My publications (Daniel Morales German)

To be published by Empirical Software Engineering. Julius Davies, Daniel M. German, Michael W. Godfrey and Abram Hindle. Software Bertillonage: Determining the Provenance of Software Development Artifacts. April 2012, Journal of Empirical Software Engineering. DOI 10.1007/s10664-012-9199-7. Link to the journal version

@<dl>@<dd> Deployed software systems are typically composed of many pieces, not all of which may have been created by the main development team. Often, the provenance of included components — such as external libraries or cloned source code — is not clearly stated, and this uncertainty can introduce technical and ethical concerns that make it difficult for system owners and other stakeholders to manage their software assets. In this work, we motivate the need for the recovery of the provenance of software entities by a broad set of techniques that could include signature matching, source code fact extraction, software clone detection, call flow graph matching, string matching, historical analyses, and other techniques. We liken our provenance goals to that of Bertillonage, a simple and approximate forensic analysis technique based on bio-metrics that was developed in 19th century France before the advent of fingerprints. As an example, we have developed a fast, simple, and approximate technique called <em>anchored signature matching</em> for identifying the source origin of binary libraries within a given Java application. This technique involves a type of structured signature matching performed against a database of candidates drawn from the Maven2 repository, a 275GB collection of open source Java libraries. To show the approach is both valid and effective, we conduct an empirical study on 945 jars from the Debian GNU/Linux distribution, as well as an industrial case study on 81 jars from an e-commerce application. @</dl>

Dainel German and Massimiliano di Penta, A Method for Open Source License Compliance of Java Applications IEEE Software, Special Issue on Legal Compliance. Volume 29, Issue 3, pages 58-63. DOI 10.1109/MS.2012.50.

@<dl>@<dd> Open source license compliance (OSLC) is the process of ensuring that an organization satisfies the licensing requirements of the open source software it reuses, whether for its internal use, or as a part of a product it ships. In this paper we describe the major challenges of OSLC: component identification, provenance discovery, license identification, and licensing requirements analysis. Then, we describe \emph{Kenen}, an approach that assists organizations in the OSLC of Java components. We show its effectiveness by analyzing the licensing compliance of a commercial application. @</dl>

Peter C. Rigby, Brendan Cleary, Frederic Painchaud, Margaret-Anne Storey, Daniel M. German. To be published.

@<dl>@<dd> Although the effectiveness of software inspec- tion (formal peer review) has a long and mostly supportive history, the thought of reviewing a large, unfamiliar software artifact over a period of weeks is something dreaded by both the author and the reviewers. The dislike of this cumbersome process is natural, but neither the formality nor the aversion are fundamental characteristics of peer review. The core idea of review is simply to get an expert peer to examine your work for problems that you are blind to. The actual process is much less important for finding defects than the expertise of the people involved. @</dl>

German, D.M., Robles, G, and Hassan, A. "Change Impact Graphs: Determining the Impact of Prior Code Changes" , Journal of Information and Software Technology (INFSOF), Volume 51, Number 10, pages 1394–1408, Oct 2009.

@<dl>@<dd> The source code of a software system is in constant change. The impact of these changes spreads out across the software system and may lead to the sudden manifestation of failures in unchanged parts. To help developers fix such failures, we propose a method that, in a pre-processing stage, analyzes prior code changes to determine what functions have been modified. Next, given a particular period of time in the past, the functions changed during that period are propagated throughout the rest of the system using the dependence graph of the system. This information is visualized using Change Impact Graphs (CIGs). Through a case study based on the Apache Web Server, we demonstrate the benefit of using CIGs to investigate several real defects. @</dl>

German, D.M. and Rigau, J. "Improving scans of black and white photographs by recovering the print maker's artistic intent", Computer And Graphics, Volume 33, Issue 4, Pages 509–520 (August 2009). Journal version

@<dl>@<dd> In this paper we propose a method that reverse engineers the aesthetic decisions made by a print maker to produce a print from a negative, namely cropping, contrast selection, and dodging-and-burning. It then re-applies this process to the electronic negative in order to achieve an electronic version of such print with better tonal range and detail than one produced by scanning the print. We then extend this method to restore a print by combining scans of different versions of the same image. @</dd>

Robles, G., J.M. Gonzalez-Barahona, J.J. Amor, M. Michlmayr, and D.M. German, "Macro-level software evolution: a case study of a large software compilation" Extended version of Best Paper Award at MSR 2006. Available in electronic form at: http://www.springerlink.com/content/c516h8t6l16251l5/?p=642a63b621dc475dbe64817b2f4ff32b Journal of Empirical Software Engineering, Vol. 14, No. 3. (1 June 2009), pp. 262-285.

@<dl>@<dd> With the success of libre (free, open source) software, a new type of software compilation has become increasingly common: the 'software distribution'. Software distributions group hundreds, if not thousands, of software applications and libraries, written by independent parties, into an integrated system. Software evolution studies usually focus on the evolution of a single application. The study of software distributions provides a different evolutionary point of view. In this sense, we identify a dichotomy, similar to the one found in economics: software evolution in the small (the evolution of a single application) versus software evolution in the large (the evolution of compilations of software, composed of many different individual software applications that work together to form a system). In this paper we focus on this macro view by studying the evolution of Debian GNU/Linux (the well-known Linux distribution) over a period of 9 years. For each release of Debian we downloaded and analyzed the source code of the each of the application that compose them. We then proceeded to study their evolution in terms of number applications included, the size of each of these applications, the programming language used, and their interdependencies. Our findings demonstrate that Debian is an interesting ecosystem composed of applications of all sizes (with a large proportion of small, and few huge ones). Some evolve rapidly, while others do it more slowly. We also found that some applications never change, while others are removed from the distribution. We have also discovered that applications are hardly isolated: they depend upon many others to function, and other applications might depend upon them. We believe that the study of distributions such as Debian can be of great interest not only for understanding their own evolution, but they can be used as a proxy to understand the evolution of libre software, and software in general. @</dl>

Kienle, H.H., D.M. German, S. Tilley, and H. Muller, "Managing legal risks associated with intellectual property on the web," Int. Journal of Business Information Systems, vol. 3, no. 1, 2008.

