1
The Corrective Commit Probability
Code Quality Metric
Idan Amit
[email protected]
[email protected]
Department of Computer Science
The Hebrew University of Jerusalem, 91904 Jerusalem, Israel
F
arXiv:2007.10912v1 [cs.SE] 21 Jul 2020
Abstract—We present a code quality metric, Corrective Commit Proba-
bility (CCP), measuring the probability that a commit reflects corrective
maintenance. We show that this metric agrees with developers’ concept
of quality, informative, and stable. Corrective commits are identified by
applying a linguistic model to the commit messages. We compute the
CCP of all large active GitHub projects (7,557 projects with 200+ com-
mits in 2019). This leads to the creation of a quality scale, suggesting
that the bottom 10% of quality projects spend at least 6 times more effort
on fixing bugs than the top 10%. Analysis of project attributes shows
that lower CCP (higher quality) is associated with smaller files, lower
coupling, use of languages like JavaScript and C# as opposed to PHP
and C++, fewer developers, lower developer churn, better onboarding,
and better productivity. Among other things these results support the
“Quality is Free” claim, and suggest that achieving higher quality need
not require higher expenses.
1 I NTRODUCTION
It is widely agreed in the software engineering commu-
nity that code quality is of the utmost importance. This
has motivated the development of several software quality
models (e.g. [18], [30]) and standards. Myriad tools promise
developers that using them will improve the quality of their
code.
But what exactly is high-quality code? There have been
many attempts to identify issues that reflect upon code qual-
ity. These generally go under the name of “code smells” [33],
[103]. Yet, it is debatable whether commonly used metrics
indeed reflect real quality problems [1], [11]. Each smell is
limited to identifying a restricted shallow type of problems.
Besides, sometime a detected smell (e.g., a long method) is
actually the correct design due to other considerations.
A more general approach is to focus on an indirect
assessment of the software based on the ill-effects of low
quality— and in particular, on the presence of bugs. There
is no debate that bugs are bad, especially bugs reported by
customers [40]. By focusing on actual bugs, one is relieved of
the need to consider all possible sources of quality problems,
also removing any dependence on the implementation of
the procedure that finds them. Moreover, approaches based
on bugs can apply equally well to different programming
languages and projects.
Dror G. Feitelson
Based on these considerations, we suggest the Correc-
tive Commit Probability (CCP, the probability that a given
commit is a bug fix) as a metric of quality.
Corrective maintenance (aka fixing bugs) represents a
large fraction of software development, and contributes
significantly to software costs [19], [66], [92]. But not all
projects are the same: some have many more bugs than
others. The propensity for bugs, as reflected by their fixing
activity, can therefore be used to represent quality. This can
be applied at various resolutions, e.g., a project, a file, or a
method. Such application can help spot entities that are bug
prone, improving future bug identification [61], [84], [106].
While counting the number of bugs in code is common,
disregarding a project’s history can be misleading. In the
CCP metric we normalize the number of bug fixes by the
total number of commits, thereby deriving the probability
that a commit is a bug fix. We focus on commits because in
contemporary software development a commit is the atomic
unit of work.
We identify corrective commits using a linguistic model
applied to commit messages, an idea that is commonly used
for defect prediction [27], [41], [86]. The linguistic-model
prediction marks commit messages as corrective or not, in
the spirit of Ratner et al. labelling functions [85]. Though our
accuracy is significantly higher than previous work, such
predictions are not completely accurate and therefore the
model hits do not always coincide with the true corrective
commits.
Given an implementation of the CCP metric, we perform
a large-scale assessment of GitHub projects. We analyze all
7,557 large active projects (defined to be those with 200+
commits in 2019, excluding redundant projects which might
bias our results [15]). We use this, inter alia, to build the
distribution of CCP, and find the quality ranking of each
project relative to all others. The significant difference in
the CCP among projects is informative. Software developers
can easily know their own project’s CCP. They can thus find
where their project is ranked with respect to the community.
Note that CCP provides a retrospective assessment of
quality. Being a process metric, it only applies after bugs
are found, unlike code metrics which can be applied as the
code is written. The CCP metric can be used as a research
tool for the study of different software engineering issues.
A simple approach is to observe the CCP given a certain
phenomenon (e.g., programming language, coupling). For
example, we show below that while investment in quality is
often considered to reduce development speed, in practice
the development speed is actually higher in high quality
projects.
Our main contributions in this research are as follows:
• We define the Corrective Commit Probability (CCP)
metric to assess the quality of code. The metric is shown
to be correlated with developers’ perceptions of quality,
is easy to compute, and is applicable at all granularities
and regardless of programming language.
• We develop a linguistic model to identify corrective
commits, that performs significantly better than prior
work and close to human level.
• We show how to perform a maximum likelihood com-
putation to improve the accuracy of the CCP estima-
tion, also removing the dependency on the implemen-
tation of the linguistic model.
• We establish a scale of CCP across projects, indicating
that the metric provides information about the rela-
tive quality of different projects. The scale shows that
projects in the bottom decile of quality spend at least
six times the effort on bug correction as projects in the
top decile.
• We show that CCP correlates with various other effects,
e.g. successful onboarding of new developers and pro-
ductivity.
• We present twin experiments and co-change analysis in
order to investigate relations beyond mere correlation.
• On the way we also provide empirical support for
Linus’s law and the “Quality is Free” hypothesis.
2 R ELATED WORK
Despite decades of work on this issue, there is no agreed
definition of “software quality”. For some, this term refers
to the quality of the software product as perceived by its
users [93]. Others use the term in reference to the code
itself, as perceived by developers. These two approaches
have a certain overlap: bugs comprise bad code that has
effects seen by the end user. When considering the code,
some define quality based on mainly non-functional prop-
erties, e.g. reliability, modifiability, etc. [18]. Others include
correctness as the foremost property [30]. Our approach
is also that correctness is the most important element of
quality. The number of bugs in a program could have
been a great quality metric. However, Rice’s theorem [89]
tells us that bug identification, like any non-trivial semantic
property of programs, is undecidable. Nevertheless, bugs
are being found, providing the basis for the CCP metric.
And since bugs are time consuming, disrupt schedules, and
hurt the general credibility, lowering the bug rate has value
regardless of other implications—thereby lending value to
having a low CCP. Moreover, it is generally accepted that
fixing bugs costs more the later they are found, and that
maintenance is costlier than initial development [16], [17],
[19], [29]. Therefore, the cost of low quality is even higher
than implied by the bug ratio difference.
2
Capers Jones defined software quality as the combina-
tion of low defect rate and high user satisfaction [50], [52].
He went on to provide extensive state-of-the-industry sur-
veys based on defect rates and their correlation with various
development practices, using a database of many thousands
of industry projects. Our work applies these concepts to the
world of GitHub and open source, using the availability of
the code to investigate its quality and possible causes and
implications.
Software metrics can be divided into three groups: prod-
uct metrics, code metrics, and process metrics. Product
metrics consider the software as a black box. A typical
example is the ISO/IEC 25010:2011 standard [48]. It includes
metrics like fitness for purpose, satisfaction, freedom from
risk, etc. These metrics might be subjective, hard to measure,
and not applicable to white box actionable insights, which
makes them less suitable for our research goals. Indeed,
studies of the ISO/IEC 9126 standard [47] (the precursor
of ISO/IEC 25010) found it to be ineffective in identifying
design problems [1].
Code metrics measure properties of the source code
directly. Typical metrics are lines of code (LOC) [67], the
Chidamber and Kemerer object oriented metrics (aka CK
metrics) [23], McCabe’s cyclomatic complexity [71], Hal-
stead complexity measures [42], etc. [10], [39], [83]. They
tend to be specific, low level and highly correlated with LOC
[37], [73], [90], [95]. Some specific bugs can be detected by
matching patterns in the code [46]. But this is not a general
solution, since depending on it would bias our data towards
these patterns.
Process metrics focus on the code’s evolution. The main
data source is the source control system. Typical metrics are
the number of commits, the commit size, the number of
contributors, etc. [38], [75], [83]. Process metrics have been
claimed to be better predictors of defects than code metrics
for reasons like showing where effort is being invested and
having less stagnation [75], [83].
Working with commits as the entities of interest is also
popular in just in time (JIT) defect prediction [55]. Unlike
JIT, we are interested in the probability and not in a specific
commit being corrective. We also focus on long periods,
rather than comparing the versions before and after a bug
fix, which probably reflects an improvement. We examine
work at a resolution of years, and show that CCP is stable,
so projects that are prone to errors stay so, despite prior
efforts to fix bugs.
Focusing on commits, we need a way to know if they are
corrective. If one has access to both a source control system
and a ticket management system, one can link the commits
to the tickets [13] and reduce the CCP computation to mere
counting. Yet, the links between commits and tickets might
be biased [13]. The ticket classification itself might have
30% errors [44], and may not necessarily fit the researcher’s
desired taxonomy. And integrating tickets with the code
management system might require a lot of effort, making it
infeasible when analysing thousands of projects. Moreover,
in a research setting the ticket management system might
be unavailable, so one is forced to rely on only the source
control system.
When labels are not available, one can use linguistic
analysis of the commit messages as a replacement. This is
often done in defect prediction, where supervised learning
can be used to derive models based on a labeled training set
[27], [41], [86].
In principle, commit analysis models can be used to
estimate the CCP, by creating a model and counting hits.
That could have worked if the model accuracy was perfect.
We take the model predictions and use the hit rate and the
model confusion matrix to derive a maximum likelihood es-
timate of the CCP. Without such an adaptation, the analysis
might be invalid, and the hits of different models would
have been incomparable.
Our work is also close to Software Reliability Growth
Models (SRGM) [38], [109], [111]. In SRGM one tries to
predict the number of future failures, based on bugs dis-
covered so far, and assuming the code base is fixed. The
difference between us is that we are not aiming to predict
future quality. We identify current software quality in order
to investigate the causes and implications of quality.
The number of bugs was used as a feature and indicator
of quality before as absolute number [58], [88], per period
[105], and per commit [3], [96]. We prefer the per commit
version since it is agnostic to size and useful as a probability.
3 D EFINITION AND C OMPUTATION OF THE C OR -
RECTIVE C OMMIT P ROBABILITY M ETRIC
We now describe how we built the Corrective Commit
Probability metric, in three steps:
1) Constructing a gold standard data set of labeled com-
mit samples, identifying those that are corrective (bug
fixes). These are later used to learn about corrective
commits and to evaluate the model.
2) Building and evaluating a supervised learning linguis-
tic model to classify commits as either corrective or not.
Applying the model to a project yields a hit rate for that
project.
3) Using maximum likelihood estimation in order to find
the most likely CCP given a certain hit rate.
The need for the third step arises because the hit rate
may be biased, which might falsify further analysis like
using regression and hypothesis testing. By working with
the CCP maximum likelihood estimation we become inde-
pendent of the model details and its hit rate. We can then
compare the results across projects, or even with results
based on other researchers’ models. We can also identify
outliers deviating from the common linguistic behavior
(e.g., non-English projects), and remove them to prevent
erroneous analysis.
