Martin P. Robillard

Bhagya Chembakottu, Martin P. Robillard

Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials come from vendors and emphasize high-level explanations over concrete implementation guidance. Few tutorials provide complete runnable code examples or direct links to authoritative security resources such as the Open Web Application Security Project (OWASP), Common Weakness Enumeration (CWE), or Common Vulnerabilities and Exposures (CVE). We found that two visible signals help identify more useful tutorials: the presence of runnable code and direct links to official resources. These signals can help developers distinguish broad awareness material from tutorials that better support secure implementation.

Martin P. Robillard, Lihn V. Nguyen, Deeksha Arya et al.

Health information websites offer instantaneous access to information, but have important privacy implications as they can associate a visitor with specific medical conditions. We interviewed 35 residents of Canada to better understand whether and how online health information seekers exercise three potential means of protection against surveillance: website selection, privacy-enhancing technologies, and self-censorship, as well as their understanding of web tracking. Our findings reveal how users' limited initiative and effectiveness in protecting their privacy could be associated with a missing or inaccurate understanding of how implicit data collection by third parties takes place on the web, and who collects the data. We conclude that to help health information seekers better protect their online privacy, we may need to shift privacy awareness efforts from what information is collected to how it is collected.

Mathieu Nassif, Alexa Hernandez, Ashvitha Sridharan et al.

Software projects capture information in various kinds of artifacts, including source code, tests, and documentation. Such artifacts routinely encode information that is redundant, i.e., when a specification encoded in the source code is also separately tested and documented. Without supporting technology, such redundancy easily leads to inconsistencies and a degradation of documentation quality. We designed a tool-supported technique, called DScribe, that leverages redundancy between tests and documentation to generate consistent and checkable documentation and unit tests based on a single source of information. DScribe generates unit tests and documentation fragments based on a novel template and artifact generation technology. By pairing tests and documentation generation, DScribe provides a mechanism to automatically detect and replace outdated documentation. Our evaluation of the Apache Commons IO library revealed that of 835 specifications about exception handling, 85% of them were not tested or correctly documented, and DScribe could be used to automatically generate 97% of the tests and documentation.

Sebastian Baltes, Christoph Treude, Martin P. Robillard

Software engineering is knowledge-intensive and requires software developers to continually search for knowledge, often on community question answering platforms such as Stack Overflow. Such information sharing platforms do not exist in isolation, and part of the evidence that they exist in a broader software documentation ecosystem is the common presence of hyperlinks to other documentation resources found in forum posts. With the goal of helping to improve the information diffusion between Stack Overflow and other documentation resources, we conducted a study to answer the question of how and why documentation is referenced in Stack Overflow threads. We sampled and classified 759 links from two different domains, regular expressions and Android development, to qualitatively and quantitatively analyze the links' context and purpose, including attribution, awareness, and recommendations. We found that links on Stack Overflow serve a wide range of distinct purposes, ranging from citation links attributing content copied into Stack Overflow, over links clarifying concepts using Wikipedia pages, to recommendations of software components and resources for background reading. This purpose spectrum has major corollaries, including our observation that links to documentation resources are a reflection of the information needs typical to a technology domain. We contribute a framework and method to analyze the context and purpose of Stack Overflow links, a public dataset of annotated links, and a description of five major observations about linking practices on Stack Overflow. We further point to potential tool support to enhance the information diffusion between Stack Overflow and other documentation resources.

Martin P. Robillard, Kaylee Kutschera

The authors describe a case study of the migration of an interactive diagramming tool written in Java from the Swing Graphical User Interface framework to the more recent JavaFX framework. The study distills the authors' experience identifying what information was needed to support the migration effort, and how the information was ultimately discovered. The outcome is presented in a set of five lessons about the discrepancies between expectations and reality in the search for information when migrating software between major frameworks.

Gias Uddin, Martin P. Robillard

Developer forums contain opinions and information related to the usage of APIs. API names in forum posts are often not explicitly linked to their official resources. Automatic linking of an API mention to its official resources can be challenging for various reasons, such as, name overloading. We present a technique, ANACE, to automatically resolve API mentions in the textual contents of forum posts. Given a database of APIs, we first detect all words in a forum post that are potential references to an API. We then use a combination of heuristics and machine learning to eliminate false positives and to link true positives to the actual APIs and their resources.