Write a Blog >>
Thu 28 May 2020 10:50 - 11:10 at TBD2 - Fuzzing 1

Defects in infrastructure as code (IaC) scripts can have serious consequences, for example, creating large-scale system outages. A taxonomy of IaC defects can be useful for understanding the nature of defects, and identifying activities needed to fix and prevent defects in IaC scripts. The goal of this paper is to help practitioners improve the quality of infrastructure as code (IaC) scripts by developing a defect taxonomy for IaC scripts through qualitative analysis. We develop a taxonomy of IaC defects by applying qualitative analysis on 1,448 defect-related commits collected from open source software (OSS) repositories of the Openstack organization. We conduct a survey with 66 practitioners to assess if they agree with the identified defect categories included in our taxonomy. We quantify the frequency of identified defect categories by analyzing 80,425 commits collected from 291 OSS repositories spanning across 2005 to 2019.

Our defect taxonomy for IaC consists of eight categories, including a category specific to IaC called idempotency (i.e., defects that lead to incorrect system provisioning when the same IaC script is executed multiple times). We observe the surveyed 66 practitioners to agree most with idempotency. The most frequent defect category is configuration data i.e., providing erroneous configuration data in IaC scripts. Our taxonomy and the quantified frequency of the defect categories can help practitioners to improve IaC script quality by prioritizing verification and validation efforts.

Thu 28 May

10:50 - 12:30: Paper Presentations - Fuzzing 1 at TBD2
icse-2020-papers10:50 - 11:10
Akond RahmanTennessee Tech University, Effat FarhanaNorth Carolina State University, Chris ParninNorth Carolina State University, Laurie WilliamsNorth Carolina State University
icse-2020-papers11:10 - 11:30
Cheng WenShenzhen University, Haijun WangAnt Financial Services Group, China; CSSE, Shenzhen University, China, Yuekang LiNanyang Technological University, Shengchao QinUniversity of Teesside, Yang LiuNanyang Technological University, Singapore, Zhiwu XuShenzhen University, Hongxu ChenResearch Associate, Xiaofei XieNanyang Technological University, Geguang PuEast China Normal University, Ting LiuXi'an Jiaotong University
DOI Pre-print
icse-2020-papers11:30 - 11:50
Tai D. NguyenSingapore Management University, Long H. PhamSingapore University of Technology and Design, Jun SunSingapore Management University, Singapore, Yun LinNational University of Singapore, Minh Quang TranHo Chi Minh City University of Technology
icse-2020-papers11:50 - 12:10
Valentin W├╝stholzConsenSys Diligence, Maria ChristakisMPI-SWS
icse-2020-papers12:10 - 12:30
Caius BrindescuOregon State University, Iftekhar AhmedUniversity of California at Irvine, USA, Rafael LeanoOregon State University, Anita SarmaOregon State University