Note that we are interested in the overall probability that a
commit is corrective. This is different from defect prediction,
where is the goal is to determine whether a specific commit
is corrective. Finding the probability is easier than making
detailed predictions. In analogy to coin tosses, we are inter-
ested only in establishing to what degree a coin is biased,
rather than trying to predict a sequence of tosses. Thus, if
for example false positives and false negatives are balanced,
the estimated probability will be accurate even if there are
many wrong predictions.
3
3.1 Building a Gold Standard Data Set
The most straight forward way to compute the CCP is to use
a change log system for the commits and a ticket system for
the commit classification [13], and compute the corrective
ratio. However, for many projects the ticket system is not
available. Therefore, we base the commit classification on
linguistic analysis, which is built and evaluated using a gold
standard.
A gold standard is a set of entities with labels that cap-
ture a given concept. In our case, the entities are commits,
the concept is corrective maintenance [100], namely bug
fixes, and the labels identify which commits are corrective.
Gold standards are used in machine learning for building
models, which are functions that map entities to concepts.
By comparing the true label to the model’s prediction, one
can estimate the model performance. In addition, we also
used the gold standard in order to understand the data
behavior and to identify upper bounds on performance.
We constructed the gold standard as follows. Google’s
BigQuery has a schema for GitHub were all projects’ com-
mits are stored in a single table. We sampled uniformly 840
(40 duplicate) commits as a train set. The first author then
manually labeled these commits as being corrective or not
based on the commit content using a defined protocol.
To assess the subjectiveness in the labeling process, two
additional annotators labeled 400 of the commits. When
there was no consensus, we checked if the reason was a
deviation from the protocol or an error in the labeling (e.g.,
missing an important phrase). In these cases, the annotator
fixed the label. Otherwise, we considered the case as a
disagreement. The final label was a majority vote of the an-
notators. The Cohen’s kappa scores [24] among the different
annotators were at least 0.9, indicating excellent agreement.
Similarly consistent commit labeling was reported by Levin
and Yehudai [65].
Of the 400 triple-annotated commits, there was consen-
sus regarding the labels in 383 (95%) of them: 105 (27%)
were corrective, 278 were not. There were only 17 cases of
disagreement. An example of disagreement is “correct the
name of the Pascal Stangs library.” It is subjective whether
a wrong name is a bug.
In addition, we also noted the degree of certainty in the
labeling. The message “mysql_upgrade should look for .sql
script also in share/ directory” is clear, yet it is unclear
whether the commit is a new feature or a bug fix. In only 7
cases the annotators were uncertain and couldn’t determine
with high confidence the label from the commit message
and content. Of these, in 4 they all nevertheless selected the
same label.
Two of the samples (0.5%) were not in English. This
prevents English linguistic models from producing a mean-
ingful classification. Luckily, this is uncommon.
Finally, in 4 cases (1%) the commit message did not
contain any syntactic evidence for being corrective. The
most amusing example was “When I copy-adapted han-
dle_level_irq I skipped note_interrupt because I considered
it unimportant. If I had understood its importance I would
have saved myself some ours of debugging” (the typo
is in the origin). Such cases set an upper bound on the
performance of any syntactic model. In our data set, all the
above special cases (uncertainty, disagreement, and lack of
syntactic evidence) are rather rare (just 22 samples, 5.5%,
many behaviors overlap), and the majority of samples are
well behaved. The number of samples in each misbehavior
category is very small so ratios are very sensitive to noise.
However, we can say with confidence that these behaviors
are not common and therefore are not an issue of concern in
the analysis.
3.2 Syntactic Identification of a Corrective Commit
Our linguistic model is a supervised learning model, based
on indicative terms that help identify corrective commit
messages. Such models are built empirically by analyzing
corrective commit messages in distinction from other com-
mit messages.
The most common approach today to do this is to
employ machine learning. We chose not to use machine
learning classification algorithms to build the model. The
main reason was that we are using a relatively small labeled
data set, and linguistic analysis tends to lead to many fea-
tures (e.g., in a bag of words, word embedding, or n-grams
representation). In such a scenario, models might overfit
and be less robust. One might try to cope with overfitting
by using models of low capacity. However, the concept
that we would like to represent (e.g., include “fix” and
“error” but not “error code” and “not a bug”) is of relatively
high capacity. The need to cover many independent textual
indications and count them requires a large capacity, larger
than what can be supported by our small labeled data set.
Note that though we didn’t use classification algorithms,
the goal, the structure, and the usage of the model are of
supervised learning.
Many prior language models suggest term lists like
(‘bug’, ‘bugfix’,‘error’, ‘fail’, ‘fix’), which reach 88% accuracy
on our data set. We tried many machine learning classifica-
tion algorithms and only the plain decision tree algorithm
reached such accuracy. More importantly, as presented later,
we aren’t optimizing for accuracy. We therefore elected to
construct the model manually based on several sources of
candidate terms and the application of semantic under-
standing.
We began with a private project in which the commits
could be associated to a ticket-handling system that enabled
determining whether they were corrective. We used them
in order to differentiate the word distribution of corrective
commit messages and other messages and find an initial set
of indicative terms. In addition, we used the gold-standard
data-set presented above. This data set is particularly im-
portant because our target is to analyze GitHub projects, so
it is desirable that our train data will represent the data on
which the model will run. This train data set helped tuning
the indicators by identifying new indications and nuances
and alerting to bugs in the model implementation.
To further improving the model we used some terms
suggested by Ray et al. [86], tough we didn’t adopt all of
them (e.g., we don’t consider a typo to be a bug). This model
was used in Amit and Feitelson [3], reaching an accuracy of
89%. We then added additional terms from Shrikanth et al.
[97]. We also used labeled commits from Levin and Yehudai
[65] to further improve the model based on samples it failed
to classify.
4
The last boost to performance came from the use of
active learning [94] and specifically the use of classifiers
discrepancies [4]. Once the model’s performance is high,
the probability of finding a false negative, positive_rate ·
(1 − recall), is quite low, requiring a large number of man-
ually labeled random samples per false negative. Amit and
Feitleson [3] provided models for a commit being corrective,
perfective, or adaptive. A commit not labeled by any of the
models is assured to be a false negative (of one of them).
Sampling from this distribution was an effective method to
find false negatives, and improving the model to handle
them increased the model recall from 69% to 84%. Similarly,
while a commit might be both corrective and adaptive,
commits marked by more than one classifier are more likely
to be false positives.
The resulting model uses regular expressions to iden-
tify the presence of different indicator terms in commit
messages. We base the model on straightforward regular
expressions because this is the tool supported by Google’s
BigQuery relational database of GitHub data, which is our
target platform.
The final model is based on three distinct regular expres-
sions. The first identifies about 50 terms that serve as indi-
cations of a bug fix. Typical examples are: “bug”, “failure”,
and “correct this”. The second identifies terms that indicate
other fixes, which are not bug fixes. Typical examples are:
“fixed indentation” and “error message”. The third is terms
indicating negation. This is used in conjunction with the
first regular expression to specifically handle cases in which
the fix indication appears in a negative context, as in “This is
not an error”. It is important to note that fix hits are also hits
of the other fixes and the negation. Therefore, the complete
model counts the indications for a bug fix (matches to the
first regular expression) and subtracts the indications for
not really being a bug fix (matches to the other two regular
expressions). If the result is positive, the commit message
was considered to be a bug fix. The results of the model
evaluation using a 1,100 samples test set built in Amit and
Feitelson [3] are presented in the confusion matrix of Table
1.
Table 1
Confusion matrix of model on test data set.
Classification
Concept True(Corrective) False
True 228 (20.73%) TP 43 (3.91 %) FN
False 34 (3.09%) FP 795 (72.27%) TN
These results can be characterized by the following met-
rics:
• Accuracy (model is correct): 93.0%
• Precision (ratio of hits that are indeed positives): 87.0%
precision
• Precision lift ( positive rate − 1): 253.2%
• Hit rate (ratio of commits identified by model as correc-
tive): 23.8%
• Positive rate (real corrective commit rate): 24.6%
• Recall (positives that were also hits): 84.1%
• Fpr (False Positive Rate, negatives that are hits by
mistake): 4.2%
Though prior work was based on different protocols and
data sets and therefore hard to compare, our accuracy is
significantly better than previous reported results of 68%
[45], 70% [5], 76% [65] and 82% [6], and also better than
our own previous result of 89% [3]. The achieved accuracy
is close to the well-behaving commits ratio in the gold
standard.
3.3 Maximum Likelihood Estimation of the Corrective
Commit Probability
We now present the CCP maximum likelihood estimation.
Let hr be the hit rate (probability that the model will identify
a commit as corrective) and pr be the positive rate, the true
corrective rate in the commits (this is what CCP estimates).
In prior work it was common to use the hit rate directly
as the estimate for the positive rate. However, they differ
since model prediction is not perfect. Thus, by considering
the model performance we can better estimate the positive
rate given the hit rate. From a performance modeling point
of view, the Dawid-Skene [28] modeling is an ancestor of
our work. Though, the Dawid-Skene framework represents
a model by its precision and recall, and we use Fpr and
recall.
There are two distinct cases that can lead to a hit. The
first is a true positive (TP): There is indeed a bug fix and our
model identifies it correctly. The probability of this case is
Pr(T P ) = pr ·recall. The second case is a false positive (FP):
There was no bug fix, yet our model mistakenly identifies
the commit as corrective. The probability of this case is
Pr(F P ) = (1 − pr) · F pr. Adding them gives
hr = Pr(T P ) + Pr(F P ) = (recall − F pr)pr + F pr (1)
Extracting pr leads to
hr − F pr
pr = (2)
recall − F pr
We want to estimate Pr(pr|hr). Let n be the number
of commits in our data set, and k the number of hits. As
k
the number of samples increases, n converges to the model
hit rate hr. Therefore, we estimate Pr(pr|n, k). We will use
maximum likelihood for the estimation. The idea behind
maximum likelihood estimation is to find the value of pr
that maximizes the probability of getting a hit rate of hr.
Note that if we were given p, a single trial success
probability, we could calculate the probability of getting k
hits out of n trails using the binomial distribution formula
!
n
Pr(k; n, p) = pk (1 − p)n−k (3)
k
4 VALIDATION OF THE CCP M ETRIC
4.1 Validation of the CCP Maximum Likelihood Estima-
tion
George Box said: “All models are wrong but some are
useful” [20]. We would like to see how close the maximum
likelihood CCP estimations are to the actual results. Note
that the model performance results we presented above in
Table 1, using the gold standard test set, do not refer to the
maximum likelihood CCP estimation. We need a new in-
dependent validation set to verify the maximum likelihood
estimation. We therefore manually labeled another set of 400
commits, and applying the model resulted in the confusion
matrix shown in Table 2.
Table 2
Confusion matrix of model on validation data set.
Classification
Concept True(Corrective) False
True 91 (22.75%) TP 18 (4.5%) FN
False 34 (8.5%) FP 257 (64.25%) TN
In this data set the positive rate is 27.2%, the hit rate is
31.2%, the recall is 83.5%, and the Fpr is 11.7%. Note that
the positive rate in the validation set is 2.6 percent points
different from our test set. The positive rate has nothing
to do with MLE and shows that statistics tend to differ on
different samples. In this section we would like to show that
the MLE method is robust to such changes.
