Pith. sign in

REVIEW 4 major objections 8 minor 87 references

AI-generated contributions are DDoSing open source, and the cheapest defenses close the doors that keep projects alive.

Reviewed by Pith at T0; open to challenge. T0 means a machine referee read the full paper against a public rubric. the ladder, T0–T4 →

T0 review · grok-4.5

2026-07-11 22:22 UTC pith:RGVDEQWS

load-bearing objection Solid mixed-methods picture of post-2025 OSS contribution strain and defensive remediation; the AI-DDoS causal label is only partly identified and should stay tempered. the 4 major comments →

arxiv 2607.04003 v1 pith:RGVDEQWS submitted 2026-07-04 cs.SE

"AI Slop is DDoSing Open Source": Understanding the Impact of AI-Generated Contributions on Open Source Sustainability

classification cs.SE
keywords AI-DDoSopen source sustainabilityAI-generated contributionspull request qualityBayesian structural time seriesmaintainer burnoutorganizational resilienceremediation strategies
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved

The pith

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper names and measures AI-DDoS: a flood of plausible but low-quality AI-generated pull requests and issues that outruns what open-source maintainers can review. Practitioners across blogs, Reddit, and mentor lists describe the same pattern—volume up, quality down, one-shot "drive-by" contributors, and defensive closure of the very channels that used to recruit newcomers. The authors then test those signals at scale with causal time-series analysis on 294 active repositories and more than two million pull requests and issues, treating 2025 as the year AI-assisted contribution became routine. PR volume rose while merge rates and issue completion fell relative to the expected trajectory, with the sharpest hit among one-time contributors. Interviews and a survey of 229 practitioners surface eleven remediation strategies, most of which lean preservative and low-effort; the paper argues that these short-term defenses risk turning open projects into closed systems that slowly lose their contributor pipeline.

Core claim

AI-DDoS is not isolated maintainer complaints but an ecosystem-wide structural pressure: after 2025, contribution volume rose while acceptance and completion fell relative to Bayesian counterfactuals, especially for one-time contributors, and communities tend to respond with low-effort defensive gates that protect review capacity today at the cost of the open pathways that renew maintainer labor over time.

What carries the argument

AI-DDoS—the denial-of-service effect in which cheap, plausible AI-generated contributions overwhelm finite human review capacity—tested via Bayesian Structural Time Series counterfactuals on 294 repositories and organized under Organizational Resilience Theory into preservative, adaptive, and transformative remediation strategies.

Load-bearing premise

The claim rests on treating the calendar year 2025 as a clean intervention point for widespread AI-assisted contribution, so that deviations from a pre-2025 time-series forecast can be read as AI-DDoS even though individual AI use is not observed and issue-side placebo checks already show pre-2025 change.

What would settle it

If direct measurement of AI-assisted versus human-only pull requests and issues across the same 294 projects showed no systematic quality or merge-rate gap after 2025, or if a matched set of projects with little AI use showed the same volume-up/merge-down pattern, the causal attribution of AI-DDoS would fail.

Watch this falsifier — get emailed when new claim-graph text bears on it.

If this is right

  • Projects that rely only on cheap preservative gates (auto-reject red flags, tighter CI) will see short-term relief but a thinner newcomer-to-maintainer pipeline.
  • One-time and profile-building contributors will continue to produce the largest relative drop in merge rates, concentrating review waste on drive-by traffic.
  • Adaptive and transformative practices—intent disclosure, understanding checks, identity or endorsement signals—become necessary if openness is to survive the flood.
  • Platforms that reward visible contribution volume share responsibility for restoring trust and reputation infrastructure that single projects cannot build alone.
  • Issue-side AI pressure may still be maturing; later agentic bug-report tools could reverse the temporary decline in issue volume while further depressing completion rates.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the same volume-up/merge-down signature appears in smaller or private repositories, AI-DDoS is a general property of open contribution under cheap generation, not only of highly starred public projects.
  • Challenge–response style "proof of engagement" gates will work only as long as they stay cheaper for genuine newcomers than for agents; once agents learn the gates, the arms race moves to interaction history that is harder to fake.
  • Portable, privacy-preserving reputation across projects could reduce per-project verification cost, but designing it without recreating closed clubs is an open socio-technical problem the paper surfaces without solving.
  • Software-supply-chain risk rises if many foundational projects simultaneously close contribution channels and then fail to replace aging maintainers.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit.

Referee Report

4 major / 8 minor

Summary. The paper introduces AI-DDoS as a denial-of-service-like pressure on open-source communities from high volumes of plausible but low-quality GenAI contributions. Using a phenomenon-based mixed-methods design, Stage 1 triangulates gray literature (Reddit, practitioner blogs, OSS mentors mailing list) into six themes and hypotheses; Stage 2 tests those hypotheses with Bayesian Structural Time Series (BSTS) causal-impact analysis on 294 popular GitHub repositories (~2M PRs/issues), treating calendar-year 2025 as the intervention boundary. Results show post-2025 PR volume above the counterfactual (+6.80%) and merge rates below it, with the largest relative merge-rate drop among one-time contributors (−18.18%). For RQ2, interviews with 11 maintainers (ORT-framed) yield 11 remediation strategies, validated with a survey of 229 practitioners and grouped into preservative, adaptive, and transformative orientations. The authors conclude that AI-DDoS is not only a volume problem but a sustainability trap, because communities favor low-effort defensive strategies that protect short-term review capacity while narrowing openness.

