Calling for research participants from Django, Laravel, Ruby on Rails, Next.js and Spring Boot communities

Hello friends!

My name is Anna Makarudze. I am a second-year Master’s student at Blekinge Institute of Technology in Karlskrona, Sweden, pursuing a Master’s in Software Engineering. I am currently working on my thesis entitled “Vulnerabilities in FOSS/OSS Dependencies: A Developer’s Perspective.” I am therefore looking for interview participants from Django, Laravel, Ruby on Rails, Next.js and Spring Boot ecosystems to help me, the FOSS/OSS community, industry, and the academic community understand how developers perceive vulnerabilities in FOSS/OSS dependencies and their potential to expose systems to supply-chain attacks.

About the research

Our research investigates how developers and maintainers perceive vulnerabilities in FOSS/OSS dependencies they include in their projects. Considering that software supply chain attacks have become more frequent in recent years, understanding how developers' awareness of the risks linked to having vulnerable dependencies in their dependency trees is vital for the open-source community and the global software development community that relies on FOSS/OSS, as well as for the users of software supported by FOSS/OSS. Your participation in this research will help us understand how developers manage dependencies in their projects.

This research does not aim to compare these five frameworks with each other or to identify any security vulnerabilities within them. It also does not aim to assess their security practices. Instead, it aims to understand the developers’ perspectives on supply chain attacks and dependency management.

About the interview participants

So, who is a potential candidate for the interviews? Anyone who has used one of these frameworks for at least a year qualifies. Anyone who is a contributor or maintainer of any of these frameworks also qualifies. Additionally, anyone who uses packages based on any of these frameworks qualifies. The reason for this is that developers include junior, mid-level, and senior developers, and to ensure diversity of perspectives among our participants, we welcome developers in all possible roles. We are aiming for a total of 25 participants, with 5 per framework.

Timeline?

We will be conducting interviews from 23rd March 2026 to 31st March 2026. If you do not have time to attend an interview, I can email you the questions, and you can complete them at your convenience.

Ethical considerations

This research complies with GDPR requirements. Participation is entirely voluntary, and you may withdraw from the interview at any time. We will not store any personal data or identifiable information. Your name, role, email address, and any other identifiable details will not be published or shared. Your responses will remain anonymous and will not be linked to the project(s) you represent. The interviews will be recorded and kept during the study period for the supervisor to verify the authenticity of the data, after which they will be deleted.

If you are interested in participating?

Please email me using via email or reach out via Linkedin.

Thanks in advance!