In order to evaluate how sensitive the maximum like-
lihood estimation is to changes in the data, we used the
bootstrap method [31]. We sampled with replacement 400
items from the validation set, repeating the process 10,000
times. Each time we computed the true corrective commit
rate, the estimated CCP, and their difference. Figure 1 shows
the difference distribution.

Finding the optimum requires the computation of the

derivative and finding where it equals to zero. The max-
k
imum of the binomial distribution is at n . Equation (2)
is linear and therefore monotone. Therefore, the maximum
likelihood estimation of the formula is
k
n − F pr
pr = (4)
recall − F pr
For our model, F pr = 0.042 and recall = 0.84 are fixed
constants (rounded values taken from the confusion matrix
of table 1). Therefore, we can obtain the most likely pr given
hr by
hr − 0.042
pr = = 1.253 · hr − 0.053 (5) Figure 1. Difference distribution in validation bootstrap.
0.84 − 0.042
5
 In order to cover 95% of the distribution we can trim the
2.5% tails from both sides. This will leave us with differences
ranging between -0.044 to 0.046. One can use the boundaries
related to 95%, 90%, etc. in order to be extra cautious in the
definition of the valid domain.
Another possible source of noise is in the model per-
formance estimation. If the model is very sensitive to the
test data, a few anomalous samples can lead to a bad
estimation. Again, we used bootstrap in order to estimate
the sensitivity of the model performance estimation. For
10,000 times we sampled two data sets of size 400. On each
of the data sets we computed the recall and Fpr and built
an MLE estimator. We then compared the difference in the
model estimation at a few points of interest: [0,1] – the
boundaries of probabilities, [0.042, 0.84] – the boundaries
of the valid domain, and [0.06, 0.39] – the p10 and p90
percentiles of the CCP distribution. Since our models are
linear, so are their differences. Hence their maximum points
are at the ends of the examined segments. When considering
the boundaries of probabilities [0,1], the maximal absolute
difference is 0.34 and 95% of the differences are lower than
0.19. When considering the boundaries of the valid domain
[0.042, 0.84], the maximal absolute difference is 0.28 and 95%
of the differences are lower than 0.15. When considering
the p10 and p90 percentiles of the CCP distribution [0.06,
0.39], the maximal absolute difference is 0.13 and 95% of the
differences are lower than 0.07.
Using the validation set estimator on the test set, the
CCP is 0.168, 7.7 percentage points off the actual positive
rate. In the other direction, using the CCP estimator test
data performance on the validation set, the CCP is 0.39,
11.8 points off. Since our classifier has high accuracy, the
difference between the hit rate and the CCP estimates in the
distribution deciles, presented below in Table 4, is at most 4
percentage points. Hence the main practical contribution of
the MLE in this specific case is the identification of the valid
domain rather than an improvement in the estimate.
4.2 Sensitivity to Violated Assumptions
4.2.1 Fixed Linguistic Model Assumption
The maximum likelihood estimation of the CCP assumes
that the linguistic model performance, measured by its
recall and F pr, is fixed. Hence, a change in the hit rate in a
given domain is due to a change in the CCP in the domain,
and not due to a change in the linguistic model performance.
This assumption is crucial for the mapping from identified
corrective commits to a quality metric.
Yet, this assumption does not always hold. Both hr and
pr are probabilities and must be in the range [0, 1]. Equation
(2) equals 0 at F pr and 1 at recall. For our model, this
indicates that the range of values of hr for which pr will
be a probability is [0.042, 0.84]. Beyond this range, we are
assured that the linguistic model performance is not as
measured on the gold standard. An illustrative example of
the necessity of the range is a model with recall = 0.5 and
F pr = 0. Given hr = 0.9 the most likely pr is 1.8. This is
an impossible value for a probability, so we deduce that our
assumption is wrong.
As described in Section 5.2, we estimated the CCP of all
8,588 large active projects in 2019. In 10 of these projects
6
the estimated CCP was above 1. Checking these projects,
we found that they have many false positives, e.g. due to
a convention of using the term “bug” for general tasks or
starting the subject with “fixes #123” where ticket #123 was
not a bug fix but some other task id.
Another 11.8% of the projects had an estimated CCP
below 0. This could indicate having extremely few bugs, or
else a relatively high fraction of false negatives (bug fixes we
did not identify). One possible reason for low identification
is if the project commit messages are not in English. To check
this, we built a simple linguistic model in order to identify
if a commit message is in English. The model was the 100
most frequent words in English longer than two letters (see
details and performance in supplementary materials). The
projects with negative CCP had a median English hit rate
0.16. For comparison, the median English hit rate of the
projects with positive CCP was 0.54, and 96% of them had a
hit rate above 0.16.
Interestingly, another reason for many false negatives
was the habit of using very terse messages. We sampled
5,000 commits from the negative CCP projects and com-
pared them to the triple-annotated data set used above. In
the negative CCP commits, the median message length was
only 27 characters, and the 90th percentile was 81 characters.
In the annotated data set the median was 8 times longer, and
the 90th percentile was 9 times longer.
It is also known that not all projects in GitHub (called
there repositories) are software projects [54], [76]. Since bugs
are a software concept, other projects are unlikely to have
such commits and their CCP will be negative. Hence, the
filtering also helps us to focus on software projects. Git is
unable to identify the language of 6% of the projects with
negative CCP, more than 14 time the ratio in the valid
domain. The languages ‘HTML’, ‘TeX’, ‘TSQL’, ‘Makefile’,
‘Vim script’, ‘Rich Text Format’ and ‘CSS’ are identified for
22% of the projects with negative CCP, more than 4 times as
in the valid range. Many projects involve some languages
and when we examined a sample of projects we found that
the language identification is not perfect. However, at least
28% of the projects that we filtered due to negative CCP are
not identified by GitHub as regular software projects.
To summarize, in the projects with invalid CCP esti-
mates, below 0 or above 1, the behavior of the linguistic
model changes and invalidates the fixed performance as-
sumption. We believe that the analysis of projects in the
CCP valid domain is suitable for software engineering goals.
The CCP distribution in Table 4 below is presented for both
the entire data set and only for projects with valid CCP
estimates. The rest of the analysis is done only on the valid
projects.
4.2.2 Fixed Bug Detection Efficiency Assumption
The major assumption underlying our work is that CCP
reflects quality — that the number of bug fixes reflects
the number of bugs. Likewise, the comparison of CCP
across projects assumes that the bug detection efficiency is
similar, so a difference in the CCP is due to a difference
in the existence of bugs and not due to a difference in the
ability to find them. We found two situations in which this
assumption appears to be violated. In these situations, the
ability to find bugs appears to be systematically different —
higher or lower — than in other projects.
The first such situation is in very popular projects. Linus’s
law, “given enough eyeballs, all bugs are shallow” [87], sug-
gests that a large community might lead to more effective
bug identification, and as a consequence also to higher CCP.
In order to investigate this, we used projects of companies
or communities known for their high standards: Google,
Facebook, Apache, Angular, Kubernetes, and Tensorflow.
For each such source, we compared the average CCP of
projects in the top 5% as measured by stars (7,481 stars or
more), with the average CCP of projects with fewer stars.
Table 3
Linus’s Law: CCP in projects with many or fewer stars.
top 5% bottom 95%
(>7,481 stars) (<7,481 stars)
Source N avg. CCP (lift) N avg. CCP
Google 8 0.32 (27%) 66 0.25
Facebook 9 0.30 (12%) 9 0.27
Apache 10 0.37 (44%) 35 0.26
Angular 3 0.49 (34%) 32 0.37
Kubernetes 3 0.21 (35%) 3 0.16
Tensorflow 5 0.26 (32%) 26 0.20
The results were that the most popular projects of high-
reputation sources indeed have CCP higher than less popu-
lar projects of the same organization (Table 3). The popular
projects tend to be important projects: Google’s Tensorflow
and Facebook’s React received more than 100,000 stars each.
It is not likely that such projects have lower quality than the
organization’s standard. Apparently, these projects attract
large communities which provide the eyeballs to identify
the bugs efficiently, as predicted by Linus’s law.
Note that these communities’ projects, with many stars
or not, have average CCP of 0.26, 21% more than all projects’
average. Their average number of authors is 219, 144% more
than the others. Their average age is 4 years compared to 5
years, 20% younger yet not young in both cases. However,
the average number of stars is 5,208 compared to 1,428, a lift
of 364%. It is possible that while the analysis we presented
is for extreme numbers of stars, Linus’s law kicks in already
at much lower numbers and contributed to the difference.
There are only few such projects (we looked at the top
5% from a small select set of sources). The effect on the CCP
is modest (raising the level of bug corrections by around
30%, both a top and a median project will decrease in one
decile). Thus, we expect that they will not have a significant
impact on the results presented below.
The mirror image of projects that have enough users
to benefit from Linus’s law is projects that lose their core
developers. The “Truck Factor” originated in the Agile
community. Its informal definition is “The number of people
on your team who have to be hit with a truck before the
project is in serious trouble” [108]. In order to analyze it,
we used the metric suggested by Avelino et al. [9]. Truck
Factor Developers Detachment (TFDD) is the event in which
the core developers abandon a project as if a virtual truck
had hit them [8]. We used instances of TFDD identified by
Avelino et al. and matched them with the GitHub behavior
[8]. As expected, TFDD is a traumatic event for projects, and
59% of them do not survive it.
7
Figure 2. CCP of files with or without different quality terms.
When comparing 1-month windows around a TFDD,
the average number of commits is reduced by 1 percentage
point. There is also an average reduction of 3 percentage
points in refactoring, implying a small decrease in quality
improvement effort. At the same time, the CCP improves
(decreases) by 5 percentage points. Assuming that quality
is not improved as a result of a TFDD, a more reasonable
explanation is that bug detection efficiency was reduced.
But even the traumatic loss of the core developers damage
is only 5 percentage points.
The above cases happen in identifiable conditions, and
therefore could be filtered out. But since they happen in
extreme, rare cases, we choose to leave them, and gain an
analysis that though slightly biased, represents the general
behaviour of projects.
4.3 CCP as a Quality Metric
The most important property of a metric is obviously its
validity, that it reflects the measured concept. There is a
challenge in showing that CCP measures quality since there
is no agreed definition of quality.
To circumvent this, we checked references to low quality
in commit messages and correlated them with CCP (Figs.
2 and 3). The specific terms checked were direct references
to “low quality”, and related terms like “code smell” [34],
[59], [101], [104], [112], and “technical debt” [26], [62], [102].
In addition, swearing is also a common way to express
dissatisfaction, with millions of occurrences compared to
only hundreds or thousands for the technical terms. For
files, we considered files with 10+ commits and compared
those with at least 10% occurrences of the term to the rest.
Projects may have a lot of commits, and the vast majority
do not contain the terms. Instead of a ratio, we therefore
consider a project to contain a term if it has at least 10
occurrences. As the figures show, when the terms appear,
the CCP is higher (sometime many times higher). Thus,
our quality metric agrees with the opinions of the projects’
developers regarding quality.