Significance. If the core pattern holds, the paper makes a timely and practically important contribution to empirical software engineering and OSS sustainability research. Strengths include: (i) multi-source qualitative triangulation that generates pre-specified hypotheses rather than post-hoc storytelling; (ii) a large, carefully filtered repository sample with transparent BSTS reporting (absolute/relative effects, posterior probabilities, Cohen’s d, LOESS trends, and placebo checks); (iii) contributor-type decomposition that isolates a sharp one-time-contributor merge-rate decline; and (iv) a theory-informed remediation package (interviews, member checking, N=229 survey) that surfaces a concrete preservative/adaptive/transformative tension. Even under a more cautious causal reading, the descriptive volume/quality shift and the validated strategy map are useful for maintainers, foundations, and platforms. The work is well positioned for a serious SE venue if causal language is aligned with identification limits.

major comments (4)
  1. Section III-C and Table II: The central claim that post-2025 BSTS deviations constitute causal evidence of ecosystem-wide AI-DDoS rests on a calendar-year intervention proxy without direct AI-use labels, covariates, or a comparison group. Univariate BSTS projects 2023–2024 levels into 2025; deviations are then attributed to AI-assisted contribution. Concurrent 2025 platform growth, hiring-cycle contribution farming, tooling changes, or other workflow shifts could produce the same residual. The paper acknowledges this in Threats to Validity, but the abstract, introduction, and Stage 2 results still use causal-impact wording (e.g., “causal impact evidence,” “AI-DDoS is a structural, ecosystem-wide problem”). Please either (a) substantially temper attribution language to “consistent with / co-occurring with the 2025 AI-surge window,” or (b) add identification-strengthening analyses (e.g., s
  2. Section III-C (placebo tests) and Table II H1c/H1d/H2c/H3c: Placebo tests with January 2024 as a pseudo-intervention show no significant PR effects but significant issue-side placebo effects. Issue volume is significant in the opposite direction of H1c/H2c, and the paper interprets late-2025 issue rebounds as delayed agentic-tool impact. Given the failed placebos, issue-side claims should not be presented as parallel support for Phenomenon 1. Please restructure Stage 2 so PR results (especially H1a/H1b and H3a/H3b) are the primary quantitative evidence, demote or carefully qualify issue metrics, and avoid treating opposite-direction volume findings as secondary confirmation of AI-DDoS.
  3. Abstract, Section I, and Section VI: The “sustainability trap” / defensive-closure conclusion is load-bearing for the paper’s practical message, but it is inferred from (i) cross-sectional survey endorsement of low-effort preservative strategies and (ii) qualitative accounts of gating, not from longitudinal evidence that projects that adopt SP1/SP2 subsequently lose newcomer conversion or maintainer renewal. The inference is plausible and well motivated by ORT and prior OSS sustainability work, but it should be framed as a hypothesized mechanism with clear limits, not as demonstrated pipeline erosion. Please separate observed strategy preferences from unobserved long-run openness/attrition effects, and state what evidence would be needed to confirm the trap.
  4. Section III-C.1 sampling: The repository sample is restricted to goodfirstissue.dev projects with ≥5,000 stars, ≥100 contributions/year, continuous activity through 2025, and open issues/PRs. This is appropriate for measuring high-visibility contribution pressure, but the ecosystem-wide crisis claim then overgeneralizes from newcomer-oriented, high-star projects. Please bound external validity more tightly in the results and conclusion (not only Threats), and avoid language that equates this sample with the full OSS ecosystem without qualification.
minor comments (8)
  1. Figure 1 is referenced as an overview of contribution flow / steep rise and decline, but the manuscript text does not fully specify the data source, aggregation, or whether the figure is schematic vs. empirical. Clarify caption and construction.
  2. Table I theme dates (e.g., Blog May’25, Reddit Nov’23) are useful; a short note on how earliest vs. concentration dates were coded would help readers interpret the 2025 intervention choice.
  3. Table II: Define “merge.” and “compl.” abbreviations in the table notes; also state whether merge ratio is merges/created in the same week or eventual merge status of PRs created that week (right-censoring matters near end-2025).
  4. Section III-C.2: Volume-weighted cross-repository aggregation can let a few mega-repos dominate (e.g., elastic/kibana is used illustratively). Consider reporting unweighted or leave-one-out sensitivity in the appendix.
  5. Section IV survey: Report response rate if estimable (invites to 294-repo maintainers/contributors plus networks), and whether ratings differ by role (maintainer vs. contributor) or project size—especially for ST3/ST4.
  6. Terminology consistency: “AI-DDoS,” “AI slop,” “AI-assisted,” and “AI-generated” are used somewhat interchangeably; a brief operational distinction would reduce ambiguity.
  7. References and dates include 2026 access dates and events (e.g., cURL bounty ending January 2026). Ensure timeline consistency with the 2025 intervention narrative so readers are not confused about pre/post windows.
  8. Supplementary materials are cited for keyword lists, hypothesis–theme mapping, interview guide, and demographics; for review completeness, ensure these are stable and match in-text claims (e.g., saturation after eight interviews).

