Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J....
Transcript of Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J....
![Page 1: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/1.jpg)
Exploring Software Supply Chains from a Technical Debt Perspective
J. Yates Monteith John D. McGregor
Strategic Software Engineering Research Group
1
![Page 2: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/2.jpg)
Problem: Quality in the Software Supply Chain
• Due diligence requires that deliveries from suppliers be checked for acceptable quality.
• Software products are often subjected to acceptance test but these are superficial.
• One approach is to establish the reputation of the vendor.
• Another is to sample at high value targets.
2
![Page 3: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/3.jpg)
Technical debt
• Many sources besides code • We used SONAR in a standard configuration • Need measures for non-code artifacts
3
![Page 4: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/4.jpg)
Betweenness Centrality (BC)
• Ratio between the number of shortest paths a node lies in to the total number of shortest paths. – The node on the most shortest paths has the
highest betweenness centrality.
• Graph theorists use this to identify nodes that are important to graph connectivity and information flow. ∑
≠≠
=ts st
stBCν σ
νσν )()(4
![Page 5: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/5.jpg)
Experiments
• Sampled three versions of the Java Development Tools (JDT): 3.4, 3.5 and 3.6. – Maintenance builds.
• Experiment 1: Correlation test between technical debt and betweenness centrality.
• Experiment 2: Longitudinal Hotspot Evaluation.
5
![Page 6: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/6.jpg)
BC-TD Correlation
• Measured betweenness centrality of each file in JDT 3.4, 3.5 and 3.6 using Cytoscape.
• Measured technical debt using Sonar Technical Debt plugin.
• Performed Pearson Correlation Coefficient test.
6
Version Correlation Coefficient One-tailed P Value
3.4 0.42765676 < 0.0001
3.5 0.42565911 < 0.0001
3.6 0.43607052 < 0.0001
![Page 7: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/7.jpg)
Analysis
• Results were moderate, but significant correlation.
• There exists a positive relationship between technical debt and betweenness centrality.
• As one grows, the other grows, though not at the same rate.
7
![Page 8: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/8.jpg)
Longitudinal Evaluation
• Utilized same three maintenance versions of JDT: 3.4, 3.5 and 3.6.
• Generated dependency graphs for code structures using Cytoscape.
• Measured betweenness centrality. – i.e. Nodes that depended or were dependent on
the four principle files.
8
![Page 9: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/9.jpg)
Longitudinal Evaluation
• Isolated four principle files via high technical debt: ClassFile, Parser, CodeStream and CompletionEngine.
• Reduced graph to four principle nodes and first neighbor nodes
• Performed the Force-Directed Spring-Embedded layout with weighting on betweenness centrality. – Nodes act as repulsive elements (think electrons). – Edge length determine by betweenness centrality. 9
![Page 10: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/10.jpg)
Eclipse – JDT 3.4
10
![Page 11: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/11.jpg)
Eclipse – JDT 3.5
11
![Page 12: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/12.jpg)
Eclipse – JDT 3.6
12
![Page 13: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/13.jpg)
Coding standard violations
13
![Page 14: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/14.jpg)
Analysis
• Examination of node clusters showed cluster 7 was an outlier: excessive technical debt, minor violations, non-minor violations and code size. – However, not the largest cluster in terms of lines of code.
• Analysis across versions showed significant refactoring of code, resulting in significantly reduced lines of code, violations and technical debt.
• Our technique consistently identified places where the professional staff spent time modifying design and code.
14
![Page 15: Exploring Software Supply Chains from a Technical Debt ......from a Technical Debt Perspective J. Yates Monteith John D. McGregor Strategic Software Engineering Research Group 1 Problem:](https://reader035.fdocuments.in/reader035/viewer/2022071218/6053383070af3830cc3447d8/html5/thumbnails/15.jpg)
Conclusion
• Betweenness centrality has a positive relationship with technical debt.
• Using whichever of the two is easiest to compute we can identify regions of code that need renovation.
• We can also identify the vendors in an ecosystem that are best to use from a technical debt perspective.
15