How to select third-party library: harnessing visual insights and systematic evaluation for informed decisions

Alexander Lysenko, Igor Kononenko

Abstract


The subject of this study is a selection approach for third-party libraries in IT projects based on the collection and analysis of expert evaluations and solving optimization problems. The aim of this study is to minimize the key challenges associated with migrating third-party libraries, including high labor intensity and significant risks that could adversely affect project success. This study sets out several objectives: 1) to create a metric specification to guide evaluation data collection through a survey, focusing on technical metrics. Also, it needs to include recommendations for surveys development; 2) formalize a two-step method that enriches the outcomes and allows for their combined use, where the first step employs radial diagrams to visualize and simplify alternative assessments, and the second step applies the TOPSIS method to address the multi-criteria decision-making problem of selecting a third-party library; 3) the practical application of the proposed approach through illustrative samples. Results. The proposed metrics specification considers the essential technical metrics and offers a unified evaluation solution. We do not limit our approach to technical metrics or numeric data. It is both possible and recommended to include human and economic metrics and to use alternatives to numeric data. The combination of multi-criteria analysis and visual methodologies simplifies the assessment and comparison of libraries, making this approach valuable for developers in practical scenarios. The conclusions of this study emphasize that its findings may lay the groundwork for developing comprehensive decision-support systems focused on third-party library selection, thereby minimizing associated risks. Future developments will include the incorporation of other metrics for library selection, as well as consideration of uncertainty and data subjectivity.

Keywords


specification; method; third-party libraries; multi-criteria decision-making; TOPSIS; decision-support systems; radial diagrams; surveys; information technology; libraries migration

Full Text:

PDF

References


He, H., He, R., Gu, H., & Zhou, M. A large-scale empirical study on Java library migrations: prevalence, trends, and rationales. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021), Athens, Greece, ACM, 2021, pp. 478–490. DOI: 10.1145/3468264.3468571.

Teyton, C., Falleri, J.-R., & Blanc, X. Mining library migration graphs. Proceedings of the 19th Working Conference on Reverse Engineering (WCRE 2012), Kingston, ON, Canada, IEEE, 2012, pp. 289–298. DOI: 10.1109/WCRE.2012.38.

Mojica, I. J., Adams, B., Nagappan, M., Dienst, S., Berger, T., & Hassan, A. E. A Large-Scale Empirical Study on Software Reuse in Mobile Apps. IEEE Software, 2014, vol. 31, iss. 2, pp. 78–86. DOI: 10.1109/MS.2013.143.

Li, M., Wang, W., Huo, W., Wang, P., Wang, S., Wu, D., Liu, J., Xue, R., & Huo, W. LibD: Scalable and Precise Third-Party Library Detection in Android Markets. Proceedings of the 39th International Conference on Software Engineering (ICSE 2017), Buenos Aires, Argentina, IEEE, 2017, pp. 335–346. DOI: 10.1109/ICSE.2017.38.

Nguyen, P. T., Di Rocco, J., Di Ruscio, D., & Di Penta, M. CrossRec: Supporting software developers by recommending third-party libraries. Journal of Systems and Software, 2019, vol. 161, article no. 110460. DOI: 10.1016/j.jss.2019.110460.

Alrubaye, H., Mkaouer, M. W., & Ouni, A. On the use of information retrieval to automate the detection of third-party Java library migration at the method level. Proceedings of the 27th IEEE/ACM International Conference on Program Comprehension (ICPC 2019), Montreal, QC, Canada, IEEE, 2019, pp. 347–357. DOI: 10.1109/ICPC.2019.00053.

Chen, C., Xing, Z., Liu, Y., & Ong, K. L. X. Mining likely analogical APIs across third-party libraries via large-scale unsupervised API semantics embedding. IEEE Transactions on Software Engineering, 2021, vol. 47, iss. 3, pp. 432–447. DOI: 10.1109/TSE.2019.2896123.

Larios Vargas, E., Aniche, M., Treude, C., Bruntink, M., & Gousios, G. Selecting third-party libraries: The practitioners' perspective. Proceedings of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020), Virtual Event, ACM, 2020, pp. 245–256. DOI: 10.1145/3368089. 3409711.

Pano, A., Graziotin, D., & Abrahamsson, P. Factors and actors leading to the adoption of a JavaScript framework. Empirical Software Engineering, 2018, vol. 23, iss. 8, pp. 3503–3539. DOI: 10.1007/s10664-018-9613-x.

Cox, R. Surviving software dependencies. Communications of the ACM, 2019, vol. 62, iss. 9, pp. 36–43. DOI: 10.1145/3347446.

He, H., Xu, Y., Ma, Y., Xu, Y., Liang, G., & Zhou, M. A multi-metric ranking approach for library migration recommendations. Proceedings of the 28th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2021), Honolulu, HI, USA, IEEE, 2021, pp. 72–83. DOI: 10.1109/SANER50967.2021.00016.

