Software Engineering master student Nuria Bruch wins VERSEN Master Thesis Award!

Nuria Bruch, supervised by Ana Oprescu, Miroslav Zivkovic and Lodewijk Bergmans wins the VERSEN Master Thesis Award for her work on measuring the degree of library dependency!

The usage of libraries, both commercial and open-source, encapsulating the implementation of certain functionalities is a widespread practice among developers. However, when a developer uses a library in a software product, this creates a dependency, and if a library has a security issue, it can be propagated to the software product. Developers can use package managers, however, these generally offer a simple binary evaluation of the dependencies: either there is one or not. Hence, a detailed evaluation of the dependencies is missing, which could help developers deal with vulnerabilities, breaking changes, and deprecated dependencies. Nuria proposes a model for software dependencies, which can help provide a fine-grained evaluation of them. The model includes three types of metrics: coupling, coverage, and usage per class. For each metric in the model, Nuria provides a formal definition and a theoretical validation by proving the metrics’ properties. She additionally implemented a proof-of-concept tool that, given a library from the Maven Central Repository, calculates the metrics of the model for each of the dependencies using bytecode analysis. Moreover, the proof-of-concept includes a visualisation of the dependency tree, including the calculated metrics. Finally, she conducted experiments to validate the model, the implementation of the proof-of-concept, and the visualisation. The experiments include interviews with 15 professional developers who evaluated the clarity and actionability of the model’s metrics and the proposed visualisations.