@<dl>@<dd> Intellectual property (IP) has taken a prominent place on the Web. Today's organizations (and small and medium-sized enterprises (SMEs) in particular) need to know the ways in which their Web sites can be the target of costly IP litigation. Organizations also need to know how to manage and protect their own IP that they expose through their Web presence.

This paper provides an overview of the legal risks associated with IP on the Web. Managing such risks begins with gaining a clear understanding of how to address the salient issues related to IP that any organization has to take into account when it has a Web presence or provides a service using the Web. Towards this end, a comprehensive survey of existing IP case law in the context of Web content is provided. The survey focuses on three essential IP areas: copyright, patents, and trademarks. @</dl>

C. Bennett, D. Myers, M.-A. Storey, D. M. German, D. Ouellet, M. Salois, P. Charland "A survey and evaluation of tool features for understanding reverse-engineered sequence diagrams", Journal of Software Maintenance and Evolution. Vol. 20, no. 4. 2008.

@<dl>@<dd> Sequence diagrams can be valuable aids to software understanding. However, they can be extremely large and hard to understand even using modern tool support. Consequently, providing the right set of tool features is important if the tools are to help rather than hinder the user. This paper surveys research and commercial sequence diagram tools to determine the features they provide to support program understanding. Although there has been significant effort in developing these tools, many of them have not been evaluated using human subjects. To begin to address this gap, a preliminary study was performed with a specially designed sequence diagram tool that implements the features found during the survey. Based on an analysis of the study results, we discuss the features that were found useful and relate these to the tasks performed. It concludes by proposing how future tools can be improved to better support the exploration of large sequence diagrams. @</dl>

German, D.M., "An empirical study of fine-grained software modifications," in Journal of Empirical Software Engineering, vol. 11, no. 3, pp. 5-22, Feb. 2006.

@<dl>@<dd> Software is typically improved and modified in small increments (we refer to each of these increments as a modification record–MR). MRs are usually stored in a configuration management or version control system and can be retrieved for analysis. In this study we retrieved the MRs from several mature open software projects. We then concentrated our analysis on those MRs that fix defects and provided heuristics to automatically classify them. We used the information in the MRs to visualize what files are changed at the same time, and who are the people who tend to modify certain files. We argue that these visualizations can be used to understand the development stage of in which a project is at a given time (new features are added, or defects are being fixed), the level of modularization of a project, and how developers might interact between each other and the source code of a system @</dl>

German, D.M., and A. Hindle, "Visualizing the evolution of software using softChange," in Journal of Software Engineering Knowledge Engineering, Special Issue of Best Papers SEKE 2004, vol.16, no. 1, pp. 4-22, Feb. 2006.

@<dl>@<dd> A typical software development team leaves behind a large amount of information. This information takes different forms, such as mail messages, software releases, version control logs, defect reports, etc. softChange is a tool that retrieves this information, analyses and enhances it by finding new relationships amongst it, and then allows users to navigate and visualize this information. The main objective of softChange it to help programmers, their management and software evolution researchers in understanding how a software product has evolved since its conception. @</dl>

German, D.M., "Using software trails to reconstruct the evolution of software," Journal of Software Maintenance and Evolution: Research and Practice, vol. 16, no. 6, pp. 367-384, 2004.

@<dl>@<dd> This paper describes a method to recover the evolution of a software system using its software trails: information left behind by the contributors to the development process of the product, such as mailing lists, Web sites, version control logs, software releases, documentation, and the source code. This paper demonstrates the use of this method by recovering the evolution of Ximian Evolution, a mail client for Unix. By extracting useful facts stored in these software trails and correlating them, it was possible to provide a detailed view of the history of this project. This view provides interesting insight into how an open source software project evolves and some of the practices used by its software developers. @</dl>

German, D.M., "Decentralized open source global software development, the GNOME experience," Journal of Software Process: Improvement and Practice, vol. 8, no.4, pp. 201-215, 2004.

@<hr>

Earl T. Barr, Christian Bird, Peter C. Rigby, Abram Hindle, Daniel M. German, and Premkumar Devanbu. Acceptance Rate 24.6% (33 of 134 full papers). FASE 2012

@<dl>@<dd> Abstract. The adoption of distributed version control (DVC), such as Git and Mercurial, in open-source software (OSS) projects has been explosive. Why is this and how are projects using DVC? This new generation of version control supports two important new features: distributed repositories and histories that preserve branches and merges. Through interviews with lead developers in OSS projects and a quantitative analysis of mined data from the histories of sixty project, we find that the vast majority of the projects now using DVC continue to use a centralized model of code sharing, while using branching much more extensively than before their transition to DVC. We then examine the Linux history in depth in an effort to understand and evaluate how branches are used and what benefits they provide. We find that they enable natural collaborative processes: DVC branching allows developers to collaborate on tasks in highly cohesive branches, while enjoying reduced interference from developers working on other tasks, even if those tasks are strongly coupled to theirs. @</dl>

Massimiliano Di Penta, Giuliano Antoniol, Daniel M. German, Yann-Gael Gueheneuc, Bram Adams. Acceptance Rate 22% (11 out of 44 papers). ICSE Education 2012.

@<dl>@<dd> Abstract—Acquiring the skills to plan and conduct different kinds of empirical studies is a mandatory requirement for graduate students working in the field of software engineering. These skills typically can only be developed based on the teaching and experience of the students’ supervisor, because of the lack of specific, practical courses providing these skills. To fill this gap, we organized the first Canadian Summer School on Practical Analyses of Software Engineering Data (PASED). The aim of PASED is to provide—using a “learning by doing” model of teaching—a solid foundation to software engineering graduate students on conducting empirical studies. This paper describes our experience in organizing the PASED school, i.e., what challenges we encountered, how we designed the lectures and laboratories, and what could be improved in the future based on the participants’ feedback. @</dl>

Christopher Gat, Alexandra Branzan Albu, Daniel German, Eric Higgs: "A Comparative Evaluation of Feature Detectors on Historic Repeat Photography" Advances in Visual Computing - 7th International Symposium, ISVC 2011. Proceedings, Part II. Lecture Notes in Computer Science 6939 Springer 2011, ISBN 978-3-642-24030-0.

