迈向多阶层社会技术一致性：协同软件开发环境下的协调评估

IF 1.8 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Software-Evolution and Process Pub Date : 2025-09-08 DOI:10.1002/smr.70040

Roshan Namal Rajapakse, Claudia Szabo

{"title":"迈向多阶层社会技术一致性：协同软件开发环境下的协调评估","authors":"Roshan Namal Rajapakse, Claudia Szabo","doi":"10.1002/smr.70040","DOIUrl":null,"url":null,"abstract":"Effective coordination between contributors with different functional roles is fundamental for the success of collaboration-centric software development paradigms such as DevSecOps. However, quantitatively assessing coordination in such settings has received limited attention. We introduce multi-class socio-technical congruence (<math>\n <semantics>\n <mrow>\n <mi>M</mi>\n <mi>C</mi>\n <mtext>-</mtext>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ MC\\hbox{-} STC $$</annotation>\n </semantics></math>), an extension of the widely studied socio-technical congruence (<math>\n <semantics>\n <mrow>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ STC $$</annotation>\n </semantics></math>) framework to address this gap. Our metric enables the assessment of coordination in a setting where contributors with different functional roles or alignments collaborate. Using a large-scale exploratory case study, we evaluated <math>\n <semantics>\n <mrow>\n <mi>M</mi>\n <mi>C</mi>\n <mtext>-</mtext>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ MC\\hbox{-} STC $$</annotation>\n </semantics></math> for two classes (i.e., <math>\n <semantics>\n <mrow>\n <mn>2</mn>\n <mi>C</mi>\n <mtext>-</mtext>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ 2C\\hbox{-} STC $$</annotation>\n </semantics></math>). Specifically, we calculated <math>\n <semantics>\n <mrow>\n <mn>2</mn>\n <mi>C</mi>\n <mtext>-</mtext>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ 2C\\hbox{-} STC $$</annotation>\n </semantics></math> for 100 systematically selected projects from the TravisTorrent dataset, considering developers (dev) and security-focused developers (sf-devs) as the two types of contributors with different functional alignments (i.e., two classes). We hypothesized that the dev and sf-dev interaction would have a quantifiable impact on the vulnerability score (<math>\n <semantics>\n <mrow>\n <mi>V</mi>\n <mi>S</mi>\n </mrow>\n <annotation>$$ VS $$</annotation>\n </semantics></math>) of each project. Our results show a moderate negative association between <math>\n <semantics>\n <mrow>\n <mn>2</mn>\n <mi>C</mi>\n <mtext>-</mtext>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ 2C\\hbox{-} STC $$</annotation>\n </semantics></math> and <math>\n <semantics>\n <mrow>\n <mi>V</mi>\n <mi>S</mi>\n </mrow>\n <annotation>$$ VS $$</annotation>\n </semantics></math>, with the Spearman correlation reaching <math>\n <semantics>\n <mrow>\n <mo>−</mo>\n </mrow>\n <annotation>$$ - $$</annotation>\n </semantics></math>0.427 (<math>\n <semantics>\n <mrow>\n <mi>p</mi>\n <mo>=</mo>\n <mn>0</mn>\n <mo>.</mo>\n <mn>00000624</mn>\n </mrow>\n <annotation>$$ p=0.00000624 $$</annotation>\n </semantics></math>), indicating that higher levels of coordination between dev and sf-dev led to projects with a lower incidence of high-severity vulnerabilities. In addition, <math>\n <semantics>\n <mrow>\n <mn>2</mn>\n <mi>C</mi>\n <mtext>-</mtext>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ 2C\\hbox{-} STC $$</annotation>\n </semantics></math> shows a stronger negative relationship with <math>\n <semantics>\n <mrow>\n <mi>V</mi>\n <mi>S</mi>\n </mrow>\n <annotation>$$ VS $$</annotation>\n </semantics></math> than <math>\n <semantics>\n <mrow>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ STC $$</annotation>\n </semantics></math>, suggesting that it is the more sensitive indicator of this relationship. Therefore, the specific instantiation of our proposed metric, <math>\n <semantics>\n <mrow>\n <mn>2</mn>\n <mi>C</mi>\n <mtext>-</mtext>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ 2C\\hbox{-} STC $$</annotation>\n </semantics></math>, performs comparatively better than <math>\n <semantics>\n <mrow>\n <mi>S</mi>\n <mi>T</mi>\n <mi>C</mi>\n </mrow>\n <annotation>$$ STC $$</annotation>\n </semantics></math> for measuring cross-functional coordination in our selected projects. However, further research is needed to explore its broader applicability.","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 9","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70040","citationCount":"0","resultStr":"{\"title\":\"Towards Multi-Class Socio-Technical Congruence: Assessing Coordination in Collaborative Software Development Settings\",\"authors\":\"Roshan Namal Rajapakse, Claudia Szabo\",\"doi\":\"10.1002/smr.70040\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Effective