-petence constantly, be supervised in essential tasks, and receive less work after becoming mothers. Moreover, women miss having more female colleagues, lack self-confidence and recognition. The women from the company suggested sabbatical policies, the flexibil-ity of location and time, parenthood support, soft skills training for managers, equality of opportunities, role models to support career growth, directives to hire more women, support groups, and more interaction between women, inclusive groups and events, women's empowerment by publishing their success stories in media and recognizing their achievements. Our results had been shared with the company Human Resources department and management and they considered the diagnosis helpful and will work on actions to mitigate the challenges that women still perceive. © 2022 IEEE.

Background: Bug-fixing is the crux of software maintenance. It entails tending to heaps of bug reports using limited resources. Using historical data, we can ask questions that contribute to betterinformed allocation heuristics. The caveat here is that often there is not enough data to provide a sound response. This issue is especially prominent for young projects. Also, answers may vary from project to project. Consequently, it is impossible to generalize results without assuming a notion of relatedness between projects.

Aims: Evaluate the independent impact of three report features in the bug-fixing time (BFT), generalizing results from many projects: bug priority, code-churn size in bug fixing commits, and existence of links to other reports (e.g., depends on or blocks other bug reports).

Method: We analyze 55 projects from the Apache ecosystem using Bayesian statistics. Similar to standard random effects methodology, we assume each project's average BFT is a dispersed version of a global average BFT that we want to assess. We split the data based on feature values/range (e.g., with or without links). For each split, we compute a posterior distribution over its respective global BFT. Finally, we compare the posteriors to establish the feature's effect on the BFT. We run independent analyses for each feature.

Results: Our results show that the existence of links and higher code-churn values lead to BFTs that are at least twice as long. On the other hand, considering three levels of priority (low, medium, and high), we observe no difference in the BFT.

Conclusion: To the best of our knowledge, this is the first study using hierarchical Bayes to extrapolate results from multiple projects and assess the global effect of different attributes on the BFT. We use this methodology to gain insight on how links, priority, and code-churn size impact the BFT. On top of that, our posteriors can be used as a prior to analyze novel projects, potentially young and scarce on data. We also believe our methodology can be reused for other generalization studies in empirical software engineering. © 2022 Association for Computing Machinery.