SP-EF Data Collection Tools

To date, we have identified three approaches to data collection; direct observation by the team or a researcher working with the team, surveys of team members, and mining of project artifacts (e.g. version control systems, bug trackers, email archives, vulnerability databases).

Observation

Survey

We’ve developed a Survey Questionnaire to enable team members to report their security practice use.

Text Mining

SPEFTools.rb is a set of Ruby scripts and R code for collecting SP-EF data from github repos and reporting on context factors, practice adherence, and outcome measures. The repo includes an example sessioni, illustrating how to collect data from phpMyAdmin and create reports from the data.

SPEFTools is an R package providing functions for translating from software development project data resouces to the context factors, practice adherence measures, and outcome measures of SP-EF.