SlideShare uma empresa Scribd logo

Evolving Software Ecosystems: Health and beyond

Transferir como PPTX, PDF
E
econst

This document summarizes research on software ecosystems and their health. It discusses how social and technical factors influence ecosystem evolution and survival. Studies examined package dependency networks and found packages depend on many indirect dependencies over time. Social changes like developer abandonment can greatly impact ecosystems. Developers who commit and communicate less frequently are more likely to abandon projects sooner. Both technical and social activity are needed for package and developer longevity. Current work aims to merge developer identities across platforms and forecast inactivity to help monitor ecosystem health.

Tecnologia
1 de 45
Evolving software ecosystems: Health and beyond Eleni Constantinou Tom Mens University of Mons Belgium
SOCIO- TECHNICAL A Software Ecosystem is X
Software ecosystem research 2012-2017 2017-2019 2018-2021
SECOHealth Inter-disciplinary inter-university research project Towards an interdisciplinary, socio-technical methodology and analysis of the health of software ecosystems www.secohealth.org
SECO-Assist Automated Assistance for Developing Software in Ecosystems of the Future secoassist.github.io Inter-university research project Tom Mens University of Mons Anthony Cleve Université de Namur Coen De Roover Vrije Universiteit Brussel Serge Demeyer University of Antwerp
SECO health Sustainability Longevity Growth Success Resilience Survival Diversity Popularity
SECO health Sustainability Longevity Growth Success Resilience Survival Diversity Popularity
Technical Health Problems • Outdated dependencies • Security vulnerabilities • Bugs • Duplicated code • Incompatible licenses • … • Abandonment of contributors • Lack of communication / interaction • Social conflicts • Insufficient diversity • …
Technical SECO evolution
Evolution of package dependency networks A Decan, T Mens (2018) An Empirical Comparison of Dependency Network Evolution in Seven Software Packaging Ecosystems. Empirical Software Engineering Seven package dependency networks extracted using open source discovery service http://libraries.io (CC BY-SA 4.0) 830K packages – 5.8M package versions – 20.5M dependencies
Package changes are frequent Findings • #package updates grows over time • >50% of package releases are updated within 2 months. • Required and young packages are updated more frequently. Changeability index: Maximal value n such that there exist n packages having been updated at least n times during the last month. CRAN differs due to rolling release policy: “Submitting updates should be done responsibly and with respect for the volunteers’ time. Once a package is established, ‘no more than every 1–2 months’ seems appropriate.”
Package changes are frequent Package updates may cause many maintainability issues or even failures in dependent packages. "Especially with respect to package dependencies, the risk of things breaking at some point due to the fact that a version of a dependency has changed without you knowing about it is immense. That actually cost us weeks and months in a couple of professional projects I was part of."
Most packages depend on other packages Findings • 60% to 80% of all packages are connected. • A stable minority (20%) of required packages collect over 80% of all reverse dependencies. • # npm dependencies grows much faster. Reusability index: Maximal value n such that there exist n required packages having at least n dependent packages.
Package changes may have important impact March 2016 Unexpected removal of left-pad Caused > 2% of all packages to break (> 5,400 packages) November 2010 Release 0.5.0 of i18n broke dependent package ActiveRecord Transitively required by >5% of all packages
Example: leftpad
Most of the complexity is deeply hidden … … in the transitive dependencies Proportion of top-level packages by depth of dependency tree Over 50% of top-level packages have deep dependency tree. Ecosystem complexity
Package changes may have important impact Evolution of 5-Impact Index Findings • Dependent packages have few direct but many transitive dependencies. • Ratio of indirect over direct dependencies increases over time. P-Impact Index : Number of packages that are transitively required by at least P% of all packages.
Socio-technical SECO evolution
SECO evolution Empirical investigation of software ecosystems • Social changes • Technical impact of social changes
SECO impact
SECO health
SECO repositories
SECO repositories
SECO repositories
SECO repositories
SECO repositories
Evolution of package dependency networks E Constantinou, T Mens (2017) Socio-Technical Evolution of the Ruby Ecosystem in GitHub. SANER 2017 26K packages/projects, 69K forks 76K contributors 5M commits
SECO health – Social Growth
SECO health – Technical Growth Technical growth 2008 2009 2010 2011 2012 2013 2014 2015 2016 2000 4000 6000 8000 10000 Projects Obsolete Projects New Projects Active Projects 2008 2009 2010 2011 2012 2013 2014 2015 0 1 2 3 4 Specialization
SECO health Major social changes can highly impact the ecosystem evolution Monitoring these changes can help in identifying such issues early
SECO health – Survival
Evolution of package dependency networks E Constantinou, T Mens (2017) An Empirical Comparison of Developer Retention in the RubyGems and npm Software Ecosystems. Innovations in Systems and Software Engineering 70K packages/projects 32K contributors 3M commits 1.5M messages 179K packages/projects 64K contributors 8M commits 4M messages
SECO health – Survival Socio-technical activity • Intensity • Frequency • Inactivity length Survival analysis
SECO health – Developer survival
SECO health – Developer survival Population: all developers in an ecosystem Event: abandonment of a developer Developers tend to abandon the ecosystem sooner if they: do not communicate communicate less intensively communicate less frequently do not communicate for a longer period 0 50 100 150 200 0.00.20.40.60.81.0 npm Duration of commit activity (months) Survivalprobability Social inactivity Social activity Social abandoner 0 50 100 150 0.00.20.40.60.81.0 RubyGems Duration of commit activity (months) Survivalprobability Social inactivity Social activity Social abandoner 0 50 100 150 200 0.00.20.40.60.81.0 npm Duration of commit activity (months) Survivalprobability Very Short Short Long Very Long 0 50 100 150 0.00.20.40.60.81.0 RubyGems Duration of commit activity (months) Survivalprobability Very Short Short Long Very Long
SECO health – Developer survival Developers tend to abandon the ecosystem sooner if they: commit less intensively commit less frequently do not commit for longer periods 0 50 100 150 200 0.00.20.40.60.81.0 npm Duration of commit activity (months) Survivalprobability Very Weak Weak Strong Very Strong 0 50 100 150 0.00.20.40.60.81.0 RubyGems Duration of commit activity (months) Survivalprobability Very Weak Weak Strong Very Strong 0 50 100 150 200 0.00.20.40.60.81.0 npm Duration of commit activity (months) Survivalprobability Very Short Short Long Very Long 0 50 100 150 0.00.20.40.60.81.0 RubyGems Duration of commit activity (months) Survivalprobability Very Short Short Long Very Long
SECO health – Package survival 37
SECO health – Package survival Population: all packages in an ecosystem Event: commit inactivity of a package Packages tend to become inactive sooner if the developers contributing to these packages: do not communicate communicate less intensively communicate less frequently do not communicate for a longer period
SECO health – Package survival Packages tend to become inactive sooner if the developers contributing to these packages: commit less intensively commit less frequently do not commit for longer periods
SECO health – Survival Intense and frequent commit activity is not enough … Intense and frequent messaging activity is also necessary
Current work – Identity merging
Current work – Identity matching GitHub git Mailing list Gerrit BugZilla IRC
Current work – Forecasting inactivity
What next? Technical • Outdated dependencies • Security vulnerabilities • Bugs • Duplicated code • Incompatible licenses • … • Abandonment of contributors • Lack of communication / interaction • Social conflicts • Insufficient diversity • …
@eleni_const @tom_mens