coordination between contributors with different functional roles is fundamental for the success of collaboration-centric software development paradigms such as DevSecOps. However, quantitatively assessing coordination in such settings has received limited attention. We introduce multi-class socio-technical congruence (<math>\\n <semantics>\\n <mrow>\\n <mi>M</mi>\\n <mi>C</mi>\\n <mtext>-</mtext>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ MC\\\\hbox{-} STC $$</annotation>\\n </semantics></math>), an extension of the widely studied socio-technical congruence (<math>\\n <semantics>\\n <mrow>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ STC $$</annotation>\\n </semantics></math>) framework to address this gap. Our metric enables the assessment of coordination in a setting where contributors with different functional roles or alignments collaborate. Using a large-scale exploratory case study, we evaluated <math>\\n <semantics>\\n <mrow>\\n <mi>M</mi>\\n <mi>C</mi>\\n <mtext>-</mtext>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ MC\\\\hbox{-} STC $$</annotation>\\n </semantics></math> for two classes (i.e., <math>\\n <semantics>\\n <mrow>\\n <mn>2</mn>\\n <mi>C</mi>\\n <mtext>-</mtext>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ 2C\\\\hbox{-} STC $$</annotation>\\n </semantics></math>). Specifically, we calculated <math>\\n <semantics>\\n <mrow>\\n <mn>2</mn>\\n <mi>C</mi>\\n <mtext>-</mtext>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ 2C\\\\hbox{-} STC $$</annotation>\\n </semantics></math> for 100 systematically selected projects from the TravisTorrent dataset, considering developers (dev) and security-focused developers (sf-devs) as the two types of contributors with different functional alignments (i.e., two classes). We hypothesized that the dev and sf-dev interaction would have a quantifiable impact on the vulnerability score (<math>\\n <semantics>\\n <mrow>\\n <mi>V</mi>\\n <mi>S</mi>\\n </mrow>\\n <annotation>$$ VS $$</annotation>\\n </semantics></math>) of each project. Our results show a moderate negative association between <math>\\n <semantics>\\n <mrow>\\n <mn>2</mn>\\n <mi>C</mi>\\n <mtext>-</mtext>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ 2C\\\\hbox{-} STC $$</annotation>\\n </semantics></math> and <math>\\n <semantics>\\n <mrow>\\n <mi>V</mi>\\n <mi>S</mi>\\n </mrow>\\n <annotation>$$ VS $$</annotation>\\n </semantics></math>, with the Spearman correlation reaching <math>\\n <semantics>\\n <mrow>\\n <mo>−</mo>\\n </mrow>\\n <annotation>$$ - $$</annotation>\\n </semantics></math>0.427 (<math>\\n <semantics>\\n <mrow>\\n <mi>p</mi>\\n <mo>=</mo>\\n <mn>0</mn>\\n <mo>.</mo>\\n <mn>00000624</mn>\\n </mrow>\\n <annotation>$$ p=0.00000624 $$</annotation>\\n </semantics></math>), indicating that higher levels of coordination between dev and sf-dev led to projects with a lower incidence of high-severity vulnerabilities. In addition, <math>\\n <semantics>\\n <mrow>\\n <mn>2</mn>\\n <mi>C</mi>\\n <mtext>-</mtext>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ 2C\\\\hbox{-} STC $$</annotation>\\n </semantics></math> shows a stronger negative relationship with <math>\\n <semantics>\\n <mrow>\\n <mi>V</mi>\\n <mi>S</mi>\\n </mrow>\\n <annotation>$$ VS $$</annotation>\\n </semantics></math> than <math>\\n <semantics>\\n <mrow>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ STC $$</annotation>\\n </semantics></math>, suggesting that it is the more sensitive indicator of this relationship. Therefore, the specific instantiation of our proposed metric, <math>\\n <semantics>\\n <mrow>\\n <mn>2</mn>\\n <mi>C</mi>\\n <mtext>-</mtext>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ 2C\\\\hbox{-} STC $$</annotation>\\n </semantics></math>, performs comparatively better than <math>\\n <semantics>\\n <mrow>\\n <mi>S</mi>\\n <mi>T</mi>\\n <mi>C</mi>\\n </mrow>\\n <annotation>$$ STC $$</annotation>\\n </semantics></math> for measuring cross-functional coordination in our selected projects. However, further research is needed to explore its broader applicability.\",\"PeriodicalId\":48898,\"journal\":{\"name\":\"Journal of Software-Evolution and Process\",\"volume\":\"37 9\",\"pages\":\"\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2025-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70040\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Software-Evolution and Process\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/smr.70040\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Software-Evolution and Process","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/smr.70040","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