To verify this result, we attempted to use negative con-
trols. A negative control is an item that should be indifferent

Figure 3. CCP of projects with or without different quality terms.
to the analysis. In our case, it should be a term not related
to quality. We choose “algorithm” and “function” as such
terms. The verification worked for “algorithm” at the file
level: files with and without this term had practically the
same CCP. But files with “function” had a much higher CCP
than files without it, and projects with both terms had a
higher CCP that without them. Possible reasons are some
relation to quality (e.g., algorithmic oriented projects are
harder) or biases (e.g., object-oriented languages tend to use
the term “method” rather than “function”). Anyway, it is
clear that the difference in “low quality” is much larger and
there is a large difference in the other terms too. Note that
this investigation is not completely independent. While the
quality terms used here are different from those used for the
classification of corrective commits, we still use the same
data source.
An additional important attribute of metrics is that they
be stable. We estimate stability by comparing the CCP of the
same project in adjacent years, from 2014 to 2019. Overall,
the quality of the projects is stable over time. The Pearson
correlation between the CCP of the same project in two
successive years, with 200 or more commits in each, is 0.86.
The average CCP, using all commits from all projects, was
22.7% in 2018 and 22.3% in 2019. Looking at projects, the
CPP grew on average by 0.6 percentage points from year
to year, which might reflect a slow decrease in quality. This
average hide both increases and decreases; the average abso-
lute difference in CPP was 5.5 percentage points. Compared
to the CCP distribution presented in Table 4 below, the per
project change is very small.
5 A SSOCIATION OF CCP WITH P ROJECT AT-
TRIBUTES
To further support the claim that CCP is related to quality,
we studied the correlations of CCP with various notions
of quality reflected in project attributes. To strengthen the
results beyond mere correlations we control for variables
which might influence the results, such as project age and
the number of developers. We also use co-change analysis
8
and “twin” analysis, which show that the correlations are
consistent and unlikely to be random.
5.1 Methodology
Our results are in the form of correlations between CCP
and other metrics. For example, we show that projects with
shorter files tend to have a lower CCP. These correlations
are informative and actionable, e.g., enabling a developer
to focus on longer files during testing and refactoring. But
correlation is not causation, so we cannot say conclusively
that longer files cause a higher propensity for bugs that
need to be fixed. Showing causality requires experiments
in which we perform the change, which we leave for future
work. The correlations that we find indicate that a search for
causality might be fruitful and could motivate changes in
development practices that may lead to improved software
quality.
In order to make the results stronger than mere correla-
tion, we use several methods in the analysis. We control the
results to see that the relation between A and B is not due to
C. In particular we control for the developer, by observing
the behaviour of the same developer in different projects.
This allows us to separate the influence of the developer and
the project. We use co-change over time analysis in order to
see to what extent a change in one metric is related to a
change in the other metric.
The distributions we examined tended to have some out-
liers that are much higher than the mean and the majority of
the samples. Including outliers in the analysis might distort
the results. In order to reduce the destabilizing effect of
outliers, we applied Winsorizing [43]. We used one-sided
Winsorizing, where all values above a certain threshold are
set to this threshold. We do this for the top 1% of the
results throughout, to avoid the need to identify outliers
and define a rule for adjusting the threshold for each specific
case. In the rest of the paper we used the term capping (a
common synonym) for this action. In addition, we check
whether the metrics are stable across years. A reliable metric
applied to clean data is expected to provide similar results
in successive years.
Results are computed on 2019 active projects, and specif-
ically on projects whose CCP is in the valid domain. We
didn’t work with version releases since we work with
thousands of projects whose releases are not clearly marked.
Note that in projects doing continuous development, the
concept of release is no longer applicable.
5.1.1 Controlled Variables: Project Age, Number of Devel-
opers, and Programming Language
Our goal is to find out how to improve software devel-
opment. We would like to provide actionable recommen-
dations for better software development. However, there
are factors that influence software quality that are hard to
change. It is not that helpful for an ongoing project to find
out that a different programming language is indicative of a
lower bug rate. Yet, we examine the effect of some variables
that influence the quality yet are hard to change. We control
them in the rest of the analysis to validate that the results
hold. We do the control by conditioning on the relevant
variable and checking if the relations found in general hold
while controlling too. We don’t control by more then one
variable at a time since our data set is rather small and
controlling leads to smaller data sets, making the results
less robust to noise.
Figure 4. CCP distribution (during 2019) in projects of different ages. In
this and following figures, each boxplot shows the 5, 25, 50, 75, and 95
percentiles. The dashed line represents the mean.
Lehman’s laws of software evolution imply that quality
may have a negative correlation with the age of a project
[63], [64]. We checked this on our dataset. We first filtered
out projects that started before 2008 (GitHub beginning). For
the remaining projects, we checked their CCP at each year.
Figure 4 shows that CCP indeed tends to increase slightly
with age. In the first year, the average CCP is 0.18. There
is then a generally upward trend, getting to an average of
0.23 in 10 years. Note that there is a survival bias in the data
presented since many projects do not reach high age.
In order to see that our results are not due to the influ-
ence of age, we divided the projects into age groups. Those
started earlier than 2008 were excluded, those started in
2018–2019 (23%) are considered to be young, the next, from
2016–2017 (40%), are medium, and those from 2008–2015
(37%) are old. When we obtained a result (e.g., correlation
between coupling and CCP), we checked if the result holds
for each of the groups separately.
The number of developers, via some influence mecha-
nisms (e.g., ownership), was investigated as a quality factor
and it seems that there is some relation to quality [14], [79],
[107]. The number of developers and CCP have Pearson
correlation of 0.12. The number of developers can reach very
high values and therefore be very influential.
Fig. 5 shows that percentiles of the CCP distribution in-
crease monotonically with the number of developers. Many
explanations have been given to the quality reduction as
the number of developers increases. It might be simply a
proxy to the project size (i.e. to the LOC). It might be to
the increased communication complexity and the difficulty
to coordinate multiple developers, as suggested by Brooks
in the mythical “The Mythical Man Month” [21]. Part of it
might also be a reflection of Linus’s law, as discussed in
Section 4.2.2.
We control for the number of developers by grouping
the 25% of project with the least developers as few (at most
9
Figure 5. CCP distribution for projects with different numbers of devel-
opers.
10), the next 50% as intermediate (at most 80), and the rest
as numerous, and verifying that results hold for each such
group.
Results regarding the influence of programming lan-
guage are presented below in Section 5.2.4. We show that
the projects written in different programming languages ex-
hibit somewhat different distributions of CCP. We therefore
control for the programming language in order to see that
our results remain valid for each language individually.
5.1.2 Co-change Over Time
While experiments can help to determine causality, they
are based on few cases and expensive. On the other hand,
we have access to plenty of observations, in which we
can identify correlations. While casual relations tend to
lead to correlation, non-casual relations might also lead to
correlations due to various reasons. We would like to use an
analysis that will help to filter out non-casual relations. By
that we will be left with a smaller set of more likely relations
to be further investigated for causality.
When two metrics change simultaneously, it is less likely
to be accidental. Hence, we track the metrics over time in
order to see how their changes match. We create pairs of
the same project in two consecutive years. For each pair
we mark if the first and second metrics improved. We
observe the following co-changes. The ratio of improvement
match (the equivalent to accuracy in supervised learning),
is an indication of related changes. Denote the event that
metric i improved from one year to the next by mi↑. The
probability P (mj ↑ | mi↑), (the equivalent to precision in
supervised learning), indicates how likely we are to observe
an improvement in metric j knowing of an improvement in
metric i. It might be that we will observe high precision
but it will be simply since P (mj ↑) is high. In order to
exclude this possibility, we also observe the precision lift,
P (mj ↑ | mi↑)
− 1. Note that lift cannot be used to identify
P (mj ↑)
the causality direction since it is symmetric:
P (mj ↑ | mi↑) P (mi↑ ∧ mj ↑) P (mi↑ | mj ↑)
= = (6)
P (mj ↑) P (mi↑) · P (mj ↑) P (mi↑)
If an improvement in metric i indeed causes the improve-
ment in metric j, we expect high precision and lift. Since
small changes might be accidental, we also investigate im-
provements above a certain threshold. There is a trade-off
here since given a high threshold the improvement is clear
yet the number of cases we consider is smaller. Another
trade-off comes from how far in the past we track the co-
changes. The earlier we will go the more data we will
have. On the other hand, this will increase the weight
of old projects, and might subject the analysis to changes
in software development practices over time and to data
quality problems. We chose a scope of 5 years, avoiding
looking before 2014.
5.1.3 Controlling the Developer
Measured metric results (e.g., development speed, low cou-
pling) might be due to the developers working on the
project (e.g., skill, motivation) or due to the project envi-
ronment (e.g., processes, technical debt). To separate the
influence of developers and environment, we checked the
performance of developers active in more than one project in
our data set. By fixing a single developer and comparing the
developer’s activity in different projects, we can investigate
the influence of the project. Note that a developer active
in n projects will generate O(n2 ) project pairs (“twins”) to
compare.
We considered only involved developers, committing
at least 12 times per year, otherwise the results might be
misleading. While this omits 62% of the developers, they
are responsible for only 6% of the commits.
Consider development speed as an example. If high
speed is due to the project environment, in high speed
projects every developer is expected to be faster than himself
in other projects. This control resembles twin experiments,
popular in psychology, where a behavior of interest is
observed on twins. Since twins have a very close genetic
background, a difference in their behavior is more likely
to be due to another factor (e.g., being raised in different
families).
Assume that performance on project A is in general
better than on project B. We consider developers that con-
tributed to both projects, and check how often they are
better in project A than themselves in project B (formally,
the probability that a developer is better in project A than
in project B given that project A is better than project B).
This is equivalent to precision in supervised learning, where
the project improvement is the classifier and the developer
improvement is the concept. In some cases, a small dif-
ference might be accidental. Therefore we require a large
difference between the projects and between the developer
performance (e.g., at least 10 commits per year difference, or
more formally, the probability that a developer committed at
least 10 times more in project A than in project B given that
the average number of commits per developer in project A
is at least 10 commits higher than in project B).
5.1.4 Selection of Projects
In 2018 Github published that they had 100 million projects.
The BigQuery GitHub schema contains about 2.5 million
public projects prior to 2020. But the vast majority are not
10
appropriate for studies of software engineering, being small,
non-recent, or not even code.
In order to omit inactive or small projects where estima-
tion might be noisy, we defined our scope to be all open
source projects included in GitHub’s BigQuery data with
200+ commits in 2019. We selected a threshold of 200 to have
enough data per project, yet have enough projects above the
threshold. There are 14,749 such projects (Fig. 6).
GitHub projects in BigQuery
2,500,000
exclude small
non−recent
projects
200+ copmmits in 2019
14,749
exclude
forks
large active non−fork
9,481
exclude related
projects
large active unique
8,588
exclude invalid
CCP result
final study set
7,557
Figure 6. Process for selecting projects for analysis.