Recomendados

Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsComparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Tom Mens
 
How magic is zero? An Empirical Analysis of Initial Development Releases in S...
How magic is zero? An Empirical Analysis of Initial Development Releases in S...How magic is zero? An Empirical Analysis of Initial Development Releases in S...
How magic is zero? An Empirical Analysis of Initial Development Releases in S...
Tom Mens
 
Lost in Zero Space
Lost in Zero SpaceLost in Zero Space
Lost in Zero Space
Tom Mens
 
On backporting practices in package dependency networks
On backporting practices in package dependency networksOn backporting practices in package dependency networks
On backporting practices in package dependency networks
Tom Mens
 
Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!
Tom Mens
 
On the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsOn the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystems
Tom Mens
 
Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...
Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...
Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...
Fasten Project
 
Socio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem HealthSocio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem Health
Tom Mens
 

Recomendados

Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsComparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Tom Mens
 
How magic is zero? An Empirical Analysis of Initial Development Releases in S...
How magic is zero? An Empirical Analysis of Initial Development Releases in S...How magic is zero? An Empirical Analysis of Initial Development Releases in S...
How magic is zero? An Empirical Analysis of Initial Development Releases in S...
Tom Mens
 
Lost in Zero Space
Lost in Zero SpaceLost in Zero Space
Lost in Zero Space
Tom Mens
 