Zimmermann, M., Staicu, C.-A., Tenny, C., & Pradel, M. Small world with high risks: a study of security threats in the npm ecosystem. Proceedings of the 28th USENIX Security Symposium (USENIX Security 2019), Santa Clara, CA, USA, USENIX Association, 2019, pp. 995–1010. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/zimmermann. (accessed 10.11.2024).

Koren, Y. Factor in the neighbors: Scalable and accurate collaborative filtering. ACM Transactions on Knowledge Discovery from Data, 2010, vol. 4, iss. 1, article no. 1. DOI: 10.1145/1644873.1644874.

Zhao, X., Li, S., Yu, H., Wang, Y., & Qiu, W. Accurate library recommendation using combining collaborative filtering and topic model for mobile development. IEICE Transactions on Information and Systems, 2019, vol. E102.D, iss. 3, pp. 522–536. DOI: 10.1587/transinf.2018EDP7227.

Thung, F., Lo, D., & Jiang, L. Automated library recommendation. Proceedings of the 20th Working Conference on Reverse Engineering (WCRE 2013), Koblenz, Germany, IEEE, 2013, pp. 182–191. DOI: 10.1109/WCRE.2013.6671293.

Lysenko, O. O., & Kononenko, I. V. Spetsyfika ta skladnistʹ mihratsiyi storonnikh instrumentiv v IT proyektakh [Specifics and complexity of third-party tool migration in IT projects]. Visnyk Natsionalʹnoho tekhnichnoho universytetu «KHPI». Seriya: Stratehichne upravlinnya, upravlinnya portfelyamy, prohramamy ta proektamy – Bulletin of the National Technical University "KhPI". Series: Strategic management, portfolio, program and project management, 2024, no. 1(8), pp. 26–32. Kharkiv, Ukraine. DOI: 10.20998/2413-3000.2024.8.4. (In Ukrainian).

Gartner Peer Insights. Available at: https://www.gartner.com/peer-insights/home (accessed 22.10. 2024).

Abebe, M. T., & Megento, T. L. Urban green space development using GIS-based multi-criteria analysis in Addis Ababa metropolis. Applied Geomatics, 2017, vol. 9, iss. 4, pp. 247–261. DOI: 10.1007/s12518-017-0198-7.

Alshboul, O., Shehadeh, A., Almasabha, G., Mamlook, R. E. A., & Almuflih, A. S. Evaluating the impact of external support on green building construction cost: A hybrid mathematical and machine learning prediction approach. Buildings, 2022, vol. 12, iss. 8, article no. 1256. DOI: 10.3390/buildings12081256.

Collie, B., Ginsbach, P., Woodruff, J., Rajan, A., & O'Boyle, M. F. P. M3: Semantic API Migrations. Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE 2020), Melbourne, Australia, ACM, 2020, pp. 90–102. DOI: 10.1145/3324884.3416618.

Cao, Y., Kamaruzzaman, S. N., & Aziz, N. M. Green building construction: A systematic review of BIM utilization. Buildings, 2022, vol. 12, iss. 8, article no. 1205. DOI: 10.3390/buildings12081205.

Saaty, T. L. The Analytic Hierarchy Process: Planning, Priority Setting, Resource Allocation. New York, USA: McGraw-Hill, 1980. 287 p.

Bass, L., Clements, P., & Kazman, R. Software Architecture in Practice. 2nd ed., Addison-Wesley, 2003. 560 p.

Nielsen, J. Usability Engineering. San Francisco, USA: Morgan Kaufmann Publishers, 1994. 362 p.

Robillard, M. P., & DeLine, R. A field study of API learning obstacles. Empirical Software Engineering, 2011, vol. 16, iss. 6, pp. 703–732. DOI: 10.1007/s10664-010-9150-8.

Viega, J., & McGraw, G. Building Secure Software: How to Avoid Security Problems the Right Way. Boston, USA: Addison-Wesley Professional, 2001. 528 p.

Myers, G. J., Badgett, T., Thomas, T. M., & Sandler, C. The Art of Software Testing. 2nd ed., Hoboken, NJ, USA: John Wiley & Sons, 2004. 234 p.

Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition. Newtown Square, PA, USA: Project Management Institute, 2017. 756 p.

Alaoui, L. Y. Introduction to Multi-Criteria Decision Making: TOPSIS Method. Proceedings of the Islamic Financial Engineering Laboratory (IFE-Lab) Seminar, Mohammadia School of Engineering, Rabat, Morocco, July 2019. DOI: 10.13140/RG.2.2.36465.22882.




DOI: https://doi.org/10.32620/reks.2025.1.20

Refbacks

  • There are currently no refbacks.