However, this set is redundant in the sense that some
projects are closely related [54]. The first step to reduce
redundancy is to exclude projects marked in the GitHub API
as being forks of other projects. This reduced the number
to 9,481 projects. Sometimes extensive amounts of code are
cloned without actual forking. Such code cloning is preva-
lent and might impact analysis [2], [35], [68]. Using com-
mits to identify relationships [72], we excluded dominated
projects, defined to have more than 50 common commits
with another, larger project, in 2019. Last, we identified
projects sharing the same name (e.g., ‘spark’) and preferred
those that belonged to the user with more projects (e.g.,
‘apache’). After the redundant projects removal, we were
left with 8,588 projects. But calculating the CCP on some of
these led to invalid values as described above. For analysis
purposes we therefore consider only projects where CCP is
in the valid range, whose number is 7,557.
5.2 Results
The following examples aim to show the applicability of
CCP. We compute the CCP of many projects and produce
the CCP distribution. We then demonstrate associations be-
tween high quality, as represented by CCP, and short source
code file length, coupling, and programming language. We
also investigate possible implications like developer engag-
ment and development speed.
5.2.1 The Distribution of CCP per Project
Given the ability to identify corrective commits, we can
classify the commits of each project and estimate the dis-
tribution of CCP over the projects’ population.
 Table 4
CCP distribution in active GitHub projects.

Full data set CCP ∈ [0, 1]

( 8,588 projects) ( 7,557 projects)
Percentile Hit rate CCP est. Hit rate CCP est.
10 0.34 0.38 0.35 0.39
20 0.28 0.30 0.29 0.32
30 0.24 0.25 0.26 0.27
40 0.21 0.21 0.22 0.23
50 0.18 0.18 0.20 0.20
60 0.15 0.14 0.17 0.17
70 0.12 0.10 0.15 0.13
80 0.09 0.06 0.12 0.10
90 0.03 -0.02 0.09 0.06
95 0.00 -0.05 0.07 0.04
Figure 7. CCP distribution for files with different lengths (in KB, capped).

Table 4 shows the distribution of hit rates and CCP

estimates on the GitHub projects with 200+ commits in 2019,
with redundant repositories (representing the same project)
excluded. The hit rate represents the fraction of commits
identified as corrective by the linguistic model, and the
CCP is the maximum likelihood estimation. The top 10%
of projects have a CCP of up to 0.06. The median project has
a CCP of 0.2, more than three times the top projects’ CCP.
Interestingly, Lientz at el. reported a median of 0.17 in 1978,
based on a survey of 69 projects [66]. The bottom 10% have
a CCP of 0.39 or more, more than 6 times higher than the
top 10%.
Given the distribution of CCP, any developer can find
the placement of his own project relative to the whole
community. The classification of commits can be obtained by
linking them to tickets in the ticket-handling system (such
as Jira or Bugzilla). For projects in which there is a single
commit per ticket, or close to that, one can compute the
CCP in the ticket-handling system directly, by calculating
the ratio of bug tickets. Hence, having full access to a project,
one can compute the exact CCP, rather than its maximum
likelihood estimation.
Comparing the project’s CCP to the distribution in the
last column of Table 4 provides an indication of the project’s
code quality and division of effort calibrated with respect to
other projects.
5.2.2 File Length and CCP
The correlation between high file length and an increase in
bugs has been widely investigated and considered to be
a fundamental influencing metric [37], [67]. The following
analysis first averages across files in each project, and then
considers the distribution across projects, so as to avoid
giving extra weight to large projects. In order to avoid
sensitivity due to large values, we capped large file lengths
at 181KB, the 99th percentile.
In our projects data set, the mean file length was 8.1 KB
with a standard deviation of 14.3KB, a ratio of 1.75 (capped
values). Figure 7 shows that the CCP increases with the
length. Projects whose average capped file size is in the
lower 25% (bellow 3.2KB) has average CCP of 0.19. The last
five deciles all have CCP around 0.23 as if at a certain point
a file is “just too long”.
We did not perform a co-change analysis of file length
and CCP since the GitHub BigQuery database stores only
the content of the files in the HEAD (last version), and not
previous ones.
Controlling by project age and developers support the
results. When controlling for language, in most languages
the top-ranked projects indeed have shorter files. On the
other hand, in PHP they are 10% longer, and in JavaScript
the lengths in the top 10% quality projects is 31% higher
than the rest.
5.2.3 Coupling and CCP
A commit is a unit of work ideally reflecting the completion
of a task. It should contain only the files relevant to that task.
Many files needed for a task means coupling. Therefore, the
average number of files in a commit can be used as a metric
for coupling [3], [113].
To validate that this metric captures the way developers
think about coupling, we compared it to the appearance of
the terms “coupled” or “coupling” in messages of commits
containing the file. Out of the files with at least 10 commits,
those with a hit rate of at least 0.1 for these terms had
average commit size 45% larger than the others.
When looking at the size of commits, it turns out that
corrective commits involve significantly fewer files than
other commit types: the average corrective commit size is
3.8, while the average non-corrective commit size is 5.5.
Therefore, comparing files with different ratios of corrective
commits will influence the apparent coupling. To avoid this,
we will compute the coupling using only non-corrective
commits. We define the coupling of a project to be the
average coupling of its files.
Figure 8 presents the results. There is a large difference
in the commit sizes: the 25% quantile is 3.1 files and the
75% quantile is 7.1. Similarly to the relation of CCP to file
sizes, here too the distribution of CCP in commits above the
median size appears to be largely the same, with an average
of 0.24. But in smaller commits there is a pronounced
correlation between CCP and commit size, and the average
CCP in the low coupling 25% is 0.18. Projects that are in
the lower 25% in both file length and coupling have 0.15
average CCP and 29.3% chance to be in the top 10% of the
CCP-based quality scale, 3 times more than expected.
When we analyze CCP and coupling co-change, the
match for any improvement is 52%. A 10-percentage point
reduction in CCP and a one file reduction in coupling are

11
Figure 8. CCP distribution for projects with different average commit
sizes (number of files, capped, in non-corrective commits).

matched 72% of the time. Given a reduction of coupling by

one file, the probability of a CCP reduction of 10 percentage
points is 9%, a lift of 32%. Results hold when controlling for
Figure 9. Cumulative distribution of CCP by language. Distributions
language, number of developers, and age, though in some shifted to the right tend to have higher CCP.
setting the groups are empty or very small.
In twin experiments, the probability that the developer’s Table 5
coupling is better (lower) in the better project was 49%, a lift CCP and development speed (commits per year of involved
of 15%. When the coupling in the better project was better developers) per language. Values are averages ± standard errors.
by at least one file, the developer coupling was better by one
file in 33% of the cases, a lift of 72%. Metric
Language Projects CCP Speed Speed in Speed in
top 10% others
5.2.4 Programming Languages and CCP Shell 146 0.18 ± 0.010 171 ± 10 185 ± 29 169 ± 11
JavaScript 1342 0.20 ± 0.004 156 ± 3 166 ± 8 154 ± 3
Our investigation of programming languages aims to con-
C# 315 0.21 ± 0.008 181 ± 6 207 ± 27 178 ± 7
trol the influence on CCP, not to investigate programming Python 1069 0.22 ± 0.004 139 ± 3 177 ± 19 137 ± 3
languages as a subject. Other than the direct language in- Java 764 0.22 ± 0.005 148 ± 4 205 ± 17 143 ± 4
fluence, languages are often used in different domains, and C++ 341 0.24 ± 0.007 201 ± 7 324 ± 33 196 ± 7
indirectly imply programming culture and communities. PHP 326 0.25 ± 0.009 168 ± 6 180 ± 22 167 ± 6
We extracted the 100 most common file name extensions
in GitHub, which cover 94% of the files. Of these, 28 exten-
sions are of Turing-Complete programming languages (i.e., cating that language indeed has a substantial effect, with
excluding languages like SQL). We consider a language to be a p-value around 10−9 . Hence, as Table 5 shows, there are
the dominant language in a project if above 80% of files were statistically significant differences among the programming
in this language. There were 5,407 projects with a dominant language, yet compared to the range of the CCP distribution
language out of the 7,557 being studied. Figure 9 shows the they are small.
CDFs of the CCP of projects in major languages. Of course, the above is not a full comparison of program-
The figure focuses on the high to medium quality region ming languages (See [12], [78], [82], [86] for comparisons
(excluding the highest CCPs). For averages see Table 5. All and the difficulties involving them). Many factors (e.g. being
languages cover a wide and overlapping range of CCP, typed, memory allocation handing, compiled vs. dynamic)
and in all languages one can write high quality code. The might cause the differences in the languages’ CCP. Our
least bugs occurred in Shell. This is an indication of the results agree with the results of [12], [86], indicating that
need to analyze quality carefully, as Shell is used to write difference between languages is usually small and that C++
scripts and should not be compared directly with languages has relatively high CCP.
used to write, for example, real-time applications. Project in
JavaScript, and to a somewhat lesser degree, in C#, tend to 5.2.5 Developer Engagement and CCP
have lower CCPs. Higher CCPs occur in C++, and, towards The relation between churn (developers abandoning the
the tail of the distribution, in PHP. The rest of the languages project) and quality steps out of the technical field and
are usually in between with changing regions of better involves human psychology. Motivation influences perfor-
performance. mance [22], [110]. Argyle investigated the relation between
In order to verify that differences are not accidental, we developers’ happiness and their job satisfaction and work
split the projects by language and examined their average performance, showing “modestly positive correlations with
CCP. An ANOVA test [32] led to a F-statistic of 8.3, indi- productivity, absenteeism and labour turnover” [7]. On the

12
other direction, Ghayyur et al. conducted a survey in which
72% claimed that poor code quality is demotivating [36].
Hence, quality might be both the outcome and the cause of
motivation.
Figure 10. Developer retention per CCP decile. Note the change in the
median.
We checked the retention of involved developers, where
retention is quantified as the percentage of developers that
continue to work on the project in the next year, averaged
over all years (Figure 10). Note that the median is 100%
retention in all four top deciles, decreases over the next
three, and stabilizes again at about 85% in the last three
CCP deciles.
When looking at co-change of CCP with churn (1 −
retention), the match is only 51% for any change but 79%
for a change of at least 10 percentage points in each metric.
A improvement of 10 percent points in CCP leads to a
significant improvement in churn in 21% of the cases, a
lift of 17%. When controlling the language, age group, or
developer number group, we still get matching co-change.
Figure 11. On-boarding per CCP decile.
acquiring new developers complements the retention of
existing ones. We define the on-boarding ratio as the average
percentage of new developers becoming involved. Figure 11
shows that the higher the CCP, the lower is the on-boarding,
13
and on-boarding average is doubled in the first decile com-
pared to the last. In order to be more robust to noise, we
consider projects that have at least 10 new developers. When
looking at co-change of on-boarding and CCP, the match is
only 53% for any change but 85% for a change of at least
10 percent points in both metrics. An improvement of 10
percent points in CCP leads to a significant improvement
in on-boarding in 10% of the cases, a lift of 18%. When
controlling on language, results fit the relation other than in
PHP and Shell (which had a small number of cases). Results
hold for all age groups. For size, they hold for intermediate
and numerous numbers of developers; by definition, with
few developers there are no projects with at least 10 new
developers.
5.2.6 Development Speed and CCP
Like quality, the definition of productivity is subjective and
not clear. Measures including LOC [70], modules [74], and
function points [49], [69] per time unit have been suggested
and criticized [56], [57]. We chose to measure development
speed by the number of commits per developer per year.