Circularity Check

0 steps flagged

No significant circularity: qualitative themes generate independently testable hypotheses; BSTS effects are counterfactual deviations, not quantities defined by the AI-DDoS label.

full rationale

The paper’s chain is sequential mixed methods, not a closed definitional loop. Stage 1 gray literature (Reddit, blogs, mentors list) yields six themes and directional hypotheses (PR volume up, merge ratio down, etc.). Stage 2 tests those hypotheses on a separate corpus—294 repositories, ~2M PRs/issues—via univariate BSTS counterfactuals learned on 2023–2024 and projected into 2025. The reported effects (e.g., +6.80% PR volume, −18.18% one-time merge rate) are residuals relative to that counterfactual; they are not parameters fitted to equal “AI-DDoS” by construction, and the model could have returned null or opposite signs. RQ2 interviews produce 11 strategies that are then rated on an independent survey (N=229). Self-citations (authors’ prior GenAI/OSS work) appear as background, not as load-bearing uniqueness theorems or smuggled ansatze that force the central claim. Naming the pattern “AI-DDoS” is phenomenon labeling, not renaming a known mathematical identity. Concerns about the 2025 calendar proxy, missing AI labels, and issue-side placebos are identification/validity issues, not circularity under the stated criteria. Score 0 with empty steps is therefore the honest finding.

Axiom & Free-Parameter Ledger

5 free parameters · 5 axioms · 1 invented entities

The central claim rests on methodological and domain premises rather than free physical constants: a calendar intervention year as proxy for AI adoption, sampling thresholds that define 'widely used' OSS, the suitability of univariate BSTS without a control group, and the transfer of organizational resilience theory to volunteer OSS communities. The named construct AI-DDoS is an interpretive entity built from practitioner language and then tested against repository metrics.

free parameters (5)
  • 2025 calendar-year intervention boundary
    Chosen as the post-period for all BSTS estimates based on qualitative convergence and industry reports, not estimated from contribution data; shifts this boundary would change absolute/relative effects.
  • Repository star threshold (≥5000)
    Hand-chosen popularity filter that defines the analysis population and excludes lower-traffic projects where dynamics may differ.
  • Activity filters (≥100 contributions/year; ≤6-month inactivity gap; created by 2023)
    Sampling cutoffs that determine which of the goodfirstissue.dev candidates enter the 294-repo set.
  • Weekly aggregation and volume-weighted cross-repo pooling
    Modeling choices that weight large repositories more heavily and set the temporal grain of all reported effects.
  • 95% posterior-probability support threshold and Cohen's d standardization
    Decision rules for declaring hypotheses supported; conventional but still analyst-chosen.
axioms (5)
  • domain assumption OSS long-term health depends on open pathways that convert newcomers into maintainers (onion model / sustainability literature).
    Used throughout Introduction and Concluding Remarks to interpret defensive closure as a sustainability trap rather than only a triage win.
  • domain assumption Univariate BSTS trained on 2023–2024 levels can project a credible no-AI-surge counterfactual for 2025 without covariates or a matched control group.
    Core identification strategy in Section III-C; deviations from this trajectory are interpreted as AI-DDoS-consistent effects.
  • domain assumption Organizational Resilience Theory (absorb / adapt / transform) is an appropriate lens for coding maintainer responses to contribution floods.
    Structures RQ2 interview protocol and the preservative/adaptive/transformative grouping in Table III.
  • domain assumption Gray-literature practitioner accounts (Reddit, blogs, mentors list) are valid early signals for phenomenon selection and hypothesis generation.
    Stage 1 method; standard in multivocal SE reviews but still an epistemic premise for what counts as AI-DDoS.
  • standard math Standard Bayesian structural time-series / CausalImpact machinery and reflexive thematic analysis procedures.
    Borrowed statistical and qualitative methods; not re-derived in the paper.
invented entities (1)
  • AI-DDoS independent evidence
    purpose: Name and conceptualize the denial-of-service-like overload of OSS review capacity by plausible low-quality AI-generated contributions, linking volume, quality, incentives, burnout, and defensive closure.
    Central construct introduced by the authors from practitioner language; operationalized via themes and repository metrics rather than a physical detector of AI authorship.

pith-pipeline@v1.1.0-grok45 · 25430 in / 3610 out tokens · 37692 ms · 2026-07-11T22:22:45.153089+00:00 · methodology

