Powered by
24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2016),
November 13–18, 2016,
Seattle, WA, USA
Showcases
Wed, Nov 16, 08:30 - 10:30, Emerald Ballroom (Chair: Jo Atlee, Gail Murphy)
Continuous Deployment of Mobile Software at Facebook (Showcase)
Chuck Rossi,
Elisa Shibley,
Shi Su,
Kent Beck,
Tony Savor, and
Michael Stumm
(Facebook, USA; University of Michigan, USA; Carnegie Mellon University, USA; University of Toronto, Canada)
Continuous deployment is the practice of releasing software updates to production as soon as it is ready, which is receiving increased adoption in industry.
The frequency of updates of mobile software has traditionally lagged the state of practice for cloud-based services for a number of reasons.
Mobile versions can only be released periodically.
Users can choose when and if to upgrade, which means that several different releases coexist in production.
There are hundreds of Android hardware variants, which increases the risk of having errors in the software being deployed.
Facebook has made significant progress in increasing the frequency of its mobile deployments.
Over a period of 4 years, the Android release has gone from a deployment every 8 weeks to a deployment every week.
In this paper, we describe in detail the mobile deployment process at FB.
We present our findings from an extensive analysis of software engineering metrics based on data collected over a period of 7 years.
A key finding is that the frequency of deployment does not directly affect developer productivity or software quality.
We argue that this finding is due to the fact that increasing the frequency of continuous deployment forces improved release and deployment automation, which in turn reduces developer workload.
Additionally, the data we present shows that dog-fooding and obtaining feedback from alpha and beta customers is critical to maintaining release quality.
@InProceedings{FSE16p12,
author = {Chuck Rossi and Elisa Shibley and Shi Su and Kent Beck and Tony Savor and Michael Stumm},
title = {Continuous Deployment of Mobile Software at Facebook (Showcase)},
booktitle = {Proc.\ FSE},
publisher = {ACM},
pages = {12--23},
doi = {},
year = {2016},
}
Model, Execute, and Deploy: Answering the Hard Questions in End-User Programming (Showcase)
Shan Shan Huang
(LogicBlox, USA)
End-user programming, a frequently recurring dream, has thus far eluded large-scale, complex applications. Very real, hard questions stand in the way of its realization. How can its languages and tools support: (1) The development of applications with large data sets and sophisticated computation? (2) The co-development by end-users and professional developers when the complexity of an application demands it? (3) Beyond development, the maintenance, distribution, monitoring, and integration with other applications and services?
We discuss our approach to these questions, as implemented in the LogicBlox Modeler. We discuss its use in developing applications for governments, major financial institutions, and large global retailers. We highlight the essential synergies between Programming Languages, Software Engineering, and Database research to achieve self-service at scale, and present open questions to which we look to the FSE community for inspirations and solutions.
@InProceedings{FSE16p24,
author = {Shan Shan Huang},
title = {Model, Execute, and Deploy: Answering the Hard Questions in End-User Programming (Showcase)},
booktitle = {Proc.\ FSE},
publisher = {ACM},
pages = {24--24},
doi = {},
year = {2016},
}
Making Invisible Things Visible: Tracking Down Known Vulnerabilities at 3000 Companies (Showcase)
Gazi Mahmud
(Sonatype, USA)
This year, software development teams around the world are consuming BILLIONS of open source and third-party components. The good news: they are accelerating time to market. The bad news: 1 in 17 components they are using include known security vulnerabilities. In this talk, I will describe what Sonatype, the company behind The Central Repository that supports Apache Maven, has learned from analyzing how thousands of applications use open source components. I will also discuss how organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA and Intuit are utilizing the principles of software supply chain automation to improve application security and how organizations can balance the need for speed with quality and security early in the development cycle.
@InProceedings{FSE16p25,
author = {Gazi Mahmud},
title = {Making Invisible Things Visible: Tracking Down Known Vulnerabilities at 3000 Companies (Showcase)},
booktitle = {Proc.\ FSE},
publisher = {ACM},
pages = {25--25},
doi = {},
year = {2016},
}
Developer Workflow at Google (Showcase)
Caitlin Sadowski
(Google, USA)
This talk describes the developer workflow at Google, and our use of program analysis, testing, metrics, and tooling to reduce errors when creating and committing changes to source code. Software development at Google has several unique characteristics such as our monolithic codebase and distributed hermetic build system. Changes are vetted both manually, via our internal code review tool, and automatically, via sources such as the Tricorder program analysis platform and our automated testing infrastructure.
@InProceedings{FSE16p26,
author = {Caitlin Sadowski},
title = {Developer Workflow at Google (Showcase)},
booktitle = {Proc.\ FSE},
publisher = {ACM},
pages = {26--26},
doi = {},
year = {2016},
}
proc time: 0.93