@<dl>@<dd> XXX To be written XXX @</dl>

Christopher Gat, Hanyu Zhang, Daniel M. German and Melanie Tory. "gamutHeatMap: Visualizing the Colour Shift of Rendering Intent Transformations", in International Symposium on Computational Aesthetics in Graphics, Visualization, and Imaging 2010. To be presented. @<i>42% Acceptance Rate ( 10 out of 24 full papers)@</i>

@<dl>@<dd> When a photograph is printed, its original colours are converted to those of the output medium using a rendering intent transformation. This process takes into consideration the colour properties of the paper and the printer used. gamutHeatMap are a visualization that highlights the perceptual difference between a soft-proof of a photograph in the intended output medium, and its original. They can be used to compare different output media to determine the one that most accurately renders the colours of a given photograph. @</dl>@</dd>

Herraiz, Israel and German, Daniel M. and Hassan, Ahmed E. (2011) On the distribution of source code file sizes. In: ICSOFT 2011 - International Conference on Software and Data Technologies, 18-21 July 2011, Seville, Spain. ICSOFT'2011. 21% acceptance rate (214 full papers submitted, 46 accepted)

@<dl>@<dd> Source code size is an estimator of software effort. Size is also often used to calibrate models and equations to estimate the cost of software. The distribution of source code file sizes has been shown in the literature to be a lognormal distribution. In this paper, we measure the size of a large collection of software (the Debian GNU/Linux distribution version 5.0.2), and we find that the statistical distribution of its source code file sizes follows a double Pareto distribution. This means that large files are to be found more often than predicted by the lognormal distribution, therefore the previously proposed models underestimate the cost of software. @</dl>@</dd>

Software Bertillonage: Finding the provenance of an entity, by Julius Davies, Daniel M. German, and Michael W. Godfrey, Working Conference in Mining Software Repositories MSR'2011. 183-192. @<i>32.8% acceptance rate (21 out of 61 full papers)@</i>

@<dl>@<dd> Deployed software systems are typically composed of many pieces, not all of which may have been created by the main development team. Often, the provenance of included components — such as external libraries or cloned source code — is not clearly stated, and this uncertainty can introduce technical and ethical concerns that make it difficult for system owners and other stakeholders to manage their software assets.

We liken our provenance goals to that of Bertillonage, a simple and approximate forensic analysis technique based on bio-metrics that was developed in 19-th century France before the advent of fingerprints. As an example, we have developed a fast, simple, and approximate technique called \emph{anchored signature matching} for identifying library version information within a given Java application. This technique involves a type of structured signature matching performed against a database of candidates drawn from the Maven2 repository, a 150GB collection of open source Java libraries. An exploratory case study using a proprietary e-commerce Java application illustrates that the approach is both feasible and effective. @</dl>

Di Penta M., German, D., Gueheneuc Y. and Antoniol, G "Tracking the Evolution of Software Licensing: An Empirical Study", International Conference on Software Engineering (ICSE 2010), @<i>13.7% acceptance rate (52 out of 380 full papers)@</i>

@<dl>@<dd> Free and open source software (FOSS) is distributed and made available to users under different software licenses, mentioned in FOSS code by means of licensing statements. Various factors, such as changes in the legal landscape, commercial code licensed as FOSS, or code reused from other FOSS systems, lead to evolution of licensing, which may affect the way a system or part of it can be subsequently used. Therefore, it is crucial to monitor licensing evolution. However, manually tracking the licensing evolution of thousands of files is a daunting task. After presenting several cases about the effects of licensing evolution, we argue that developers and system integrators must monitor licensing evolution and they need an automatic approach due of the sheer size of FOSS. We propose an approach to automatically track changes occurring in the licensing terms of a system and report an empirical study of the licensing evolution of six different FOSS systems. Results show that licensing underwent frequent and substantial changes. @</dl>

Di Penta M., German, D. and Antoniol, G. "Identifying Licensing of Jar Archives using a Code-Search Approach", International Working Conference in Mining Software Repositories, (MSR 2010). Pages 86–89. @<i>31% Acceptance Rate (17 out of 51)@</i>

@<dl>@<dd> Free and open source software strongly promotes the reuse of source code. Some open source Java components/libraries are distributed as jar archives only containing the bytecode and some additional information. For whoever wanting to integrate this jar in her own project, it is important to determine the license(s) of the code from which the jar archive was produced, as this affects the way that such component can be used.

This paper proposes an automatic approach to determine the license of jar archives, combining the use of a code-search engine with the automatic classification of licenses contained in textual files enclosed in the jar.

Results of an empirical study performed on 37 jars—from 17 different systems—indicate that this approach is able to successfully infer the jar licenses in over 95\% of the cases, but that in many cases the license in textual files may differ from the one of the classes contained in the jar. @</dl>

Sharpless T., Postle B. and German M. "Pannini: A New Projection for Rendering Wide Angle Perspective Images", International Symposium on Computational Aesthetics in Graphics, Visualization, and Imaging 2010, pages 9-16. Acceptance rate 38% (14 out of 37). Please email me for a copy, the copyright agreement of the conference does not allow me to post it for 6 months after the conference.

@<dl>@<dd> The widely used rectilinear perspective projection cannot render realistic looking flat views with fields of view much wider than 70 degrees. Yet 18th century artists known as `view painters' depicted wider architectural scenes without visible perspective distortion. We have found no written records of how they did that, however, quantitative analysis of several works suggests that the key is a system for compressing horizontal angles while preserving certain straight lines important for the perspective illusion.

We show that a simple double projection of the sphere to the plane, that we call the @<i>Pannini projection@</i>, can render images 150\degree or more wide with a natural appearance, reminiscent of Vedutismo perspective. We give the mathematical formulas for realizing it numerically, in a general form that can be adjusted to suit a wide range of subject matter and field widths, and briefly compare it to other proposed alternatives to the rectilinear projection. @</dl>

German D., Di Penta M. and Davies J. "Understanding and Auditing the Licensing of Open Source Software Distributions", International Conference in Program Comprehension (ICPC 2010) @<i>20% acceptance rate (15 out of 76 full papers accepted).@</i>

@<dl>@<dd> Free and open source software (FOSS) applications, libraries, and components are very commonly distributed in binary packages, often part of GNU/Linux operating system distributions, or as part of software or hardware products distributed (and potentially sold) to users.

FOSS creates great opportunities for users, developers and integrators, however it is important for them to understand the licensing requirements of any package they use.