0 comments
read the original abstract

Open source software (OSS) communities are facing increasing pressure from Generative AI (GenAI) tools. We call it AI-DDoS: a denial-of-service effect in which plausible but low-quality AI-generated contributions overwhelm OSS community capacity. Using a phenomenon-based mixed-methods approach, we first analyze practitioner accounts from Reddit, OSS mentor mailing lists, and blogs to identify six recurring themes and derive hypotheses. We then evaluate these hypotheses using Bayesian Structural Time Series analysis across 294 repositories with over 2 million pull requests and issues. Our results show that while PR volume increased in 2025, merge rates declined, with one-time contributors experiencing an 18.18% drop in PR merge rates relative to the counterfactual. Finally, we identify 11 remediation strategies through practitioners' interviews and validate them with a survey of 229 OSS practitioners, grouping them into preservative, adaptive, and transformative orientations. Our findings show that AI-DDoS is not only a contribution-volume problem but a sustainability trap: communities often default to low-effort defensive strategies that protect short-term review capacity while making openness difficult to sustain.

Figures

Figures reproduced from arXiv: 2607.04003 by Anita Sarma, Courtney Miller, Edward Gilmour, Sadia Afroz, Tyler Menezes, Zixuan Feng.

Figure 1
Figure 1. Figure 1: Overview of contribution flow. which OSS sustains itself. Over a decade of OSS sustainability research establishes that a project’s health and survival depend on its maintainers, who provide the labor that keeps the project alive, and on its ability to recruit and retain new contributors who renew that labor over time [6], [7]. The problem is that the programs OSS projects are shuttering to cope with AI￾DD… view at source ↗
Figure 2
Figure 2. Figure 2: AI-DDoS through organizational resilience theory. [PITH_FULL_IMAGE:figures/full_fig_p010_2.png] view at source ↗

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

87 extracted references · 1 canonical work pages

  1. [1]

    The fast and spurious: Developer productivity with genai

    S. Afroz, Z. Feng, T. Menezes, K. Kimura, B. Trinkenreich, I. Stein- macher, and A. Sarma, “The fast and spurious: Developer productivity with genai.” FSE-HumanAISE, 2026, 2026

  2. [2]

    Welcome to the eternal september of open source. here’s what we plan to do for maintainers,

    A. Wolf, “Welcome to the eternal september of open source. here’s what we plan to do for maintainers,” The GitHub Blog, 2026, accessed: 2026-05-24. [Online]. Available: https://github.blog/open-source/mainta iners/welcome-to-the-eternal-september-of-open-source-heres-what-w e-plan-to-do-for-maintainers/

  3. [3]

    Ai usage policy,

    ghostty, “Ai usage policy,” GitHub repository, ghostty-org/ghostty, 2026, accessed: 2026-05-24. [Online]. Available: https://github.com/ghostty-org/ghostty/blob/main/AI POLIC Y .md

  4. [4]

    Curl creator mulls nixing bug bounty awards to stop ai slop,

    T. Claburn, “Curl creator mulls nixing bug bounty awards to stop ai slop,” The Register, 2025, accessed: 2026-06-16. [Online]. Available: https://www.theregister.com/software/2025/07/15/curl-creator-mulls-nix ing-bug-bounty-awards-to-stop-ai-slop/1275332

  5. [5]

    curl gets rid of its bug bounty program over ai slop overrun,

    S. Rudra, “curl gets rid of its bug bounty program over ai slop overrun,” 2026, accessed: 2026-06-28. [Online]. Available: https://itsfoss.com/news/curl-closes-bug-bounty-program/

  6. [6]

    Attracting and retaining oss contributors with a maintainer dashboard,

    M. Guizani, T. Zimmermann, A. Sarma, and D. Ford, “Attracting and retaining oss contributors with a maintainer dashboard,” inICSE-SEIS, 2022, pp. 36–40

  7. [7]

    Sustaining maintenance labor for healthy open source software projects through human infrastructure: A maintainer perspective,

    J. Lin ˚aker, G. Link, and K. Lumbard, “Sustaining maintenance labor for healthy open source software projects through human infrastructure: A maintainer perspective,” inESEM, 2024, pp. 37–48

  8. [8]

    Encouraging helpful contributions to your project with labels,

    GitHub Docs, “Encouraging helpful contributions to your project with labels,” https://docs.github.com/en/communities/setting-up-your-project -for-healthy-contributions/encouraging-helpful-contributions-to-your-p roject-with-labels, 2026, accessed: 2026-06-18

  9. [9]

    L. James, “Linus torvalds says flood of duplicate ai-generated vulnerability reports have made linux security mailing list ‘almost entirely unmanageable’ — private list ‘a waste of time for everybody involved’ in switch to new public system,” Tom’s Hardware, 2026, accessed: 2026-06-28. [Online]. Available: https://www.tomshardware.c om/software/linux/linu...

