Abstract — Many open source software (OSS) development projects use tools and models that come from heterogeneous sources. A project manager, who wants to analyze indicators for the state of the project based on these data sources, faces the challenge of how to link semi-structured information on common concepts across heterogeneous data sources, e.g., source code versions, mailing list entries, and bug reports. Unfortunately, manual analysis is costly, error-prone, and often yields results late for decision making. In this paper we propose linking OSS data sources using semantic web technologies as foundation for providing integrated indicators project status analysis. We introduce the design concept of a project monitoring cockpit, Pro-MonCo, and evaluate the feasibility and effectiveness with a prototype for calculating communication metrics in a real-world context, the Apache Tomcat project. Major result was that Pro-MonCo efficiently supports frequent project monitoring by calculating communication metrics based on semantically integrated data originating from heterogeneous OSS project data sources.

Abstract. In open source software (OSS) project development typically tools and models originating from heterogeneous background are used. Project managers want to analyze the state of project across these artifacts but often face the challenge of linking semi-structured information across artifacts, e.g., source code versions, mailing list entries, and bug reports. Manual analysis based on finding related information between data sources is costly, error-prone, and often brings results too late for decision making. In this paper we propose linking OSS artifacts with a semantic web technology approach: the engineering knowledge base (EKB). The EKB consists of two types of ontology layers: 1. the common domain knowledge layer and 2. local tool knowledge layer. Mappings between local and domain ontology layers allow querying the local knowledge using the more stable domain ontology syntax. This EKB foundation enables the design of applications, such as a project monitoring system. We empirically evaluate the feasibility, effort, and complexity of an EKB-based project monitoring system based on real-world data.

Developers and security analysts have been using static analysis for a long time to ana-lyze programs for defects and vulnerabilities with some success. Generally a static analysis tool is run on the source code for a given program, flagging areas of code that need to be further inspected by a human analyst. These areas may be obvious bugs like potential buffer overflows, information leakage flaws, or the use of uninitialized variables. These tools tend to work fairly well – every year they find many important bugs. These tools are more impressive considering the fact that they only examine the source code, which may be very complex. Now consider the amount of data available that these tools do not analyze. There are many pieces of information that would prove invaluable for finding bugs in code, things such as a history of bug reports, a history of all changes to the code, information about committers, etc. By leveraging all this additional data, it is possible to find more bugs with less user interaction, as well as track useful metrics such as number and type of defects injected by committer. This dissertation provides a method for leveraging development metadata to find bugs that would otherwise be difficult to find using standard static analysis tools. We