Determining the license of a package and assessing whether it depends on other software with incompatible licenses is not trivial. Although this task has been done in a labor intensive manner by software distributions, such as Fedora and Debian, automatic tools to perform this analysis are highly desired.

This paper proposes a method to understand licensing compatibility issues in software packages, and reports an empirical study aimed at auditing licensing issues in binary packages of the Fedora-12 GNU/Linux distribution. The objective of this study is (i) to understand how the license declared in packages is consistent with those of source code files, and (ii) to audit the licensing information of Fedora-12, highlighting cases of incompatibilities between dependent packages.

The obtained results—supported by feedback received from Fedora contributors—show that there exist many nuances in determining the license of a binary package from its source code, as well as cases of license incompatibility issues due to package dependencies.

@</dl>

by D.M. German, Y. Manabe and K. Inoue. @<i>Accepted for publication at Automated Software Engineering, 2010, final version will be different from this one.@</i> Paper in PDF

@<dl>@<dd> The reuse of free and open source software (FOSS) components is becoming more prevalent. One of the major challenges in finding the right component is finding one that has a license that is adequate for its intended use. The license of a FOSS component is determined by the licenses of its source code files. In this paper, we describe the challenges of identifying the license under which source code is made available, and propose a sentence-based matching algorithm to automatically do it. We demonstrate the feasibility of our approach by implementing a tool named Ninka. We performed an evaluation that shows that Ninka outperforms other methods of license identification in precision and speed. We also performed an empirical study on 0.8 million source code files of Debian that highlight interesting facts about the manner in which licenses are used by FOSS. @</dl>

Di Penta, Massimiliano and German, Daniel M. Who are Source Code Contributors and How do they Change?, in Proc. 14th Working Conf. on Reverse Engineering, pp. 11-20, 2009. Acceptance rate 25\% (20 full papers accepted from 79 submissions).

@<dl>@<dd> Determining who are the copyright owners of a software system is important as they are the individuals and organizations that license the software to its users, and ultimately the legal entities that can enforce its licensing terms and change its license. In this paper we describe the difficulties of identifying the explicit copyright owners of a system, and those who contribute source code to it–who could potentially claim are also copyright owners of it.

The paper introduces a method to track the names of contributors, including those explicitly listed as copyright owners from licensing statements in source code file. Then, it reports an empirical study performed on four open source systems—namely ArgoUML, Mozilla, Samba, and Squid—aimed at investigating the characteristics of their contributors and how they relate to the commits recorded in the system and users who perform them (its committers).

Results indicate that explicit contributors and copyright owners are not necessarily the most frequent committers. Also, they are often added during larger changes than average. @</dl>

Christian Bird, Peter C. Rigby, Earl T. Barr, David J. Hamilton, Daniel M. German, and Prem Devanbu, The Promises and Perils of Mining Git, 6th International Working Conference on Mining Software Repositories (MSR 2009), May 2009. Acceptance rate 30% (14 out of 47 full papers)

@<dl>@<dd> We are now witnessing the rapid growth of decentralized source code management (DSCM) systems, in which every developer has her own repository. DSCMs facilitate a style of collaboration in which work output can flow sideways (and privately) between collaborators, rather than always up and down (and publicly) via a central repository. Decentralization comes with both the promise of new data and the peril of its misinterpretation. We focus on git, a very popular DSCM used in high-profile projects. Decentralization, and other features of git, such as automatically recorded contributor attribution, lead to richer content histories, giving rise to new questions such as ``How do contributions flow between developers to the official project repository?'' However, there are pitfalls. Commits may be reordered, deleted, or edited as they move between repositories. The semantics of terms common to SCMs and DSCMs sometimes differ markedly, potentially creating confusion. For example, a commit is immediately visible to all developers in centralized SCMs, but not in DSCMs. Our goal is to help researchers interested in DSCMs avoid these and other perils when mining and analyzing git data. @</dl>

German, D., Di Penta M., Gueheneuc Y. and Antoniol, G ``Code Siblings: Technical and Legal Implications'', 6th International Working Conference on Mining Software Repositories (MSR 2009), May 2009. Acceptance rate 30% (14 out of 47 full papers)

@<dl>@<dd> Software systems, like islands, create environments where code is developed and evolved. They can be very close or far apart from a technical and a legal point of view. Like finches, code fragments can move from one system to another.

We investigate the effect of software licenses on source code fragments migration between different systems developed under different licenses. Like wind currents between two islands may prevent seagull migration in one or both directions, we posit that licenses may prevent code migration between systems: in presence of incompatible licenses, code cannot—legally—migrate between them or may only migrate in one direction.

In this paper, we use clone detection, license mining and classification, and change history techniques to understand how code fragments—under different licenses—flow in one direction or the other between Linux and two BSD Unixes, FreeBSD and OpenBSD, and to what extent third-party code is introduced into different kernels. @</dl>

Hindle, A, German, D, Godfrey M, and Holt R. "Automatic Classification of Large Changes into Maintenance Categories", 17th IEEE International Conference on Program Comprehension (ICPC), 2009. (27% acceptance rate 20, full papers accepted from 74 papers submitted).

@<dl>@<dd> Large software systems undergo significant evolution during their lifespan, yet often individual changes are not well documented. In this work, we seek to automatically classify large changes into various categories of maintenance tasks — corrective, adaptive, perfective, feature addition, and non-functional improvement — using machine learning techniques. In a previous paper, we found that many commits could be classified easily and reliably based solely on the manual analysis of the commit metadata and commit messages (i.e., without reference to the source code). Our extension is the automation of classification by training Machine Learners on features extracted from the commit metadata, such as the word distribution of a commit message, commit author, and modules modified. We validated the results of the learners via 10-fold cross validation, which achieved accuracies consistently above 50%, indicating good to fair results. We found that the identity of the author of a commit provided much information about the maintenance class of a commit, almost as much as the words of the commit message. This implies that for most large commits, the Source Control System (SCS) commit messages plus the commit author identity is enough information to accurately and automatically categorize the nature of the maintenance task. @</dl>

German, D.M., and Hassan, A. "License Integration Patterns: Dealing with Licenses Mismatches in Component-Based Development", International Conference of Software Engineering (ICSE) 2009, May 2009. Acceptance rate 13%.