  10. [10]

    What ghostty banning ai code contributions teaches builders,

    P. Joshi, “What ghostty banning ai code contributions teaches builders,” Vibe Coder, accessed: 2026-06-16. [Online]. Available: https://blog.vibecoder.me/what-ghostty-banning-ai-code-teaches-us

  11. [11]

    Decom- posing and measuring trust in open-source software supply chains,

    L. Boughton, C. Miller, Y . Acar, D. Wermke, and C. K ¨astner, “Decom- posing and measuring trust in open-source software supply chains,” in ICSE-NIER, 2024, pp. 57–61

  12. [12]

    The ai slop problem threatening open source maintainers,

    A. Team, “The ai slop problem threatening open source maintainers,” All Things Open, 19 February 2026, accessed: 2026-06-28. [Online]. Available: https://allthingsopen.org/articles/ai-slop-problem-open-sourc e-maintainers

  13. [13]

    J. W. Creswell and V . L. P. Clark,Designing and conducting mixed methods research. Sage publications, 2017

  14. [14]

    A roadmap for navigating phenomenon-based research in management,

    F. Lumineau, D. T. Kong, and N. Dries, “A roadmap for navigating phenomenon-based research in management,” pp. 505–517, 2025

  15. [15]

    2025 developer survey,

    Stack Overflow, “2025 developer survey,” 2025, accessed: 2026-06-15. [Online]. Available: https://survey.stackoverflow.co/2025/ai

  16. [16]

    Octoverse: A new developer joins github every second as ai leads typescript to #1,

    GitHub Staff, “Octoverse: A new developer joins github every second as ai leads typescript to #1,” 2026, accessed: 2026-06-28. [Online]. Available: https://github.blog/news-insights/octoverse/octoverse-a-new -developer-joins-github-every-second-as-ai-leads-typescript-to-1/

  17. [17]

    Organizational resilience: Towards a theory and research agenda,

    T. J. V ogus and K. M. Sutcliffe, “Organizational resilience: Towards a theory and research agenda,” in2007 IEEE SMC. Ieee, 2007, pp. 3418–3422

  18. [18]

    Organizational resilience: a valuable con- struct for management research?

    J. Hillmann and E. Guenther, “Organizational resilience: a valuable con- struct for management research?”International journal of management reviews, vol. 23, no. 1, pp. 7–44, 2021

  19. [19]

    Why do people give up flossing? a study of contributor disengagement in open source,

    C. Miller, D. G. Widder, C. K ¨astner, and B. Vasilescu, “Why do people give up flossing? a study of contributor disengagement in open source,” inIFIP International Conference on Open Source Systems. Springer, 2019, pp. 116–129

  20. [20]

    Toward an understanding of the motivation of open source software developers,

    Y . Ye and K. Kishida, “Toward an understanding of the motivation of open source software developers,” inICSE. IEEE, 2003, pp. 419–429

  21. [21]

    The social structure of free and open source software development,

    K. Crowston and J. Howison, “The social structure of free and open source software development,” 2005

  22. [22]

    The onion patch: migration in open source ecosystems,

    C. Jergensen, A. Sarma, and P. Wagstrom, “The onion patch: migration in open source ecosystems,” inProceedings of the 19th ACM SIGSOFT symposium and the 13th ESEC/FSE, 2011, pp. 70–80

  23. [23]

    Overcom- ing social barriers when contributing to open source software projects,

    I. Steinmacher, M. Gerosa, T. U. Conte, and D. F. Redmiles, “Overcom- ing social barriers when contributing to open source software projects,” CSCW, vol. 28, no. 1, pp. 247–290, 2019

  24. [24]

    Guiding the way: A systematic literature review on mentoring practices in open source software projects,

    Z. Feng, K. Kimura, B. Trinkenreich, A. Sarma, and I. Steinmacher, “Guiding the way: A systematic literature review on mentoring practices in open source software projects,”Information and Software Technology, p. 107470, 2024

  25. [25]

    Inflow and retention in oss communities with commercial involvement: A case study of three hybrid projects,

    M. Zhou, A. Mockus, X. Ma, L. Zhang, and H. Mei, “Inflow and retention in oss communities with commercial involvement: A case study of three hybrid projects,”TOSEM, vol. 25, no. 2, pp. 1–29, 2016

  26. [26]

    The promises and perils of mining github,

    E. Kalliamvakou, G. Gousios, K. Blincoe, L. Singer, D. M. German, and D. Damian, “The promises and perils of mining github,” inProceedings of the 11th MSR, 2014, pp. 92–101

  27. [27]

    Almost there: A study on quasi-contributors in open source software projects,

    I. Steinmacher, G. Pinto, I. S. Wiese, and M. A. Gerosa, “Almost there: A study on quasi-contributors in open source software projects,” in Proceedings of the 40th ICSE, 2018, pp. 256–266

  28. [28]

    The 2024 tideliftstate of the open source maintainer report,

    Tidelift, “The 2024 tideliftstate of the open source maintainer report,” https://assets-eu-01.kc-usercontent.com/ef593040-b591-0198-9506-ed8 8b30bc023/d325a56f-05be-4379-bfd1-ee4776fcad41/2024-tidelift-state -of-the-open-source-maintainer-report-.pdf, september 2024, accessed: 2026-06-15

