Papers by Emerson Murphy-hill
ABSTRACT An abstract is not available.
ABSTRACT When software engineers fix bugs, they may have several options as to how to fix those b... more ABSTRACT When software engineers fix bugs, they may have several options as to how to fix those bugs. Which fix they choose has many implications, both for practitioners and researchers: What is the risk of introducing other bugs during the fix? Is the bug fix in the same code that caused the bug? Is the change fixing the cause or just covering a symptom? In this paper, we investigate alternative fixes to bugs and present an empirical study of how engineers make design choices about how to fix bugs. We start with a motivating case study of the Pex4Fun environment. Then, based on qualitative interviews with 40 engineers working on a variety of products, data from six bug triage meetings, and a survey filled out by 326 Microsoft engineers and 37 developers from other companies, we found a number of factors, many of them non-technical, that influence how bugs are fixed, such as how close to release the software is. We also discuss implications for research and practice, including how to make bug prediction and localization more accurate.
Software developers review changes to a code base to prevent new bugs from being introduced. Howe... more Software developers review changes to a code base to prevent new bugs from being introduced. However, some parts of a change are more likely to introduce bugs than others, and thus deserve more care in reviewing. In this short paper, we discuss our ongoing work to build a reviewing tool that automatically determines which changes in a change set are refactorings, uses this information to help the developer distinguish between refactoring and non-refactoring changes, and ultimately reduces the time it takes developers to review code accurately. We also discuss the challenges and opportunities we have faced when building this refactoring-aware code review tool.
Phishing is a social engineering tactic that targets internet users in an attempt to trick them i... more Phishing is a social engineering tactic that targets internet users in an attempt to trick them into divulging personal information. When opening an email, users are faced with the decision of determining if an email is legitimate or an attempt at phishing. Although software has been developed to assist the user, studies have shown they are not foolproof, leaving the user vulnerable. Multiple training programs have been developed to educate users in their efforts to make informed decisions; however, training that conveys the real world consequences of phishing or training that increases a user's fear level have not been developed. Conveying real world consequences of a situation and increasing a user's fear level have been proven to enhance the effects of training in other fields. Ninety-six participants were recruited and randomly assigned to training programs with phishing consequences, training programs designed to increase fear, or a control group. Preliminary results indicate that training helped users identify phishing emails; however, little difference was seen among the three groups. Future analysis will include a factor analysis of personality and individual differences that influence training efficacy.
Uploads
Papers by Emerson Murphy-hill