@<dl>@<dd> In this paper we address the problem of combining software components with different and possibly incompatible legal licenses to create a software application that does not violate any of these licenses while potentially having its own. We call this problem the "license mismatch" problem. The rapid growth and availability of Open Source Software (OSS) components with varying licenses, and the existence of more than 70 OSS licenses increases the complexity of this problem. Based on a study of 124 OSS software packages, we developed a model which describes the interconnection of components in these packages from a legal point of view. We used our model to document integration patterns that are commonly used to solve the license mismatch problem in practice when creating both proprietary and OSS applications. Software engineers with little legal expertise could use these documented patterns to understand and address the legal issues involved in reusing components with different and possibly conflicting licenses. @</dl>

German, D. and Gonzalez-Barahona J "An empirical study of the reuse of software licensed under the GNU General Public License". IFIP Open Source Ecosystems: Diverse Communities Interacting, Advances in Information and Communication Technology, Volume 299/2009. Pages 185-198. Acceptance rate 49% (29 out of 59) Publishers version

@<dl>@<dd> Software licensing is a complex issue in free and open source software (FOSS), specially when it involves the redistribution of derived works. The creation of derivative works created from components with different FOSS licenses poses complex challenges, particularly when one of the components is licensed under the terms of one of the versions of the GNU General Public License (GPL). This paper describes an empirical study of the manner in which GPLed licensed software is combined with components under different FOSS licenses. We have discovered that FOSS software developers have found interesting methods to create derivative works with GPLed software that legally circumvent the apparent restrictions of the GPL. In this paper we document these methods and show that FOSS licenses interact in complex and unexpected ways. In most of these cases the goal of the developers (both licensors and licensees) is to further increase the commons of FOSS. @</dd>

Hindle, A., German, D.M. and Holt, R. "What do large commits tell us? A taxonomical study of large commits", 5th International Working Conference on Mining Software Repositories (MSR 2008), May 2008, pages 99—108. Acceptance rate 40%.

@<dl>@<dd> Research in the mining of software repositories has frequently ignored commits that include a large number of files (we call these large commits). The main goal of this paper is to understand the rationale behind large commits, and if there is anything we can learn from them. To address this goal we performed a case study that included the manual classification of large commits of nine open source projects. The contributions include a taxonomy of large commits, which are grouped according to their intention. We contrast large commits against small commits and show that large commits are more perfective while small commits are more corrective. These large commits provide us with a window on the development practices of maintenance teams. @</dl>

German, D.M. "Improving scans of black and white photographs by recovering the print maker's artistic intent", Computational Aesthetics in Graphics, Visualization, and Imaging (CaE’08), pages 99-106, June 2008. This paper was invited to the special issue of Best Papers of CaE’08, to appear in Computers and Graphics.

@<dl>@<dd> In this paper we propose a method that reverse engineers the aesthetic decisions made by a print maker to produce a print from a negative, namely cropping, contrast selection, and dodging-and-burning. It then re-applies this process to the electronic negative in order to achieve an electronic version of such print with better tonal range and detail than one produced by scanning the print. We then extend this method to restore a print by combining scans of different versions of the same image. @</dl>

German, D.M., Robles, G, and Hassan, A. "Change Impact Graphs: Determining the Impact of Prior Code Changes", International Conference in Source Code Analysis and Manipulation (SCAM) 2008, pages 184—193, Sept. 2008. Acceptance rate 41%. Shortlisted for best paper award and invited to special issue of Best Papers of SCAM’08 to appear in Journal of Information and Software Technology.

@<dl>@<dd> The source code of a software system is in constant change. The impact of these changes spreads out across the software system and may lead to the sudden manifestation of failures in unchanged parts. To help developers fix such failures, we propose a method that, in a pre-processing stage, analyzes prior code changes to determine what functions have been modified. Next, given a particular period of time in the past, the functions changed during this period are propagated throughout the rest of the system using the dependence graph of the system. This information is visualized using Change Impact Graphs (CIGs). Through a case study based on the Apache Web Server, we demonstrate the benefit of using CIGs to investigate several real defects. @</dl>

Storey, M.A.; Bennett, C.; Bull, R. I.; German, D.M.; "Remixing visualization to support collaboration in software maintenance". International Conference of Software Maintenance and Evolution (ICSM’08)Frontiers of Software Maintenance, 2008. FoSM 2008. Pages:139 – 148. Invited paper.

@<dl>@<dd> In this paper wWe propose that collaborative software visualization can improve team software maintenance work. We first provide a brief overview oreview f how visualization is used to can support software maintenance from three the perspectives of: system understanding, process understanding and software evolution. From this review, we determined conclude that visualization tools are rarely designed to provide explicit support for collaborative authoring and sharing of views. Thus, wWe then provide an overview of research from a from Computer Supported Cooperative Work (CSCW) perspective, and propose that CSCW this research should be applied to software visualization. We explore both the opportunities and challenges this research focus presents and conclude that more attention paid to the social aspects of software maintenance visualization should improve both individual and team processes in software maintenance @</dl>

Godfrey, Michael W.; German, Daniel M.; "The past, present, and future of software evolution", International Conference of Software Maintenance and Evolution (ICSM’08) Frontiers of Software Maintenance, 2008. FoSM 2008. Page(s):129 – 138. Invited paper.

@<dl>@<dd> Change is an essential characteristic of software development, as software systems must respond to evolving requirements, platforms, and other environmental pressures. In this paper, we discuss the concept of software evolution from several perspectives. We examine how it relates to and differs from software maintenance. We discuss insights about software evolution arising from Lehman's laws of software evolution and the staged lifecycle model of Bennett and Rajlich. We compare software evolution to other kinds of evolution, from science and social sciences, and we examine the forces that shape change. Finally, we discuss the changing nature of software in general as it relates to evolution, and we propose open challenges and future directions for software evolution research. @</dl>

Rigby, P., D.M. German, and M. A. Storey, "Open source software peer review practices: a case study of the Apache server" in ACM/IEEE Int. Conf. on Software Engineering (ICSE'08), 2008, pages 541—550. Acceptance rate 15% (56 of the 371 technical papers).