On backporting practices in package dependency networks
On backporting practices in package dependency networksOn backporting practices in package dependency networks
On backporting practices in package dependency networks
Tom Mens
 
Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!
Tom Mens
 
On the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsOn the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystems
Tom Mens
 
Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...
Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...
Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...
Fasten Project
 
Socio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem HealthSocio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem Health
Tom Mens
 
Empirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package ManagersEmpirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package Managers
Tom Mens
 
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
Tom Mens
 
On the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemOn the health of the npm packaging ecosystem
On the health of the npm packaging ecosystem
Tom Mens
 
Socio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package EcosystemsSocio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package Ecosystems
Tom Mens
 
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
Fasten Project
 
Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)
Tom Mens
 
Software Ecosystems = Big Data
Software Ecosystems = Big DataSoftware Ecosystems = Big Data
Software Ecosystems = Big Data
Tom Mens
 
Software Ecosystem Evolution. It's complex!
Software Ecosystem Evolution. It's complex!Software Ecosystem Evolution. It's complex!
Software Ecosystem Evolution. It's complex!
Tom Mens
 
RE 2015 ecosystems tutorial
RE 2015 ecosystems tutorialRE 2015 ecosystems tutorial
RE 2015 ecosystems tutorial
Xavier Franch
 
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
South Tyrol Free Software Conference
 
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
Tom Mens
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Tom Mens
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
econst
 
Investigating developer retention in socio-technical software ecosystems
Investigating developer retention in socio-technical software ecosystemsInvestigating developer retention in socio-technical software ecosystems
Investigating developer retention in socio-technical software ecosystems
econst
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
James Wickett
 
Scientific software sustainability and ecosystem complexity
Scientific software sustainability and ecosystem complexityScientific software sustainability and ecosystem complexity
Scientific software sustainability and ecosystem complexity
James Howison
 
All Things Open 2022 - State of OSS Security & Support
All Things Open 2022 - State of OSS Security & SupportAll Things Open 2022 - State of OSS Security & Support
All Things Open 2022 - State of OSS Security & Support
Javier Perez
 
Scientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & SociologyScientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & Sociology
Neil Chue Hong
 
SECO-Assist 2019 research seminar
SECO-Assist 2019 research seminarSECO-Assist 2019 research seminar
SECO-Assist 2019 research seminar
Tom Mens
 
Be Prepared for Growth - Confluence at Thales
Be Prepared for Growth - Confluence at ThalesBe Prepared for Growth - Confluence at Thales
Be Prepared for Growth - Confluence at Thales
Atlassian
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 

Mais conteúdo relacionado

Semelhante a Evolving Software Ecosystems: Health and beyond

Empirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package ManagersEmpirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package Managers
Tom Mens
 
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
Tom Mens
 
Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)
Tom Mens
 
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
South Tyrol Free Software Conference
 
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
Tom Mens
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Tom Mens
 
Scientific software sustainability and ecosystem complexity
Scientific software sustainability and ecosystem complexityScientific software sustainability and ecosystem complexity
Scientific software sustainability and ecosystem complexity
James Howison
 
Scientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & SociologyScientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & Sociology
Neil Chue Hong
 
Be Prepared for Growth - Confluence at Thales
Be Prepared for Growth - Confluence at ThalesBe Prepared for Growth - Confluence at Thales
Be Prepared for Growth - Confluence at Thales
Atlassian
 

Semelhante a Evolving Software Ecosystems: Health and beyond (20)

Empirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package ManagersEmpirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package Managers
 
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seve...
 
On the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemOn the health of the npm packaging ecosystem
On the health of the npm packaging ecosystem
 
Socio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package EcosystemsSocio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package Ecosystems
 
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
 
Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)
 
Software Ecosystems = Big Data
Software Ecosystems = Big DataSoftware Ecosystems = Big Data
Software Ecosystems = Big Data
 
Software Ecosystem Evolution. It's complex!
Software Ecosystem Evolution. It's complex!Software Ecosystem Evolution. It's complex!
Software Ecosystem Evolution. It's complex!
 
RE 2015 ecosystems tutorial
RE 2015 ecosystems tutorialRE 2015 ecosystems tutorial
RE 2015 ecosystems tutorial
 
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
SFSCON23 - Ranindya Paramitha - Technical leverage analysis in the Python eco...
 
