Automated Code Review Assignments: An Alternative Perspective of Code Ownership on GitHub

Code ownership is central to ensuring accountability and maintaining quality in large-scale software development. Yet, as external threats such as software supply chain attacks on project health and quality assurance increase, mechanisms for assigning and enforcing responsibility have become increasingly critical. In 2017, GitHub introduced the CODEOWNERS feature, which automatically designates reviewers for specific files to strengthen accountability and protect critical parts of the codebase. Despite its potential, little is known about how CODEOWNERS is actually adopted and practiced. We present the first large-scale empirical study of CODEOWNERS usage across over 844,000 pull requests with 1.9 million comments and over 2 million reviews. We identify 10,287 code owners to track their review activities. Results indicate that codeowners tend to adhere the rules specified in the CODEOWNERS file, exhibit similar collaborative behaviours to traditional metrics of ownership, but tend to contribute to a smoother and faster PR workflow over time. Finally, using regression discontinuity design (RDD) analysis, we find that repositories adopting CODEOWNERS experience shifts in review dynamics, as ownership redistributes review responsibilities away from core developers. Our results position CODEOWNERS as a promising yet underutilized mechanism for improving software governance and resilience. We discuss how projects can leverage this alternative ownership method as a perspective to enhance security, accountability, and workflow efficiency in open-source development.