@<dl>@<dd> Peer review is seen as an important quality assurance mechanism in both industrial development and the open source software (OSS) community. The techniques for performing inspections have been well studied in industry; in OSS development, peer reviews are less well understood. We examine the two peer review techniques used by the successful, mature Apache server project: review-then-commit and commit-then-review. Using archival records of email discussion and version control repositories, we construct a series of metrics that produces measures similar to those used in traditional inspection experiments. Specifically, we measure the frequency of review, the level of participation in reviews, the size of the artifact under review, the calendar time to perform a review, and the number of reviews that find defects. We provide a comparison of the two Apache review techniques as well as a comparison of Apache review to inspection in an industrial project. We conclude that Apache reviews can be described as (1) early, frequent reviews (2) of small, independent, complete contributions (3) conducted asynchronously by a potentially large, but actually small, group of self-selected experts (4) leading to an efficient and effective peer review technique. @</dl>

German, D.M., L. Burchill, A. Duret-Lutz, S. Pèrez-Duarte, E. Pèrez-Duarte, and J. Sommers, "Flattening the viewable sphere" (artistic paper), in Computational Aesthetics in Graphics, Visualization, and Imaging, 2007 (CAe 2007), (D. W. Cunningham, G. Meyer, L. Neumann, A. Dunning, and R. Paricio, Eds.), pp. 23-28. Eurographics Association, June 2007.

@<dl>@<dd> The viewable sphere corresponds to the space that surrounds us. The evolution of photography and panoramic software and hardware has made it possible for anybody to capture the viewable sphere. It is now up to the artist to determine what can be done with this raw material. In this paper we explore the underdeveloped field of flat panoramas from an artistic point of view. We argue that its future lies in the exploration of conformal mappings, specialized software, and the interaction of its practitioners via the Internet. @</dl>

German, D.M., Pablo d'Angelo, Michael Gross, and Bruno Postle, "New methods to project panoramas for practical and aesthetic purposes," in Computational Aesthetics in Graphics, Visualization, and Imaging, 2007 (CAe 2007), (D. W. Cunningham, G. Meyer, L. Neumann, A. Dunning, and R. Paricio, Eds.), pp.13-22. Eurographics Association, June 2007.

@<dl>@<dd> Recent advances in digital photomontage have simplified the creation of extreme wide-angle views from a vantage point, including the recreation of the entire sphere (we will refer to these type of images as panoramas). In order to minimize the distortion from the point of view of the viewer, panoramas have been typically presented using curved displays (such as the original panoramas, by Barker, in 1787; or several cinematographic systems, such as Circle-Vision 360, still in use), and more recently with the help of the computer (such as the QuickTime VR format). Unfortunately requiring such systems restricts their use, and little research has been done in the representation of panoramas into a flat surface. In this paper we propose the use of several geographic map projections to project a panorama into a flat surface, both for realistic purposes (where the projection can be easily accepted as a faithful representation of the original image) and for artistic purposes (where the projection is used as an artistic tool intended for the creation of an innovative interpretation of the panorama). Finally we explore the use of inclinometers and map projections to automatically project an image from a wide-angle lens (rectilinear or fisheye) into a new image that is more aesthetically pleasant.

We believe the projections discussed in this paper will be useful to photographers, artists, and the designers of virtual reality environments, all of who might require the displaying of images with a wide field-of-view. @</dl>

German, D.M., J.M. Gonzalez-Barahona, and G. Robles, "A model to understand the building and running inter-dependencies of software," in Proc. 14th Working Conf. on Reverse Engineering, pp. 130-139, 2007. Acceptance rate 31% (27 out of 87 technical papers)

@<dl>@<dd> The notion of functional or modular dependency is fundamental to understand the architecture and inner workings of any software system. In this paper, we propose to extend that notion to consider dependencies at a larger scale, between software applications (usually programs or libraries themselves). These dependencies, which we call inter-dependencies are of exceptional importance in free an open source software (FOSS), where it is common to build new applications by taking advantage of a rich and complex environment of programs and libraries whose functionality is available. To explore this concept, a methodology and visualization for studying inter-dependencies of a complex software system is presented and applied to one of the largest distributions of FOSS: Debian GNU/Linux. @</dl>

Herraiz, I., M.Gonzalez-Barahona, G. Robles, and D.M. German, "On the prediction of the evolution of libre software projects," in 23rd IEEE Int. Conf. on Software Maintenance (ICSM'07), 2007. Acceptance rate 21% (46 of 214 full papers)

@<dl>@<dd> Libre (free / open source) software development is a complex phenomenon. Many actors (core developers, casual contributors, bug reporters, patch submitters, users, etc.), in many cases volunteers, interact in complex patterns without the constrains of formal hierarchical structures or organizational ties. Understanding this complex behavior with enough detail to build explanatory models suitable for prediction is an open challenge, and few results have been published to date in this area. Therefore statistical, non-explanatory models (such as the traditional regression model) have a clear role, and have been used in some evolution studies. Our proposal goes in this direction, but using a model that we have found more useful: time series analysis. Data available from the source code management repository is used to compute the size of the software over its past life, using this information to estimate the future evolution of the project. In this paper we present this methodology and apply it to three large projects, showing how in these cases predictions are more accurate than regression models, and precise enough to estimate with little error their near future evolutions. @</dl>

McNair, A., D.M. German, and J. Weber-Jahnke, "Visualizing software architecture evolution using change-sets," in Proc. 14th Working Conf. on Reverse Engineering, pp.140-149, 2007. Acceptance rate 31% (27 out of 87 technical papers)

@<dl>@<dd> When trying to understand the evolution of a software system it can be useful to visualize the evolution of the system's architecture. Existing tools for viewing architectural evolution assume that what a user is interested in can be described in an unbroken sequence of time, for example the changes over the last six months. We present an alternative approach that provides a lightweight method for examining the net effect of any set of changes on a system's architecture. We also present Motive, a prototype tool that implements this approach, and demonstrate how it can be used to answer questions about software evolution by describing case studies we conducted on two Java systems. @</dl>

Shabawa, K., and D.M. German, "BioFOSS: a survey of free/open source software in Bioinformatics", 2006 IEEE Symp. on Computer Based Medical Systems, pp. 861-866, June 2006.