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
 
Investigating developer retention in socio-technical software ecosystems
Investigating developer retention in socio-technical software ecosystemsInvestigating developer retention in socio-technical software ecosystems
Investigating developer retention in socio-technical software ecosystems
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
 
Scientific software sustainability and ecosystem complexity
Scientific software sustainability and ecosystem complexityScientific software sustainability and ecosystem complexity
Scientific software sustainability and ecosystem complexity
 
All Things Open 2022 - State of OSS Security & Support
All Things Open 2022 - State of OSS Security & SupportAll Things Open 2022 - State of OSS Security & Support
All Things Open 2022 - State of OSS Security & Support
 
Scientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & SociologyScientific Software: Sustainability, Skills & Sociology
Scientific Software: Sustainability, Skills & Sociology
 
SECO-Assist 2019 research seminar
SECO-Assist 2019 research seminarSECO-Assist 2019 research seminar
SECO-Assist 2019 research seminar
 
Be Prepared for Growth - Confluence at Thales
Be Prepared for Growth - Confluence at ThalesBe Prepared for Growth - Confluence at Thales
Be Prepared for Growth - Confluence at Thales
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Evolving Software Ecosystems: Health and beyond

  • 1. Evolving software ecosystems: Health and beyond Eleni Constantinou Tom Mens University of Mons Belgium
  • 4. SECOHealth Inter-disciplinary inter-university research project Towards an interdisciplinary, socio-technical methodology and analysis of the health of software ecosystems www.secohealth.org
  • 5. SECO-Assist Automated Assistance for Developing Software in Ecosystems of the Future secoassist.github.io Inter-university research project Tom Mens University of Mons Anthony Cleve Université de Namur Coen De Roover Vrije Universiteit Brussel Serge Demeyer University of Antwerp
  • 8. Technical Health Problems • Outdated dependencies • Security vulnerabilities • Bugs • Duplicated code • Incompatible licenses • … • Abandonment of contributors • Lack of communication / interaction • Social conflicts • Insufficient diversity • …
  • 10. Evolution of package dependency networks A Decan, T Mens (2018) An Empirical Comparison of Dependency Network Evolution in Seven Software Packaging Ecosystems. Empirical Software Engineering Seven package dependency networks extracted using open source discovery service http://libraries.io (CC BY-SA 4.0) 830K packages – 5.8M package versions – 20.5M dependencies
  • 11. Package changes are frequent Findings • #package updates grows over time • >50% of package releases are updated within 2 months. • Required and young packages are updated more frequently. Changeability index: Maximal value n such that there exist n packages having been updated at least n times during the last month. CRAN differs due to rolling release policy: “Submitting updates should be done responsibly and with respect for the volunteers’ time. Once a package is established, ‘no more than every 1–2 months’ seems appropriate.”
  • 12. Package changes are frequent Package updates may cause many maintainability issues or even failures in dependent packages. "Especially with respect to package dependencies, the risk of things breaking at some point due to the fact that a version of a dependency has changed without you knowing about it is immense. That actually cost us weeks and months in a couple of professional projects I was part of."
  • 13. Most packages depend on other packages Findings • 60% to 80% of all packages are connected. • A stable minority (20%) of required packages collect over 80% of all reverse dependencies. • # npm dependencies grows much faster. Reusability index: Maximal value n such that there exist n required packages having at least n dependent packages.
  • 14. Package changes may have important impact March 2016 Unexpected removal of left-pad Caused > 2% of all packages to break (> 5,400 packages) November 2010 Release 0.5.0 of i18n broke dependent package ActiveRecord Transitively required by >5% of all packages
  • 16. Most of the complexity is deeply hidden … … in the transitive dependencies Proportion of top-level packages by depth of dependency tree Over 50% of top-level packages have deep dependency tree. Ecosystem complexity
  • 17. Package changes may have important impact Evolution of 5-Impact Index Findings • Dependent packages have few direct but many transitive dependencies. • Ratio of indirect over direct dependencies increases over time. P-Impact Index : Number of packages that are transitively required by at least P% of all packages.
  • 19. SECO evolution Empirical investigation of software ecosystems • Social changes • Technical impact of social changes
