发明名称 |
System and method for prioritizing and remediating defect risk in source code |
摘要 |
Disclosed herein are systems, methods, and computer-readable storage media for identifying and remediating risky source files. An example system configured to practice the method can gather data describing each file in a source code repository, and generate, using a weighted algorithm based on empirical relationships between the data and customer-found defects, a risk score for each file in the source code repository, wherein the weighted algorithm prioritizes factors based on predictiveness of defects. Then the system can generate a list of files having risk scores above a threshold, and make risk-mitigation recommendations based on the risk scores. A file can include a single file or a collection of files such as a module. The system can identify, for each file in the list of files having risk scores above the threshold, a respective risk type, and make the risk-mitigation recommendation for each file based on the respective risk type. |
申请公布号 |
US9176729(B2) |
申请公布日期 |
2015.11.03 |
申请号 |
US201314046409 |
申请日期 |
2013.10.04 |
申请人 |
Avaya Inc. |
发明人 |
Mockus Audris;Hackbarth Randy L.;Palframan John D. |
分类号 |
G06F9/44 |
主分类号 |
G06F9/44 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method comprising:
gathering data describing each file in a source code repository; generating, using a weighted algorithm based on empirical relationships between the data and customer-found defects, a risk score for each file in the source code repository, wherein: the empirical relationships are based on empirical data of previous actions taken to remediate risks; the weighted algorithm is adapted on a per-product basis based on at least one of a number of past changes associated with prior customer found defects, a number of change requests, or a number of authors who have left development; and the weighted algorithm comprises a×ln(nD)+b×ln(nAL)+c×ln(nSV)+d×ln(nSW), in which a, b, c and d are constants and nD represents a number of past changes, nAL represents a number of authors who have left development, nSV represents a number of change requests, and nSW represents a number of static analysis warnings; generating, via a processor, a list of files having risk scores above a threshold; and making a risk-mitigation recommendation for each file in the list based on the risk score. |
地址 |
Basking Ridge NJ US |