This is an output per time measure, and the inverse of time
to complete a task, investigated in the classical work of
Sackman et al. [91]. The number of commits is correlated
with self-rated productivity [77] and team lead perception
of productivity [81]. We chose commits as the output unit
since a commit is a unit of work, its computation is easy
and objective, and it is not biased toward implementation
details.
The number of commits per project per year is stable
with a Pearson correlation of 0.71. The number of devel-
opers per year is also stable with a Pearson correlation
0.81. To study development speed we omit developers with
fewer than 12 commits per year since they are non-involved
developers. We also capped the number of commits per
developer at 500, about the 99th percentile of the develop-
ers’ contributions. While commits by users below the 99th
percentile are only 73% of the total, excluding the long
tail (which reaches 300,000 commits) is justified because
it most probably does not represent usual manual human
effort. Using both restrictions the correlation of commits
per developer in adjacent years is 0.62 (compared to 0.59
without them), which is reasonably stable.
As Figure 12 shows, there is a steady decrease of speed
with CCP. The average speed in the first decile is 56% higher
than in the last one. As with file length, speed differs in
projects written in different languages. Yet in all of them
higher quality goes with higher speed (see Table 5).
We conducted twin experiments, to control the devel-
oper. When a developer works in a faster project, he is faster
than himself in other projects in 51% of the cases, 8% lift.
When the project speed is 10 commits larger, the developer
has 42% chance to be also 10 commits faster than himself, a
lift of 11%.
We also investigated the co-change of CCP and speed.
In 52% of the cases, an improvement in CCP goes with
improvement in speed. Given a CCP improvement, there is
a speed improvement in 53% of the cases, a lift of 4%. Given
a 10 percent points improvement in CCP, the probability of
10 more commits per year per developer is 53%, and the
lift is 2%. In the other direction, given an improvement in

Figure 12. Distribution of commits of involved developers (capped) per
CCP decile.
speed the probability of a significant improvement in CCP
drops to 7%. Hence, knowing of a significant improvement
in CCP a speed improvement is likely, but knowing of a
speed improvement a significant CCP improvement is very
unlikely.
When controlling for age or language, results hold. Re-
sults also hold for intermediate and numerous developer
groups, with a positive lift when the change is significant,
but a -3% lift in the few developers group for any change.
There are two differing theories regarding the relations
between quality and productivity. The classical Iron Triangle
[80] sees them as a trade-off: investment in quality comes at
the expense of productivity. On the other hand, “Quality
is Free” claims that investment in quality is beneficial and
leads to increased productivity [25]. Our results in Table 5
enable a quantitative investigation of this issue, where speed
is operationalized by commits per year and quality by CCP.
As “Quality is Free” predicts, we find that in high
quality projects the development speed is much higher.
The twin experiments help to reduce noise, demonstrating
that development speed is a characteristic of the project. In
case that this correlation is indeed due to causality, then
when you improve the quality you also gain speed, enjoying
both worlds. This relation between quality and development
speed is also supported by Jones’s research on time wasted
due to low quality [51], [53] and developers performing the
same tasks during “Personal Software Process” training [98].
6 T HREATS TO VALIDITY
There is no agreed quantitative definition of quality, hence
we cannot ensure that a certain metric measures quality. In
order to cope with this, we showed that our metric agrees
with developers’ comments on quality and is associated
with variables that are believed to reflect or influence qual-
ity.
A specific threat to validity in our work is related to
construct validity. We set out to measure the Corrective
Commit Probability and do so based on a linguistic analysis.
We investigated whether it is indeed accurate and precise in
Section 4.1.
14
The number of test labeled commits is small, about
1,000, hence there is a question of how well they represent
the underlying distribution. We evaluated the sensitivity to
changes in the data. Since the model was built mainly using
domain knowledge and a different data set, we could use a
small training set. Therefore, we preferred to use most of the
labels as test set for the variables estimation and to improve
the estimation of the recall and F pr.
The labeling was done manually by humans who are
prone to error and subjectivity. In order to make the labeling
stricter, we used a labeling protocol. Out of the samples,
400 were labeled by three annotators independently. The
labels were compared in order to evaluate the amount of
uncertainty.
Other than uncertainty due to different opinions, there
was uncertainty due to the lack of information in the commit
message. For example, the message “Changed result default
value to False” describes a change well but leaves us uncer-
tain regarding its nature. We used the gold standard labels
to verify that this is rare.
Our main assumption is the conditional independence
between the corrective commits (code) and the commit
messages describing them (process) given our concept (the
commit being corrective, namely a bug fix). This means that
the model performance is the same over all the projects, and
a different hit rate is due to a different CCP. This assumption
is invalid in some cases. For example, projects documented
in a language other than English will appear to have no
bugs. Non-English commit messages are relatively easy to
identify; more problematic are differences in English flu-
ency. Native English speakers are less likely to have spelling
mistakes and typos. A spelling mistake might prevent our
model from identifying the textual pattern, thus lowering
the recall. This will lead to an illusive benefit of spelling
mistakes, misleading us to think that people who tend to
have more spelling mistakes tend to have fewer bugs.
Another threat to validity is due to the family of models
that we chose to use. We chose to represent the model using
two parameters, recall and F pr, following the guidance of
Occam’s razor and resorting to a more complex solution
only when a need arises. However, many other families
of models are possible. We could consider different sub-
models for various message lengths, a model that predicts
the commit category instead of the Boolean "Is Corrective"
concept, etc. Each family will have different parameters and
behavior. More complex models will have more represen-
tative power but will be harder to learn and require more
samples.
A common assumption in statistical analysis is the IID
assumption (Independent and Identically Distributed ran-
dom variables). This assumption clearly doesn’t hold for
GitHub projects. We found that forks, projects based on
others and sharing a common history, were 35% of the active
projects. We therefore removed forks, but projects might still
share code and commits. Also, older projects, with more
commits and users, have higher weight in twin studies and
co-change analysis.
Our metric focuses on the fraction of commits that correct
bugs. One can claim that the fraction of commits that induce
bugs is a better quality-metric. In principle, this can be
done using the SZZ algorithm (the common algorithm for
identifying bug inducing commits [99]). But note that SZZ
is applied after the bug was identified and fixed. Thus, the
inducing and fixing commits are actually expected to give
similar results.
Another major threat concerns internal validity. Our
basic assumption is that corrective commits reflect bugs,
and therefore a low CCP is indicative of few bugs and high
quality. But a low CCP can also result from a disregard for
fixing bugs or an inability to do so. On the other hand, in
extremely popular projects, Linus’s law “given enough eye-
balls, all bugs are shallow” [87] might lead to more effective
bug identification and high CCP. Another unwanted effect
of using corrective commits is that improvements in bug
detection (e.g., by doubling the QA department) will look
like a reduction in quality. The correlations found between
CCP and various other indicators of software quality add
confidence that CCP is indeed valid. We identify such cases
and discuss them in Section 4.2.2.
Focusing on corrective commits also leads to several
biases. Most obviously, existing bugs that have not been
found yet are unknown. Finding and fixing bugs might
take months [60]. When projects differ in the time needed
to identify a bug, our results will be biased.
Software development is usually done subject to lack of
time and resources. Due to that, many times known bugs of
low severity are not fixed. While this leads to a bias, it can
be considered to be a desirable one, by focusing on the more
important bugs.
A threat to external validity might arise due to the use of
open source projects that might not represent projects done
in software companies. We feel that the open source projects
are of significant interest on their own. Other than that, the
projects we analyzed include projects of Google, Microsoft,
Apple, etc. so at least part of the area is covered.
Time, cost, and development speed are problematic to
measure. We use commits as a proxy to work since they
typically represent tasks. Yet, tasks differ in size and diffi-
culty and their translation to commits might differ due to
the project or developer habits. Commits may also include
a mix of different tasks. In order to reduce the influence
of project culture we aggregated many of them. In order
to eliminate the effect of personal habits, we used twins
experiments. Other than that, the number of commits per
time is correlated to developers’ self-rated productivity [77]
and team lead perception of productivity [81], hence it
provides a good computable estimator.
7 C ONCLUSIONS
We presented a novel way to measure projects’ code quality,
using the Corrective Commit Probability (CCP). We use the
consensus that bugs are bad and indicative of low quality to
base a metric on them. We started off with a linguistic model
to identify corrective commits, significantly improving prior
work [3], [5], [45], [65], and developed a mathematical
method to find the most likely CCP given the model’s hit
rate. The CCP metric has the following properties:
• It matches developers’ references to quality.
• It is stable: it reflects the character of a project and does
not change much from year to year.
15
It is informative in that it has a wide range of values
•
and distinguishes between projects.
We estimated the CCP of all 7,557 large active projects
in BigQuery’s GitHub data. This created a quality scale,
enabling observations on the state of the practice. Using
this scale developers can compare their project’s quality
(as reflected by CCP) to the community. A low percentile
suggests the need for quality improvement efforts.
We checked the sensitivity of our assumptions and no-
ticed that the theoretical invalid CCP range indeed tend
to be not in English or not software. A difference in bug
detection efficiency was demonstrated in highly popular
projects, supporting Linus’s law [87].
Our results also helped demonstrate that “Quality is
Free”. Instead of a trade-off between quality and devel-
opment speed, we find that they are positively correlated,
and this was further supported with co-change analysis and
twin experiments. Thus, investing in quality may actually
reduce schedules rather than extending them.
We show a correlation between short files and low
coupling and quality, supporting to well-know recommen-
dation for quality improvement. Hence, if the discussed
relations are indeed casual, we have a simple way to reach
high quality, which will benefit a project also in higher
productivity, better on-boarding, and lower churn.
Supplementary Materials
The language models are available at https://github.
com/evidencebp/commit-classification Utilities used for
the analysis (e.g., co-change) are at https://github.com/
evidencebp/analysis_utils All other supplementary ma-
terials can be found at https://github.com/evidencebp/
corrective-commit-probability
Acknowledgements
This research was supported by the ISRAEL SCIENCE
FOUNDATION (grant No. 832/18). We thank Amiram
Yehudai and Stanislav Levin for providing us their data
set of labeled commits [65]. We thank Guilherme Avelino
for drawing our attention to the importance of Truck Factor
Developers Detachment (TFDD) and providing a data set
[8].
R EFERENCES
[1] H. Al-Kilidar, K. Cox, and B. Kitchenham. The use and usefulness
of the ISO/IEC 9126 quality standard. In Intl. Synp. Empirical
Softw. Eng., pages 126–132, Nov 2005.
[2] M. Allamanis. The adverse effects of code duplication in ma-
chine learning models of code. In Proceedings of the 2019 ACM
SIGPLAN International Symposium on New Ideas, New Paradigms,
and Reflections on Programming and Software, Onward! 2019, page
143–153, New York, NY, USA, 2019. Association for Computing
Machinery.
[3] I. Amit and D. G. Feitelson. Which refactoring reduces bug rate?
In Proceedings of the Fifteenth International Conference on Predictive
Models and Data Analytics in Software Engineering, PROMISE’19,
pages 12–15, New York, NY, USA, 2019. ACM.
