AutoMetric: Towards Measuring Open-Source Software Quality Metrics Automatically

Taejun Lee, Heewon Park, Heejo Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    1 Citation (Scopus)

    Abstract

    In modern software development, open-source software (OSS) plays a crucial role. Although some methods exist to verify the safety of OSS, the current automation technologies fall short. To address this problem, we propose AutoMetric, an automatic technique for measuring security metrics for OSS in repository level. Using AutoMetric which only collects repository addresses of the projects, it is possible to inspect many projects simultaneously regardless of its size and scope. AutoMetric contains five metrics: Mean Time to Update (MU), Mean Time to Commit (MC), Number of Contributors (NC), Inactive Period (IP), and Branch Protection (BP). These metrics can be calculated quickly even if the source code changes. By comparing metrics in AutoMetric with 2,675 reported vulnerabilities in GitHub Advisory Database (GAD), the result shows that the more frequent updates and commits and the shorter the inactivity period, the more vulnerabilities were found.

    Original languageEnglish
    Title of host publicationProceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages47-55
    Number of pages9
    ISBN (Electronic)9798350324020
    DOIs
    Publication statusPublished - 2023
    Event4th IEEE/ACM International Conference on Automation of Software Test, AST 2023 - Melbourne, Australia
    Duration: 2023 May 152023 May 16

    Publication series

    NameProceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023

    Conference

    Conference4th IEEE/ACM International Conference on Automation of Software Test, AST 2023
    Country/TerritoryAustralia
    CityMelbourne
    Period23/5/1523/5/16

    Bibliographical note

    Publisher Copyright:
    © 2023 IEEE.

    Keywords

    • Open source
    • Software metrics
    • Software test automation

    ASJC Scopus subject areas

    • Artificial Intelligence
    • Computer Vision and Pattern Recognition
    • Software
    • Safety, Risk, Reliability and Quality
    • Control and Optimization

    Fingerprint

    Dive into the research topics of 'AutoMetric: Towards Measuring Open-Source Software Quality Metrics Automatically'. Together they form a unique fingerprint.

    Cite this