摘要

具有不同功能角色的贡献者之间的有效协调是以协作为中心的软件开发范例（如DevSecOps）成功的基础。但是，对这种情况下的协调进行定量评估的注意有限。我们引入了多阶层的社会技术一致性（M C - S T C） $$ MC\hbox{-} STC $$ )，是广泛研究的社会技术一致性的延伸 $$ STC $$ )框架来解决这一差距。我们的度量允许在具有不同功能角色或联盟的贡献者协作的环境中评估协调。通过大规模的探索性案例研究，我们评估了C - S - T - C $$ MC\hbox{-} STC $$ 为两类（即2c - S - T - C） $$ 2C\hbox{-} STC $$ ）. 具体来说，我们计算了2c - stc $$ 2C\hbox{-} STC $$ 从TravisTorrent数据集中系统地选择100个项目，考虑开发人员（dev）和以安全为重点的开发人员（sf-devs）作为两种类型的贡献者，具有不同的功能定位（即两个类）。我们假设开发人员和自开发人员之间的交互会对漏洞评分（vs）产生可量化的影响 $$ VS $$ )。我们的结果表明，2c - S - T - C之间存在适度的负相关 $$ 2C\hbox{-} STC $$ 和V S $$ VS $$ ， Spearman相关达到− $$ - $$ 0.427 (p = 0。00000624 $$ p=0.00000624 $$ )，这表明开发人员和软件开发人员之间更高层次的协调导致了高严重性漏洞发生率较低的项目。另外，2 C - S - T - C $$ 2C\hbox{-} STC $$ 与vs呈较强的负相关 $$ VS $$ 比S T C $$ STC $$ 这表明它是这种关系的更敏感的指标。因此，我们提出的度量的具体实例，2c - S - T - C $$ 2C\hbox{-} STC $$ 的表现相对较好 $$ STC $$ 用于衡量我们选定项目中的跨职能协调。然而，进一步的研究需要探索其更广泛的适用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

Towards Multi-Class Socio-Technical Congruence: Assessing Coordination in Collaborative Software Development Settings

查看原文本刊更多论文

Towards Multi-Class Socio-Technical Congruence: Assessing Coordination in Collaborative Software Development Settings

Effective coordination between contributors with different functional roles is fundamental for the success of collaboration-centric software development paradigms such as DevSecOps. However, quantitatively assessing coordination in such settings has received limited attention. We introduce multi-class socio-technical congruence ( $M C - S T C$ ), an extension of the widely studied socio-technical congruence ( $S T C$ ) framework to address this gap. Our metric enables the assessment of coordination in a setting where contributors with different functional roles or alignments collaborate. Using a large-scale exploratory case study, we evaluated $M C - S T C$ for two classes (i.e., $2 C - S T C$ ). Specifically, we calculated $2 C - S T C$ for 100 systematically selected projects from the TravisTorrent dataset, considering developers (dev) and security-focused developers (sf-devs) as the two types of contributors with different functional alignments (i.e., two classes). We hypothesized that the dev and sf-dev interaction would have a quantifiable impact on the vulnerability score ( $V S$ ) of each project. Our results show a moderate negative association between $2 C - S T C$ and $V S$ , with the Spearman correlation reaching $-$ 0.427 ( $p = 0.00000624$ ), indicating that higher levels of coordination between dev and sf-dev led to projects with a lower incidence of high-severity vulnerabilities. In addition, $2 C - S T C$ shows a stronger negative relationship with $V S$ than $S T C$ , suggesting that it is the more sensitive indicator of this relationship. Therefore, the specific instantiation of our proposed metric, $2 C - S T C$ , performs comparatively better than $S T C$ for measuring cross-functional coordination in our selected projects. However, further research is needed to explore its broader applicability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Software-Evolution and Process COMPUTER SCIENCE, SOFTWARE ENGINEERING-

自引率

10.00%

发文量

109