[4] I. Amit, E. Firstenberg, and Y. Meshi. Framework for semi-
supervised learning when no labeled data is given. U.S. patent
application #US20190164086A1, 2017.
[5] J. J. Amor, G. Robles, J. M. Gonzalez-Barahona, and A. Navarro.
Discriminating development activities in versioning systems: A
case study, Jan 2006.
[6] G. Antoniol, K. Ayari, M. Di Penta, F. Khomh, and Y.-G.
Guéhéneuc. Is it a bug or an enhancement? a text-based approach
to classify change requests. In Proceedings of the 2008 Conference of
the Center for Advanced Studies on Collaborative Research: Meeting of
Minds, CASCON ’08, New York, NY, USA, 2008. Association for
Computing Machinery.
[7] M. Argyle. Do happy workers work harder? the effect of job satis-
faction on job performance. In R. Veenhoven, editor, How harmful
is happiness? Consequences of enjoying life or not. Universitaire Pers,
Rotterdam, The Netherlands, 1989.
[8] G. Avelino, E. Constantinou, M. T. Valente, and A. Serebrenik.
On the abandonment and survival of open source projects: An
empirical investigation. CoRR, abs/1906.08058, 2019.
[9] G. Avelino, L. T. Passos, A. C. Hora, and M. T. Valente. A novel
approach for estimating truck factors. CoRR, abs/1604.06766,
2016.
[10] V. R. Basili, L. C. Briand, and W. L. Melo. A validation of object-
oriented design metrics as quality indicators. IEEE Transactions
on Software Engineering, 22(10):751–761, Oct 1996.
[11] G. Bavota, A. De Lucia, M. Di Penta, R. Oliveto, and F. Palomba.
An experimental investigation on the innate relationship between
quality and refactoring. J. Syst. & Softw., 107:1–14, Sep 2015.
[12] E. D. Berger, C. Hollenbeck, P. Maj, O. Vitek, and J. Vitek.
On the impact of programming languages on code quality: A
reproduction study. ACM Trans. Program. Lang. Syst., 41(4), Oct
2019.
[13] C. Bird, A. Bachmann, E. Aune, J. Duffy, A. Bernstein, V. Filkov,
and P. Devanbu. Fair and balanced?: Bias in bug-fix datasets.
In Proceedings of the the 7th Joint Meeting of the European Software
Engineering Conference and the ACM SIGSOFT Symposium on The
Foundations of Software Engineering, ESEC/FSE ’09, pages 121–130,
New York, NY, USA, 2009. ACM.
[14] C. Bird, N. Nagappan, B. Murphy, H. Gall, and P. Devanbu. Don’t
touch my code! examining the effects of ownership on software
quality. In Proceedings of the 19th ACM SIGSOFT symposium and
the 13th European conference on Foundations of software engineering,
pages 4–14, 2011.
[15] C. Bird, P. C. Rigby, E. T. Barr, D. J. Hamilton, D. M. German,
and P. Devanbu. The promises and perils of mining git. In
2009 6th IEEE International Working Conference on Mining Software
Repositories, pages 1–10, May 2009.
[16] B. Boehm and V. R. Basili. Software defect reduction top 10 list.
Computer, 34(1):135–137, Jan 2001.
[17] B. W. Boehm. Software Engineering Economics. Prentice-Hall, 1981.
[18] B. W. Boehm, J. R. Brown, and M. Lipow. Quantitative evaluation
of software quality. In Intl. Conf. Softw. Eng., number 2, pages
592–605, Oct 1976.
[19] B. W. Boehm and P. N. Papaccio. Understanding and control-
ling software costs. IEEE Transactions on Software Engineering,
14(10):1462–1477, Oct 1988.
[20] G. Box. Robustness in the strategy of scientific model building.
In R. L. LAUNER and G. N. WILKINSON, editors, Robustness in
Statistics, pages 201 – 236. Academic Press, 1979.
[21] F. P. Brooks, Jr. The Mythical Man-Month: Essays on Software
Engineering. Addison-Wesley, 1975.
[22] J. P. Campbell, R. A. McCloy, S. H. Oppler, and C. E. Sager.
A theory of performance. In N. Schmitt, W. C. Borman, and
Associates, editors, Personnel Selection in Organizations, pages 35–
70. Jossey-Bass Pub., 1993.
[23] S. R. Chidamber and C. F. Kemerer. A metrics suite for object
oriented design. IEEE Trans. Softw. Eng., 20(6):476–493, Jun 1994.
[24] J. Cohen. A coefficient of agreement for nominal scales. Educa-
tional and Psychological Measurement, 20(1):37–46, 1960.
[25] P. Crosby. Quality Is Free: The Art of Making Quality Certain.
McGrawHill, 1979.
[26] W. Cunningham. The wycash portfolio management system. In
Addendum to the Proceedings on Object-Oriented Programming Sys-
tems, Languages, and Applications (Addendum), OOPSLA ’92, page
29–30, New York, NY, USA, 1992. Association for Computing
Machinery.
[27] M. D’Ambros, M. Lanza, and R. Robbes. An extensive compar-
ison of bug prediction approaches. In 2010 7th IEEE Working
Conference on Mining Software Repositories (MSR 2010), pages 31–
41, May 2010.
[28] A. P. Dawid and A. M. Skene. Maximum likelihood estimation of
observer error-rates using the em algorithm. Journal of the Royal
Statistical Society. Series C (Applied Statistics), 28(1):20–28, 1979.
16
[29] M. Dawson, D. Burrell, E. Rahim, and S. Brewster. Integrating
software assurance into the software development life cycle
(SDLC). Journal of Information Systems Technology and Planning,
3:49–53, 2010.
[30] G. Dromey. A model for software product quality. IEEE Trans.
Softw. Eng., 21(2):146–162, Feb 1995.
[31] B. Efron. Bootstrap Methods: Another Look at the Jackknife, pages
569–593. Springer New York, New York, NY, 1992.
[32] R. Fisher. The correlation between relatives on the supposition
of mendelian inheritance. Transactions of the Royal Society of
Edinburgh, 52(2):399–433, 1919.
[33] M. Fowler. Refactoring: Improving the Design of Existing Code.
Addison-Wesley Longman Publishing Co., Inc., Boston, MA,
USA, 1999.
[34] M. Fowler, K. Beck, and W. R. Opdyke. Refactoring: Improving
the design of existing code. In 11th European Conference. Jyväskylä,
Finland, 1997.
[35] M. Gharehyazie, B. Ray, M. Keshani, M. S. Zavosht, A. Hey-
darnoori, and V. Filkov. Cross-project code clones in github.
Empirical Software Engineering, 24(3):1538–1573, Jun 2019.
[36] S. A. K. Ghayyur, S. Ahmed, S. Ullah, and W. Ahmed. The
impact of motivator and demotivator factors on agile software
development. International Journal of Advanced Computer Science
and Applications, 9(7), 2018.
[37] Y. Gil and G. Lalouche. On the correlation between size and
metric validity. Empirical Softw. Eng., 22(5):2585–2611, Oct 2017.
[38] T. L. Graves, A. F. Karr, J. S. Marron, and H. Siy. Predicting fault
incidence using software change history. IEEE Transactions on
Software Engineering, 26(7):653–661, July 2000.
[39] T. Gyimothy, R. Ferenc, and I. Siket. Empirical validation of
object-oriented metrics on open source software for fault pre-
diction. IEEE Transactions on Software Engineering, 31(10):897–910,
Oct 2005.
[40] R. Hackbarth, A. Mockus, J. Palframan, and R. Sethi. Improving
software quality as customers perceive it. IEEE Softw., 33(4):40–
45, Jul/Aug 2016.
[41] T. Hall, S. Beecham, D. Bowes, D. Gray, and S. Counsell. A
systematic literature review on fault prediction performance in
software engineering. IEEE Trans. Softw. Eng., 38(6):1276–1304,
Nov 2012.
[42] M. H. Halstead. Elements of Software Science (Operating and
Programming Systems Series). Elsevier Science Inc., New York,
NY, USA, 1977.
[43] C. Hastings, F. Mosteller, J. W. Tukey, and C. P. Winsor. Low mo-
ments for small samples: A comparative study of order statistics.
Ann. Math. Statist., 18(3):413–426, 09 1947.
[44] K. Herzig, S. Just, and A. Zeller. It’s not a bug, it’s a feature:
How misclassification impacts bug prediction. In Proceedings of
the 2013 International Conference on Software Engineering, ICSE ’13,
pages 392–401, Piscataway, NJ, USA, 2013. IEEE Press.
[45] A. Hindle, D. M. German, M. W. Godfrey, and R. C. Holt.
Automatic classication of large changes into maintenance cat-
egories. In 2009 IEEE 17th International Conference on Program
Comprehension, pages 30–39, May 2009.
[46] D. Hovemeyer and W. Pugh. Finding bugs is easy. SIGPLAN
Not., 39(12):92–106, Dec 2004.
[47] I. IEC. 9126-1 (2001). software engineering product quality-part
1: Quality model. International Organization for Standardization,
page 16, 2001.
[48] International Organization for Standardization. Systems and soft-
ware engineering – systems and software quality requirements
and evaluation (square) – system and software quality models,
2011.
[49] Z. Jiang, P. Naudé, and C. Comstock. An investigation on the
variation of software development productivity. IEEE Transac-
tions on Software Engineering, 1(2):72–81, 2007.
[50] C. Jones. Applied Software Measurement: Assuring Productivity and
Quality. McGraw-Hill, Inc., New York, NY, USA, 1991.
[51] C. Jones. Social and technical reasons for software project failures.
CrossTalk, The J. Def. Software Eng., 19(6):4–9, 2006.
[52] C. Jones. Software quality in 2012: A survey of the state of the
art, 2012. [Online; accessed 24-September-2018].
[53] C. Jones. Wastage: The impact of poor quality on software
economics. retrieved from http://asq.org/pub/sqp/. Software
Quality Professional, 18(1):23–32, 2015.
[54] E. Kalliamvakou, G. Gousios, K. Blincoe, L. Singer, D. German,
and D. Damian. The promises and perils of mining github
(extended version). Empirical Software Engineering, 01 2015.
[55] Y. Kamei, E. Shihab, B. Adams, A. E. Hassan, A. Mockus,
A. Sinha, and N. Ubayashi. A large-scale empirical study of
just-in-time quality assurance. IEEE Transactions on Software
Engineering, 39(6):757–773, June 2013.
[56] C. F. Kemerer. Reliability of function points measurement: A field
experiment. Commun. ACM, 36(2):85–97, Feb 1993.
[57] C. F. Kemerer and B. S. Porter. Improving the reliability of
function point measurement: An empirical study. IEEE Trans.
Softw. Eng., 18(11):1011–1024, Nov 1992.
[58] F. Khomh, T. Dhaliwal, Y. Zou, and B. Adams. Do faster releases
improve software quality?: An empirical case study of mozilla
firefox. In Proceedings of the 9th IEEE Working Conference on Mining
Software Repositories, MSR ’12, pages 179–188, Piscataway, NJ,
USA, 2012. IEEE Press.
[59] F. Khomh, M. Di Penta, and Y.-G. Gueheneuc. An exploratory
study of the impact of code smells on software change-proneness.