  29. [29]

    Good vibrations? a qualitative study of co-creation, communication, flow, and trust in vibe coding,

    V . Pimenova, S. Fakhoury, C. Bird, M.-A. Storey, and M. Endres, “Good vibrations? a qualitative study of co-creation, communication, flow, and trust in vibe coding,”arXiv preprint arXiv:2509.12491, 2025

  30. [30]

    Chatgpt: A meta-analysis after 2.5 months,

    C. Leiter, R. Zhang, Y . Chen, J. Belouadi, D. Larionov, V . Fresen, and S. Eger, “Chatgpt: A meta-analysis after 2.5 months,”Machine Learning with Applications, vol. 16, p. 100541, 2024

  31. [31]

    From gains to strains: Modeling de- veloper burnout with genai adoption,

    Z. Feng, S. Afroz, and A. Sarma, “From gains to strains: Modeling de- veloper burnout with genai adoption,”arXiv preprint arXiv:2510.07435, 2025

  32. [32]

    Generative ai at work,

    E. Brynjolfsson, D. Li, and L. Raymond, “Generative ai at work,”The Quarterly Journal of Economics, vol. 140, no. 2, pp. 889–942, 2025

  33. [33]

    Navigating the jagged technological frontier: Field experimental evidence of the effects of AI on knowledge worker productivity and quality,

    F. Dell’Acqua, E. McFowland III, E. R. Mollick, H. Lifshitz- Assaf, K. Kellogg, S. Rajendran, L. Krayer, F. Candelon, and K. R. Lakhani, “Navigating the jagged technological frontier: Field experimental evidence of the effects of AI on knowledge worker productivity and quality,” Harvard Business School, Technology & Operations Mgt. Unit Working Paper 24-0...

  34. [34]

    The impact of ai on developer productivity: Evidence from github copilot,

    S. Peng, E. Kalliamvakou, P. Cihon, and M. Demirer, “The impact of ai on developer productivity: Evidence from github copilot,” 2023

  35. [35]

    Ai copilot code quality: 2025 look back at 12 months of data,

    GitClear, “Ai copilot code quality: 2025 look back at 12 months of data,” 2025, accessed: 2026-05-24. [Online]. Available: https: //www.gitclear.com/ai assistant code quality 2025 research

  36. [36]

    Speed at the cost of quality: How cursor ai increases short-term velocity and long-term complexity in open-source projects,

    H. He, C. Miller, S. Agarwal, C. K ¨astner, and B. Vasilescu, “Speed at the cost of quality: How cursor ai increases short-term velocity and long-term complexity in open-source projects,”arXiv preprint arXiv:2511.04427, 2025

  37. [37]

    Our new report: Ai code creates 1.7x more problems,

    D. Loker, “Our new report: Ai code creates 1.7x more problems,” CodeRabbit Blog, 2025, accessed: 2026-05-24. [Online]. Available: https://www.coderabbit.ai/blog/state-of-ai-vs-human-code-generation-r eport

  38. [38]

    curl’s daniel stenberg: Ai slop is ddosing open source,

    S. J. Vaughan-Nichols, “curl’s daniel stenberg: Ai slop is ddosing open source,” 2026, accessed: 2026-05-28. [Online]. Available: https://thenewstack.io/curls-daniel-stenberg-ai-is-ddosing-open-sourc e-and-fixing-its-bugs/

  39. [39]

    Guidelines for including grey literature and conducting multivocal literature reviews in software engineering,

    V . Garousi, M. Felderer, and M. V . M ¨antyl¨a, “Guidelines for including grey literature and conducting multivocal literature reviews in software engineering,”IST, vol. 106, pp. 101–121, 2019

  40. [40]

    Systematic literature reviews in software engineering–a systematic literature review,

    B. Kitchenham, O. P. Brereton, D. Budgen, M. Turner, J. Bailey, and S. Linkman, “Systematic literature reviews in software engineering–a systematic literature review,”IST, vol. 51, no. 1, pp. 7–15, 2009

  41. [41]

    Addressing oss community managers’ challenges in contributor retention,

    Z. Feng, K. Kimura, B. Trinkenreich, I. Steinmacher, M. Gerosa, and A. Sarma, “Addressing oss community managers’ challenges in contributor retention,”ACM TOSEM, 2025

  42. [42]

    Open source initiative blog,

    Open Source Initiative, “Open source initiative blog,” 2026, accessed: 2026-04-18. [Online]. Available: https://opensource.org/blog

  43. [43]

    Google open source blog,

    Google Open Source, “Google open source blog,” 2026, accessed: 2026-04-18. [Online]. Available: https://opensource.googleblog.com

  44. [44]

    Linux.com,

    Linux.com, “Linux.com,” 2026, accessed: 2026-04-18. [Online]. Available: https://www.linux.com

