I’m undertaking a research project titled “Software supply chain protection using statistical analysis of development behaviour” which seeks to investigate if it is possible to classify GitHub code commits in terms of normal development flow. Once classified, any commits that falls outside this normal flow may then be flagged as requiring additional security checks.
In line with institutional research ethical guidelines, I’m notifying all contributors to the plotly.js repository that if you have previously committed any code, this research will involves extracting that metadata and using it for the creation of a predictive statistical model. All data will be anonymised, security stored and cannot be connected back to your GitHub account. If however you are unsure or do not wish your commit details to be used in this research, please read the Participant Information letter. This document provides details on the simple opt-out process.
This research project is being undertaken as part of a PhD course at Edith Cowan University, Western Australia. Also as per section 7 of the GitHub Acceptable Use Policies, a summary of the research results will be available via open access via the repository 2021-03052-GREENE.
I thank you for your co-operating in this research project.