@<dl>@<dd> This paper discusses the current state of free/open source software (F/OSS) projects in the field of academic bioinformatics. The paper reports on a survey of the bioinformatics journal that enumerates the number of Application Notes published between volumes 2004-20-17 and 2005-21-7. The purpose of this survey is to determine what percentage of bioinformatics applications are made available under open source licenses. Bioinformatics includes tools, databases, and organizations to support them. An overview is given for the EMBOSS project, the Open Bioinformatics Foundation, and GenBank. In addition, a short discussion of Linux distributions tailored to the needs of bioinformaticians is provided @</dl>

German, D.M., and A. Hindle, "Measuring fine-grained change: towards modification aware change metrics," in Metrics ’05: 11th IEEE Int. Metrics Symp., p. 28 (10 pages), Sept. 2005.

@<dl>@<dd> In this paper we propose the notion of change metrics, those that measure change in a project or its entities. In particular we are interested in measuring fine-grained changes, such as those stored by version control systems (such as CVS). A framework for the classification of change metrics is provided. We discuss the idea of change metrics which are modification aware, that is metrics which evaluate the change itself and not just the change in a measurement of the system \emph{before} and \emph{after} the change. We then provide examples of the use of these metrics on two mature projects. @</dl>

Akanda, M.A.K., D.M. German, "A system of patterns for web navigation," in Web Engineering: 5th Int. Conf. ICWE 2005, pp 136-141, July. 2005.

@<dl>@<dd> In this paper we propose a system of design patterns for Web navigation. We have collected patterns already published in the literature, selected ten of them, refined them and identified the relationships among them. The selected patterns are rewritten in the Gang of Four (GoF) notation. They are implemented and integrated together leading to a framework intended to be used as the central part in developing data intensive Web applications. @</dl>

Rigby, P.C., D. Cubranic, S. Thompson, D.M. German, and M.-A. Storey, "Gild: an open-source environment to teach programming to novices," in Open Educational Symp. of 1st Int. Conf. on Open Source Systems, pp. 338-340, July 2005.

German, D.M., "Experiences teaching a graduate course in open source software engineering," in Open Educational Symp. of 1st Int. Conf. on Open Source Systems, pp. 326-329, July 2005.

Storey, M.-A., S. Cubranic, and D.M. German, "On the use of visualization to support awareness of human activities in software development: a survey and a framework," in Proc. of the 2nd ACM Symp. on Software Visualization, pp. 193-202, May 2005.

Kienle, H.M., D.M. German, S. Tilley, and H.A. Müller, "Intellectual property aspects of web publishing," in SIGDOC ’04: Proc. of the 22 Annual Int. Conf. on design of Communication, ACM Press, pp. 136-144,

German, D.M., A. Hindle, and N. Jordan, " Visualizing the evolution of software using softChange," in Proc. SEKE 2004, 16th Int. Conf. on eSoftware Engineering and Knowledge Engineering, Knowledge Systems Institute, 3420 Main St., Skokie IL 60076, USA, pp. 336-341, June

German, D.M., "An empirical study of fine-grained software modifications," in 20th IEEE Int. Conf. on Software Maintenance (ICSM’04), Sept. 2004.

@<dl>@<dd> Software is typically improved and modified in small increments. These changes are usually stored in a configuration management or version control system and can be retrieved. In this paper we retrieved each individual modification made to a mature software project and proceeded to analyze them. We studied the characteristics of these Modification Requests (MRs), the interrelationships of the files that compose them, and their authors. We propose several metrics to quantify MRs, and use these metrics to create visualization graphs that can be used to understand the interrelationships. @</dl>

Kerr, S., and D.M. German, "Partitioning the navigational model: a component-driven approach," in Proc. of the Int. Conf. on web Engineering, July 2003.

@<hr>

Gargi Bougie, Jamie Starke, Margaret-Anne Storey and Daniel M. German. Towards Understanding Twitter Use in Software Engineering: Preliminary Findings, Ongoing Challenges and Future Questions. Second International Workshop on Web 2.0 for Software Engineering (Web2SE 2011)

D. German, M. Di Penta, and J. Weber-Jahnke. Lawful Software Engineering, 2010 FSE/SDP Workshop on the Future of Software Engineering Research, to appear, 2010.

@<dl>@<dd> Legislation is constantly affecting the way in which software developers can create software systems, and deliver them to their users. This raises the need for methods and tools that support developers in the creation and re-distribution of software systems with the ability of properly coping with legal constraints. We conjecture that legal constraints are another dimension software analysts, architects and developers have to consider, making them an important area of future research in software engineering. @</dl>

G. Robles and D. M. German, Beyond Replication: An example of the potential benefits of replicability in the Mining Software Repositories Community by G. Robles and D. M. German, 1st International Workshop on Replication in Empirical Software Engineering Research (RESER), 2010.

@<dl>@<dd> While in theory the mining software repositories is an area where replication is easier to perform than for other empirical software engineering fields, a review of papers presented at the MSR workshop/working conference shows that the research studies presented do not satisfy the requirements for an easy replication. In this paper, we present some possibilities that replicability may provide to this community that go beyond the verification of results presented in the original study. @</dl>

Bennett, C., D. Myers, M.-A. Storey, and D. German, "Working with 'monster' traces: building scalable, usable sequence viewer," in 3rd Int. Workshop on Program Comprehension through Dynamic Analysis (PCODA'07), 2007.

German, D.M., J.M. Gonzalez-Barahona, and G. Robles, "In what do you trust when you trust? the importance of dependencies in trust analysis," Proc. of the 1st Int. Workshop on Trust, in Open Source Software (TOSS), 2007.

German, D.M., "Using software distributions to understand the relationship among free and open source software projects", in 4th Int. Workshop on Mining Software Repositories (MSR 2007), May 2007. Acceptance rate 38% (15 of 39 full papers).

@<dl>@<dd> Success in the open source software world has been measured in terms of metrics such as number of downloads, number of commits, number of lines of code, number of participants, etc. These metrics tend to discriminate towards applications that are small and tend to evolve slowly. A problem is, however, how to identify applications in these latter categories that are important. Software distributions specify the dependencies needed to build and to run a given software application. We use this information to create a dependency graph of the applications contained in such a distribution. We explore the characteristics of this graph, and use it to define some metrics to quantify the dependencies (and dependents) of a given software application. We demonstrate that some applications that are invisible to the final user (such as libraries) are widely used by end-user applications. This graph can be used as a proxy to measure success of small, slowly evolving free and open source software. @</dl>

German, D.M., J. Robles, J.M. Gonzalez-Baharona, "The challenges of automated quantitative analysis of open source software projects," Workshop on Evaluation Frameworks for Open Source Software (EFOSS), Apr. 2006.