  45. [45]

    Ai slopageddon and the oss maintainers,

    K. Holterhoff, “Ai slopageddon and the oss maintainers,” RedMonk Blog, 2026, accessed: 2026-05-11. [Online]. Available: https://redmon k.com/kholterhoff/2026/02/03/ai-slopageddon-and-the-oss-maintainers/

  46. [46]

    Open source maintainers are drowning in ai-generated pull requests. enterprise teams are next

    A. Iyer, “Open source maintainers are drowning in ai-generated pull requests. enterprise teams are next.” The New Stack, accessed: 2026-06-

  47. [47]

    Available: https://thenewstack.io/ai-generated-code-crisis/

    [Online]. Available: https://thenewstack.io/ai-generated-code-crisis/

  48. [48]

    “we are being ddosed

    Anonym, ““we are being ddosed”: How ai-generated contributions threaten open source sustainability — appendix,” 2026. [Online]. Available: https://doi.org/10.5281/zenodo.21077989

  49. [49]

    Communities of practice and social learning systems,

    E. Wenger, “Communities of practice and social learning systems,” Organization, vol. 7, no. 2, pp. 225–246, 2000

  50. [50]

    Signaling the intent to change online communities: A case from a reddit gaming community,

    K. Bergstrom and N. Poor, “Signaling the intent to change online communities: A case from a reddit gaming community,”Social Media+ Society, vol. 8, no. 2, p. 20563051221096817, 2022

  51. [51]

    “get me in the groove

    K. Newman, S. Snay, M. Endres, M. Parikh, and A. Begel, ““get me in the groove”: A mixed methods study on supporting adhd professional programmers,” inICSE. IEEE, 2025, pp. 1217–1229

  52. [52]

    Why do newcomers abandon open source software projects?

    I. Steinmacher, I. Wiese, A. P. Chaves, and M. A. Gerosa, “Why do newcomers abandon open source software projects?” inCHASE. IEEE, 2013, pp. 25–32

  53. [53]

    Using thematic analysis in psychology,

    V . Braun and V . Clarke, “Using thematic analysis in psychology,” Qualitative research in psychology, vol. 3, no. 2, pp. 77–101, 2006

  54. [54]

    Denial-of-service attacks rip the internet,

    L. Garber, “Denial-of-service attacks rip the internet,”computer, vol. 33, no. 4, pp. 12–17, 2000

  55. [55]

    Curl is done with ai slop,

    S. Rudra, “Curl is done with ai slop,” It’s FOSS, 2025, accessed: 2026-06-28. [Online]. Available: https://itsfoss.com/news/curl-ai-slop/

  56. [56]

    No ai slops! gnome now forbids vibe coded extensions,

    ——, “No ai slops! gnome now forbids vibe coded extensions,” It’s FOSS, 2025. [Online]. Available: https://itsfoss.com/news/no-ai-extensi on-gnome/

  57. [57]

    Mitchell hashimoto launches ’vouch’ to fight ai slop in open source ecosystem,

    ——, “Mitchell hashimoto launches ’vouch’ to fight ai slop in open source ecosystem,” It’s FOSS, 2026, accessed: 2026-04-30. [Online]. Available: https://itsfoss.com/news/mitchell-hashimoto-vouch/

  58. [58]

    A case study of implicit mentoring, its prevalence, and impact in apache,

    Z. Feng, A. Chatterjee, A. Sarma, and I. Ahmed, “A case study of implicit mentoring, its prevalence, and impact in apache,” inFSE. New York, NY , USA: ACM, 2022, pp. 797–809

  59. [59]

    Causalimpact,

    A. H. Kay H. Brodersen, “Causalimpact,” https://google.github.io/Cau salImpact/CausalImpact.html, 2017, accessed: 2026-04-20

  60. [60]

    Funless: Functions-as-a-service for private edge cloud systems,

    G. De Palma, S. Giallorenzo, J. Mauro, M. Trentin, and G. Zavattaro, “Funless: Functions-as-a-service for private edge cloud systems,” in 2024 IEEE ICWS. IEEE, 2024, pp. 961–967

  61. [61]

    2023 developer survey,

    Stack Overflow, “2023 developer survey,” 2023, accessed: 2026-06-15. [Online]. Available: https://survey.stackoverflow.co/2023/#ai

  62. [62]

    2024 developer survey,

    ——, “2024 developer survey,” 2024, accessed: 2026-06-15. [Online]. Available: https://survey.stackoverflow.co/2024/#ai

  63. [63]

    Measuring ses-related traits relating to technology usage: Two validated surveys,

    C. Chikezie, P. Chanpaisaeng, P. Agarwal, S. Afroz, B. Madhwani, R. Choudhuri, A. Anderson, P. Velhal, P. Morreale, C. Bogartet al., “Measuring ses-related traits relating to technology usage: Two validated surveys,”Empirical Software Engineering, vol. 30, no. 6, p. 159, 2025

  64. [64]