  • 27. Evolution of package dependency networks E Constantinou, T Mens (2017) Socio-Technical Evolution of the Ruby Ecosystem in GitHub. SANER 2017 26K packages/projects, 69K forks 76K contributors 5M commits
  • 28. SECO health – Social Growth
  • 29. SECO health – Technical Growth Technical growth 2008 2009 2010 2011 2012 2013 2014 2015 2016 2000 4000 6000 8000 10000 Projects Obsolete Projects New Projects Active Projects 2008 2009 2010 2011 2012 2013 2014 2015 0 1 2 3 4 Specialization
  • 30. SECO health Major social changes can highly impact the ecosystem evolution Monitoring these changes can help in identifying such issues early
  • 31. SECO health – Survival
  • 32. Evolution of package dependency networks E Constantinou, T Mens (2017) An Empirical Comparison of Developer Retention in the RubyGems and npm Software Ecosystems. Innovations in Systems and Software Engineering 70K packages/projects 32K contributors 3M commits 1.5M messages 179K packages/projects 64K contributors 8M commits 4M messages
  • 33. SECO health – Survival Socio-technical activity • Intensity • Frequency • Inactivity length Survival analysis
  • 34. SECO health – Developer survival
  • 35. SECO health – Developer survival Population: all developers in an ecosystem Event: abandonment of a developer Developers tend to abandon the ecosystem sooner if they: do not communicate communicate less intensively communicate less frequently do not communicate for a longer period 0 50 100 150 200 0.00.20.40.60.81.0 npm Duration of commit activity (months) Survivalprobability Social inactivity Social activity Social abandoner 0 50 100 150 0.00.20.40.60.81.0 RubyGems Duration of commit activity (months) Survivalprobability Social inactivity Social activity Social abandoner 0 50 100 150 200 0.00.20.40.60.81.0 npm Duration of commit activity (months) Survivalprobability Very Short Short Long Very Long 0 50 100 150 0.00.20.40.60.81.0 RubyGems Duration of commit activity (months) Survivalprobability Very Short Short Long Very Long
  • 36. SECO health – Developer survival Developers tend to abandon the ecosystem sooner if they: commit less intensively commit less frequently do not commit for longer periods 0 50 100 150 200 0.00.20.40.60.81.0 npm Duration of commit activity (months) Survivalprobability Very Weak Weak Strong Very Strong 0 50 100 150 0.00.20.40.60.81.0 RubyGems Duration of commit activity (months) Survivalprobability Very Weak Weak Strong Very Strong 0 50 100 150 200 0.00.20.40.60.81.0 npm Duration of commit activity (months) Survivalprobability Very Short Short Long Very Long 0 50 100 150 0.00.20.40.60.81.0 RubyGems Duration of commit activity (months) Survivalprobability Very Short Short Long Very Long
  • 37. SECO health – Package survival 37
  • 38. SECO health – Package survival Population: all packages in an ecosystem Event: commit inactivity of a package Packages tend to become inactive sooner if the developers contributing to these packages: do not communicate communicate less intensively communicate less frequently do not communicate for a longer period
  • 39. SECO health – Package survival Packages tend to become inactive sooner if the developers contributing to these packages: commit less intensively commit less frequently do not commit for longer periods
  • 40. SECO health – Survival Intense and frequent commit activity is not enough … Intense and frequent messaging activity is also necessary
  • 41. Current work – Identity merging
  • 42. Current work – Identity matching GitHub git Mailing list Gerrit BugZilla IRC
  • 43. Current work – Forecasting inactivity
  • 44. What next? Technical • Outdated dependencies • Security vulnerabilities • Bugs • Duplicated code • Incompatible licenses • … • Abandonment of contributors • Lack of communication / interaction • Social conflicts • Insufficient diversity • …

Notas do Editor

  1. Technical Diversity: different platforms, different programming languages, different application domains, different packages with similar functionality Community Smells: Lone Wolfs, Isolated Teams, Communication Problems Contributor Abandonment: Rage quitting
  2. npm and nuget more subject to package updates. CRAN less subject to package updates.
  3. “The package leftpad essentially contains a few lines of source code but has thousands of dependent projects, including Node and Babel. When its developer decided to unpublish all his modules for npm, this had important consequences, “almost breaking the internet “ March 2016 Unexpected removal of left-pad caused > 2% of all packages to break (> 5,400 packages) RubyGems, November 2010 Release 0.5.0 of i18n broke dependent package ActiveRecord, transitively required by >5% of all packages (930)
  4. Study factors affecting the time to event (such as child birth, recovering from a disease, etc). Estimate the survival rate of a population over time, considering the notion of censoring.