* ICSE 2018 *
Sun 27 May - Sun 3 June 2018 Gothenburg, Sweden
Tue 29 May 2018 12:07 - 12:30 at R5+6 - Testing and Analysis

Defects in infrastructure as code (IaC) scripts can have serious consequences for organizations who adopt DevOps. By identifying which characteristics of IaC scripts correlate with defects, we can identify anti-patterns, and help software practitioners make informed decisions on better development and maintenance of IaC scripts, and increase quality of IaC scripts. The goal of this paper is to help practitioners increase the quality of IaC scripts by identifying characteristics of IaC scripts and IaC development process that correlate with defects, and violate security and privacy objectives. We focus on characteristics of IaC scripts and IaC development that (i) correlate with IaC defects, and (ii) violate security and privacy-related objectives namely, confidentiality, availability, and integrity. For our initial studies, we mined open source version control systems from three organizations: Mozilla, Openstack, and Wikimedia, to identify the defect-related characteristics and conduct our case studies. From our empirical analysis, we identify (i) 14 IaC code and four churn characteristics that correlate with defects; and (ii) 12 process characteristics such as, frequency of changes, and ownership of IaC scripts that correlate with defects.

Akond Rahman is a fourth year PhD student at North Carolina State University. His research interests include Continuous Deployment, Infrastructure as Code, and Mining Software Repositories. He is the winner of the ACM SIGSOFT Distinguished Doctoral Symposium Award at the International Conference on Software Engineering (ICSE) 2018. He graduated with a M.Sc. in Computer Science and Engineering from University of Connecticut and a B.Sc. in Computer Science and Engineering from Bangladesh University of Engineering and Technology.

Tue 29 May
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30: Testing and AnalysisDS - Doctoral Symposium at R5+6
11:00 - 11:22
[Full paper] Assisted Discovery of Software Vulnerabilities
DS - Doctoral Symposium
11:22 - 11:45
[Full paper] Automatic Verification of Time Behavior of Programs
DS - Doctoral Symposium
11:45 - 12:07
[Full paper] Learning to Accelerate Compiler Testing
DS - Doctoral Symposium
Junjie ChenPeking University
12:07 - 12:30
Doctoral symposium paper
[Full paper] Characteristics of Defective Infrastructure as Code Scripts in DevOps
DS - Doctoral Symposium
Akond RahmanNorth Carolina State University
Pre-print Media Attached