    Inferring causal impact using bayesian structural time-series models,

    K. H. Brodersen, F. Gallusser, J. Koehler, N. Remy, and S. L. Scott, “Inferring causal impact using bayesian structural time-series models,” 2015

  65. [65]

    Forecasting the trends of covid-19 and causal impact of vaccines using bayesian structural time series and arima,

    M. N. Thorakkattle, S. Farhin, and A. A. khan, “Forecasting the trends of covid-19 and causal impact of vaccines using bayesian structural time series and arima,”Annals of Data Science, vol. 9, no. 5, p. 1025, 2022

  66. [66]

    Segmented regression analysis of interrupted time series studies in medication use research,

    A. K. Wagner, S. B. Soumerai, F. Zhang, and D. Ross-Degnan, “Segmented regression analysis of interrupted time series studies in medication use research,”Journal of clinical pharmacy and therapeutics, vol. 27, no. 4, pp. 299–309, 2002

  67. [67]

    Interrupted time series regression for the evaluation of public health interventions: a tutorial,

    J. L. Bernal, S. Cummins, and A. Gasparrini, “Interrupted time series regression for the evaluation of public health interventions: a tutorial,” International journal of epidemiology, vol. 46, no. 1, pp. 348–355, 2017

  68. [68]

    The effects of paid family leave on food insecu- rity—evidence from california,

    O. Lenhart, “The effects of paid family leave on food insecu- rity—evidence from california,”Review of Economics of the Household, vol. 19, no. 3, pp. 615–639, 2021

  69. [69]

    Cohen,Statistical Power Analysis for the Behavioral Sciences

    J. Cohen,Statistical Power Analysis for the Behavioral Sciences. New York, NY , USA: Routledge, 2013

  70. [70]

    What challenges do developers face about checked-in secrets in software artifacts?

    S. K. Basak, L. Neil, B. Reaves, and L. Williams, “What challenges do developers face about checked-in secrets in software artifacts?” in2023 IEEE/ACM 45th ICSE. IEEE, 2023, pp. 1635–1647

  71. [71]

    Github’s new ai coding agent can fix bugs for you,

    E. Roth, “Github’s new ai coding agent can fix bugs for you,” https: //www.theverge.com/news/669339/github-ai-coding-agent-fix-bugs, May 2025, the Verge. Accessed: 2026-06-28

  72. [72]

    Absorptive capacity, organizational creativity, organizational agility, organizational resilience and compet- itive advantage in disruptive environments,

    S. Musa and D. T. Enggarsyah, “Absorptive capacity, organizational creativity, organizational agility, organizational resilience and compet- itive advantage in disruptive environments,”Journal of Strategy and Management, vol. 18, no. 2, pp. 303–325, 2025

  73. [73]

    Snowball sampling,

    L. A. Goodman, “Snowball sampling,”The annals of mathematical statistics, pp. 148–170, 1961

  74. [74]

    What is an adequate sample size? operationalising data saturation for theory-based interview studies,

    J. J. Francis, M. Johnston, C. Robertson, L. Glidewell, V . Entwistle, M. P. Eccles, and J. M. Grimshaw, “What is an adequate sample size? operationalising data saturation for theory-based interview studies,” Psychology and health, vol. 25, no. 10, pp. 1229–1245, 2010

  75. [75]

    Developing a capacity for organizational resilience through strategic human resource management,

    C. A. Lengnick-Hall, T. E. Beck, and M. L. Lengnick-Hall, “Developing a capacity for organizational resilience through strategic human resource management,”Human resource management review, vol. 21, no. 3, pp. 243–255, 2011

  76. [76]

    Corbin and A

    J. Corbin and A. Strauss,Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications, 2014

  77. [77]

    When domains collide: An activity theory exploration of cross-disciplinary collaboration,

    Z. Feng, T. Zimmermann, L. Pisani, C. Gooley, J. Wander, and A. Sarma, “When domains collide: An activity theory exploration of cross-disciplinary collaboration,” inESEM. IEEE, 2025, pp. 301–312

  78. [78]

    Who are the people reluctant to participate in research? personality correlates of four different types of nonresponse as inferred from self-and observer ratings,

    B. Marcus and A. Sch ¨utz, “Who are the people reluctant to participate in research? personality correlates of four different types of nonresponse as inferred from self-and observer ratings,”Journal of personality, vol. 73, no. 4, pp. 959–984, 2005

  79. [79]

    Profiling active and passive nonrespondents to an organizational survey

    S. G. Rogelberg, J. M. Conway, M. E. Sederburg, C. Spitzm ¨uller, S. Aziz, and W. E. Knight, “Profiling active and passive nonrespondents to an organizational survey.”Journal of Applied Psychology, vol. 88, no. 6, p. 1104, 2003

  80. [80]

    Validity and qualitative research: An oxymoron?

    A. J. Onwuegbuzie and N. L. Leech, “Validity and qualitative research: An oxymoron?”Quality & quantity, vol. 41, no. 2, pp. 233–249, 2007

Showing first 80 references.