In 2009 16th Working Conference on Reverse Engineering, pages 75–
84. IEEE, 2009.
[60] S. Kim and E. J. Whitehead, Jr. How long did it take to fix bugs?
In Proceedings of the 2006 International Workshop on Mining Software
Repositories, MSR ’06, pages 173–174, New York, NY, USA, 2006.
ACM.
[61] S. Kim, T. Zimmermann, E. J. Whitehead Jr., and A. Zeller.
Predicting faults from cached history. In Proceedings of the 29th
International Conference on Software Engineering, ICSE ’07, pages
489–498, Washington, DC, USA, 2007. IEEE Computer Society.
[62] P. Kruchten, R. L. Nord, and I. Ozkaya. Technical debt: From
metaphor to theory and practice. Ieee software, 29(6):18–21, 2012.
[63] M. M. Lehman. Programs, life cycles, and laws of software
evolution. Proceedings of the IEEE, 68(9):1060–1076, 1980.
[64] M. M. Lehman, J. F. Ramil, P. D. Wernick, D. E. Perry, and W. M.
Turski. Metrics and laws of software evolution – the nineties
view. In Intl. Software Metrics Symp., number 4, pages 20–32, Nov
1997.
[65] S. Levin and A. Yehudai. Boosting automatic commit classifica-
tion into maintenance activities by utilizing source code changes.
In Proceedings of the 13th International Conference on Predictive
Models and Data Analytics in Software Engineering, PROMISE,
pages 97–106, New York, NY, USA, 2017. ACM.
[66] B. P. Lientz, E. B. Swanson, and G. E. Tompkins. Characteristics
of application software maintenance. Comm. ACM, 21(6):466–471,
Jun 1978.
[67] M. Lipow. Number of faults per line of code. IEEE Transactions
on software Engineering, (4):437–439, 1982.
[68] C. V. Lopes, P. Maj, P. Martins, V. Saini, D. Yang, J. Zitny,
H. Sajnani, and J. Vitek. Déjàvu: A map of code duplicates on
github. Proc. ACM Program. Lang., 1(OOPSLA), Oct 2017.
[69] K. D. Maxwell and P. Forselius. Benchmarking software devel-
opment productivity. IEEE Software, 17(1):80–88, Jan 2000.
[70] K. D. Maxwell, L. Van Wassenhove, and S. Dutta. Software
development productivity of european space, military, and in-
dustrial applications. IEEE Transactions on Software Engineering,
22(10):706–718, Oct 1996.
[71] T. J. McCabe. A complexity measure. IEEE Trans. Softw. Eng.,
2(4):308–320, Jul 1976.
[72] A. Mockus, D. Spinellis, Z. Kotti, and G. J. Dusing. A complete
set of related git repositories identified via community detection
approaches based on shared commits, 2020.
[73] A.-J. Molnar, A. NeamŢu, and S. Motogna. Evaluation of software
product quality metrics. In E. Damiani, G. Spanoudakis, and
L. A. Maciaszek, editors, Evaluation of Novel Approaches to Software
Engineering, pages 163–187, Cham, 2020. Springer International
Publishing.
[74] S. Morasca and G. Russo. An empirical study of software
productivity. In 25th Annual International Computer Software and
Applications Conference. COMPSAC 2001, pages 317–322, Oct 2001.
[75] R. Moser, W. Pedrycz, and G. Succi. Analysis of the reliability of a
subset of change metrics for defect prediction. In Proceedings of the
Second ACM-IEEE International Symposium on Empirical Software
Engineering and Measurement, ESEM ’08, pages 309–311, New
York, NY, USA, 2008. ACM.
[76] N. Munaiah, S. Kroh, C. Cabrey, and M. Nagappan. Curating
github for engineered software projects. Empirical Software Engi-
neering, 22, 04 2017.
17
[77] E. Murphy-Hill, C. Jaspan, C. Sadowski, D. C. Shepherd,
M. Phillips, C. Winter, A. K. Dolan, E. K. Smith, and M. A. Jorde.
What predicts software developers’ productivity? Transactions on
Software Engineering, 2019.
[78] S. Nanz and C. A. Furia. A comparative study of programming
languages in rosetta code. In 2015 IEEE/ACM 37th IEEE Interna-
tional Conference on Software Engineering, volume 1, pages 778–788,
May 2015.
[79] B. Norick, J. Krohn, E. Howard, B. Welna, and C. Izurieta.
Effects of the number of developers on code quality in open
source software: a case study. In Proceedings of the 2010 ACM-
IEEE International Symposium on Empirical Software Engineering
and Measurement, pages 1–1, 2010.
[80] R. Oisen. Can project management be defined? Project Manage-
ment Quarterly, 2(1):12–14, 1971.
[81] E. Oliveira, E. Fernandes, I. Steinmacher, M. Cristo, T. Conte, and
A. Garcia. Code and commit metrics of developer productivity: a
study on team leaders perceptions. Empirical Software Engineering,
04 2020.
[82] L. Prechelt. An empirical comparison of seven programming
languages. Computer, 33(10):23–29, Oct 2000.
[83] F. Rahman and P. Devanbu. How, and why, process metrics are
better. In 2013 35th International Conference on Software Engineering
(ICSE), pages 432–441, May 2013.
[84] F. Rahman, D. Posnett, A. Hindle, E. T. Barr, and P. T. Devanbu.
Bugcache for inspections: hit or miss? In SIGSOFT FSE, 2011.
[85] A. J. Ratner, C. M. De Sa, S. Wu, D. Selsam, and C. Ré. Data
programming: Creating large training sets, quickly. In D. D. Lee,
M. Sugiyama, U. V. Luxburg, I. Guyon, and R. Garnett, editors,
Advances in Neural Information Processing Systems 29, pages 3567–
3575. Curran Associates, Inc., 2016.
[86] B. Ray, D. Posnett, V. Filkov, and P. Devanbu. A large scale
study of programming languages and code quality in github.
In Proceedings of the 22Nd ACM SIGSOFT International Symposium
on Foundations of Software Engineering, FSE 2014, pages 155–165,
New York, NY, USA, 2014. ACM.
[87] E. Raymond. The cathedral and the bazaar. First Monday, 3(3),
1998.
[88] S. Reddivari and J. Raman. Software quality prediction: An inves-
tigation based on machine learning. 2019 IEEE 20th International
Conference on Information Reuse and Integration for Data Science
(IRI), pages 115–122, 2019.
[89] H. G. Rice. Classes of recursively enumerable sets and their
decision problems. Transactions of the American Mathematical
Society, 74(2):358–366, 1953.
[90] J. Rosenberg. Some misconceptions about lines of code. In
Proceedings fourth international software metrics symposium, pages
137–142. IEEE, 1997.
[91] H. Sackman, W. J. Erikson, and E. E. Grant. Exploratory ex-
perimental studies comparing online and offline programming
performance. Commun. ACM, 11(1):3–11, Jan 1968.
[92] S. R. Schach, B. Jin, L. Yu, G. Z. Heller, and J. Offutt. Determining
the distribution of maintenance categories: Survey versus mea-
surement. Empirical Softw. Eng., 8(4):351–365, Dec 2003.
[93] N. F. Schneidewind. Body of knowledge for software quality
measurement. Computer, 35(2):77–83, Feb 2002.
[94] B. Settles. Active learning literature survey. Technical report,
University of Wisconsin–Madison, 2010.
[95] M. Shepperd. A critique of cyclomatic complexity as a software
metric. Software Engineering J., 3(2):30–36, Mar 1988.
[96] E. Shihab, A. E. Hassan, B. Adams, and Z. M. Jiang. An industrial
study on the risk of software changes. In Proceedings of the
ACM SIGSOFT 20th International Symposium on the Foundations
of Software Engineering, FSE ’12, pages 62:1–62:11, New York, NY,
USA, 2012. ACM.
[97] N. C. Shrikanth and T. Menzies. Assessing practitioner beliefs
about software defect prediction. In Intl. Conf. Softw. Eng.,
number 42, May 2020.
[98] N. C. Shrikanth, W. Nichols, F. M. Fahid, and T. Men-
zies. Assessing practitioner beliefs about software engineering.
arXiv:2006.05060, June 2020.
[99] J. Śliwerski, T. Zimmermann, and A. Zeller. When do changes
induce fixes? SIGSOFT Softw. Eng. Notes, 30(4):1–5, May 2005.
[100] E. B. Swanson. The dimensions of maintenance. In Proceedings of
the 2Nd International Conference on Software Engineering, ICSE ’76,
pages 492–497, Los Alamitos, CA, USA, 1976. IEEE Computer
Society Press.
[101] S. E. S. Taba, F. Khomh, Y. Zou, A. E. Hassan, and M. Nagappan.
Predicting bugs using antipatterns. In 2013 IEEE International
Conference on Software Maintenance, pages 270–279, 2013.
[102] E. Tom, A. Aurum, and R. Vidgen. An exploration of technical
debt. Journal of Systems and Software, 86(6):1498–1516, 2013.
[103] E. van Emden and L. Moonen. Java quality assurance by
detecting code smells. In Ninth Working Conference on Reverse
Engineering, 2002. Proceedings., pages 97–106, Nov 2002.
[104] E. Van Emden and L. Moonen. Java quality assurance by
detecting code smells. In Ninth Working Conference on Reverse
Engineering, 2002. Proceedings., pages 97–106. IEEE, 2002.
[105] B. Vasilescu, Y. Yu, H. Wang, P. Devanbu, and V. Filkov. Quality
and productivity outcomes relating to continuous integration in
github. In Proceedings of the 2015 10th Joint Meeting on Foundations
of Software Engineering, ESEC/FSE 2015, pages 805–816, New
York, NY, USA, 2015. ACM.
[106] N. Walkinshaw and L. Minku. Are 20% of files responsible for
80% of defects? In Proceedings of the 12th ACM/IEEE International
Symposium on Empirical Software Engineering and Measurement,
ESEM ’18, pages 2:1–2:10, New York, NY, USA, 2018. ACM.
[107] E. Weyuker, T. Ostrand, and R. Bell. Do too many cooks spoil
the broth? using the number of developers to enhance defect
prediction models. Empirical Software Engineering, 13:539–559, 10
2008.
[108] L. Williams and R. Kessler. Pair Programming Illuminated.
Addison-Wesley Longman Publishing Co., Inc., USA, 2002.
[109] A. Wood. Predicting software reliability. Computer, 29(11):69–77,
Nov 1996.
[110] T. A. Wright and R. Cropanzano. Psychological well-being and
job satisfaction as predictors of job performance. Journal of
Occupational Health Psychology, 5:84–94, 2000.
[111] S. Yamada and S. Osaki. Software reliability growth modeling:
Models and applications. IEEE Transactions on Software Engineer-
ing, SE-11(12):1431–1437, Dec 1985.
[112] A. Yamashita and L. Moonen. Do code smells reflect important
maintainability aspects? In 2012 28th IEEE international conference
on software maintenance (ICSM), pages 306–315. IEEE, 2012.
[113] T. Zimmermann, S. Diehl, and A. Zeller. How history justifies
system architecture (or not). In Sixth International Workshop on
Principles of Software Evolution, 2003. Proceedings., pages 73–83,
Sept 2003.

18