Research Questions

[NightLore]

1. How helpful are visualization programs?
2. How well does this implementation help a developer determine an acceptable dependency?

[NightLore]

Another direction: ask open source maintainers if this would be useful

1. Is this program useful for open source maintainers?
2. Would this program be used by open source maintainers?
3. What would open source maintainers like to see in a visualization program?

[NightLore]

Idea: Separate questions based on different metrics such as vulnerabilities, popularity (stars, forks...), activeness (open/closed issues, truck factor, PR, mean time to review/close PR)

• whether or not showing vulnerability levels help developers in adopting dependencies --(To what extend do developers consider vulnerability/popularity/activeness) -- does it help? Will they just google? What are they developing -- do they care if for large company?
• helpful to show popularity or activeness?

1. Does showing vulnerability levels help developers choose acceptable dependencies?
2. Does showing vulnerability levels help developers maintain their dependencies?
3. Does showing popularity metrics help developers choose acceptable dependencies?
4. Does showing activeness metrics help developers choose acceptable dependencies?
5. Do developers prefer to a visualization program over searching for the information themselves?
6. Are developers from large companies more likely to prefer a visualization program?

[NightLore]

• Define acceptable dependencies
• Define Methodology to figure out how to insert questions
  • literature review
    • (useful if we had research questions to explore the field)
    • Maybe have a look for ideas on methodology
  • experiment/survey with developers
  • ask students to use it?
  • case study (for specific scenario)
  • Create series of tasks to perform on implementation (answer questions based on tool)
    • group of students answering questions using tool vs not using tool (another version of solution?)
• Then go back and verify that research questions match method

[NightLore]

• Survey
  • Video? Then answer questions
• 308 class use the tool with given tasks and maybe answer questions
  • log time (do they go faster using the tool)
  • measure correctness of their tasks
  • Ex. What is best library to import?
    • Three options, one may have more severe vulnerabilities or not as maintained, how they decide on tool?
  • Ex. Assess the risk of a project
    • have hour
  • Ex. Have two projects, which one would you pick?

[bcdasilv]

Visualizing the Evolution of Systems and their library Dependencies (Vissoft 2014): https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6980224

Visualizing Modules and Dependencies of OSGi-based Applications (Visoft 2016): https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7780164