German, D.M., and P. Rigby, and M.-A. Storey, "Using evolutionary annotations from change logs to enhance program comprehension," 3rd Int. Workshop on Mining Software Repositories (MSR 2006), pp. 159-162, May 2006.

German, D.M. The flow of knowledge in free and open source communities", 2nd Int. Workshop in Supporting Knowledge Collaboration in Software Development (KCSD 2006), Sept. 2006.

German, D.M., G. Robles, and J.M. Gonzales-Baharona, "The challenges of quantitative analysis of open source software projects," EFOSS Workshop at the 2nd Open Source Conf., June 2006.

Hindle, A., and D.M. German, "A formal model and a query language for source control repositories," in 2nd Int. Workshop on Mining Software Repositories, pp. 100-105, May 2005.

Izquierdo, L., D. Damian, and D.M. German, "Towards understanding requirements management in a special case of global software development: A study of asynchronous communication in the Open Source Community," in Proc. of Int. Workshop on Distributed Software Development, pp. 171-185, 2005.

German, D.M., D. Cubranic, and M.-A. Storey, "A framework for describing and understanding mining tools in software development," in 2nd Int. Workshop on Mining Software Repositories, pp. 95-99, May

Kienle, H.M., D.M. German, and H.A. Müller, "Legal concerns of web site reverse engineering," in Proc. of the Int. Workshop in Web Site Evolution, pp. 41-50, Sept. 2004.

Myers, D., E. Hargreaves, J. Ryall, S. Thompson, M. Burgess, D.M. German, and M.A. Storey, "Developing market support within eclipse," in Proc. of OOPSLA Workshop on Eclipse Technology eXchange, Sept. 2004.

German, D.M., "Mining CVS repositories, the softChange experience," in 1st Int. Workshop on Mining Software Repositories, pp. 17-21, 2004.

Liu, Y, E. Stroulia, K. Wong, and D. German, "Using CVS historical information to understanding how students develop software," in 1st Int. Workshop in Mining Software Repositories, pp. 32-36, May 2004.

German, D.M., "GNOME, a case of open source global software development," in Proc. of the Int. Workshop on Global Software Development, May 2003.

Storey, M.-A., J. Michaud, M. Mindel, M. Sanseverino, D. Damian, D. Myers, D. German, and E. Hargreaves, "Improving the usability of Eclipse for novice programmers," in Proc. of the OOPSLA Workshop on Eclipse Technology eXchange, pp. 35-39, Oct. 2003.

German, D.M., and A. Mockus, "Automating the measurement of open source projects," in Proc. of the 3rd Workshop on Open Source Software Engineering, May 2003.

Storey, M.A., M. Sanseverino, D.M. German, D.Damian, A. Damian, J. Michaud, A. Murray, R. Lintern, and J. Chisan, "Adopting GILD: an integrated learning and development environment for programming," in Proc. of the 3rd Int. Workshop on Adoption-Centric Software Engineering, May 2003.

Akanda, M.A.K., and D.M. German, "A component-oriented framework for the implementation of navigational design patterns," in Proc. of the Int. Conf. on Web Engineering, pp. 449-450, July 2003.

German, D.M., "Using HadeZ to formally specify the Web museum of the National Gallery of Art," in 2nd Int. Workshop on Web Oriented Software Technology, June 2002.

Jahnke, J., D. German, and J. Wadsack, "Architectural patterns for data mediation in web-centric information systems," in Proc. of the ’02 ICSE Web Engineering Workshop, May 2002.

German, D., "The evolution of the GNOME Project," in Proc. of the 2nd Workshop on Open Source Software Engineering, May 2002.

@<hr>

Daniel M. German, and Massimiliano Di Penta

FSE Technical Briefings proposal.

Daniel M. German, and Julius Davis Apples Vs. Oranges? An exploration of the challenges of comparing the source code of two software systems International Working Conference on Mining Software Repositories (MSR 2011). MSR Challenge Report. <b>Best Challenge Report</b>

Gargi Bougie, Christoph Treude,Daniel M. German, and Margaret-Anne Storey. A Comparative Exploration of FreeBSD Bug Lifetimes MSR Challenge, International Working Conference on Mining Software Repositories (MSR 2010). Pages 106–109.

@<dl>@<dd> In this paper, we explore the viability of mining the basic data provided in bug repositories to predict bug lifetimes. We follow the method of Lucas D. Panjer as described in his paper, Predicting Eclipse Bug Lifetimes. However, in place of Eclipse data, the FreeBSD bug repository is used. A comparative approach is taken to explore the difference in bug lifetimes and prediction accuracy between the Eclipse and FreeBSD projects. In addition, we question whether there is a more informative way of classifying bugs than is considered by current bug tracking systems. @</dl>

Julius Davies, Hanyu Zhang, Lucas Nussbaum and Daniel M. German. Perspectives on Bugs in the Debian Bug Tracking System MSR Challenge, International Working Conference on Mining Software Repositories (MSR 2010), Pages 86–89.

@<dl>@<dd> Bugs in Debian differ from regular software bugs. They are usually associated with packages, instead of software modules. They are caused and fixed by source package uploads instead of code commits. And Debian bugs deviate from conventional bugs in one other surprising aspect: a high bug-frequency might not indicate poor quality. @</dl>

German, D., Di Penta, M., Antoniol, G. and Gueheneuc Y. ``Code Siblings: Phenotype Evolution'', in 3rd International Workhsop on Software Clones, IWSC'2009.

Herraiz I,, German, D.M, Gonzalez-Barahona J and Robles G. "Towards a simplification of the bug report form in eclipse", Challenge Report, 5th International Working Conference on Mining Software Repositories (MSR 2008), May 2008. pages 145—148.

German. D.M., Tutorial: "Intellectual property for software engineers," in Proc. 14th Working Conf. on Reverse Engineering, page 297, 2007.

German, D.M., "A study of the contributors of PostgreSQL," in 3rd Int. Workshop on Mining Software Repositories - MSR Challenge Reports (MSR 2006), received Best Challenge Report Award, May 2006.

@<hr>