CSVD-TF: Cross-project software vulnerability detection with TrAdaBoost by fusing expert metrics and semantic metrics
Recently, deep learning-based software vulnerability detection (SVD) approaches have achieved promising performance. However, the scarcity of high-quality labeled SVD data influences the practicality of these approaches. Therefore, cross-project ...
Highlights
- Cross-project software vulnerability detection with TrAdaBoost.
- Fusing expert metrics and semantic metrics.
- Evaluation on four real-world projects.
A case study on the development of the German Corona-Warn-App
The COVID-19 pandemic has drastically changed daily life and required fast responses to new situations, such as restricted public life. A major means to limit infections have been contact-tracing apps that inform an individual about a potential ...
Highlights
- We report a case study on the development of the German COVID-19 contact-tracing app.
- We describe how the pandemic and public interest impacted the app’s development.
- We elicit insights on good practices the developers employed to ...
PASDA: A partition-based semantic differencing approach with best effort classification of undecided cases
Equivalence checking is used to verify whether two programs produce equivalent outputs when given equivalent inputs. Research in this field mainly focused on improving equivalence checking accuracy and runtime performance. However, for program ...
Highlights
- We present PASDA, a new partition-based semantic differencing approach.
- PASDA has higher equivalence checking accuracy than three existing approaches.
- In addition, PASDA provides best effort classifications for undecided cases.
Goal-conflict identification based on local search and fast boundary-condition verification based on incremental satisfiability filter
Identifying boundary conditions (BCs) is of fundamental importance for goal-conflict analysis. BCs are able to capture particular combinations of circumstances that make some special conflicts, namely goal divergences, in which the goals of the ...
Highlights
- We discover a phenomenon that some pairs of BCs are similar in structure.
- Motivated by the phenomenon, we design a local search to identify more general BCs.
- To speed up BC verification, we propose LISF to reduce the calls of SAT ...
A vulnerability severity prediction method based on bimodal data and multi-task learning
- A new vulnerability severity prediction method is proposed to improve the F1 score.
- The GraphCodeBert is used to provide comprehensive information for prediction.
- Multi-task learning is used to enhance the generalization ability of ...
Facing the increasing number of software vulnerabilities, the automatic analysis of vulnerabilities has become an important task in the field of software security. However, the existing severity prediction methods are mainly based on ...
Identifying concerns when specifying machine learning-enabled systems: A perspective-based approach
Engineering successful machine learning (ML)-enabled systems poses various challenges from both a theoretical and a practical side. Among those challenges are how to effectively address unrealistic expectations of ML capabilities from customers, ...
Graphical abstract
Display Omitted
Highlights
- The perspective-based approach called PerSpecML helps identify concerns involved in the development of ML-enabled systems.
- 60 concerns related to 28 tasks should be analyzed by business owners, domain experts, designers, software/ML ...
How to effectively mine app reviews concerning software ecosystem? A survey of review characteristics
App reviews in app stores offer valuable insights into many activities in the software ecosystem, e.g., software development, app marketing, security. As app reviews are known to be error-prone, commonly short, dynamic, and to hold domain-...
Highlights
- We present a SLR from the perspective of app review characteristics.
- Characteristics of app reviews are summarized by a key-point investigation.
- We propose future research directions based on our SLR.
An empirical investigation on the competences and roles of practitioners in Microservices-based Architectures
Microservices-based Architectures (MSAs) are gaining popularity since, among others, they enable rapid and independent delivery of software at scale, facilitating the delivery of business value. Additionally, there are attempts towards ...
Highlights
- Identified 3 collections and 11 clusters of competences of microservice practitioners.
- Microservices require Web-based software, DevOps, and Data engineers.
- Enriching microservices research by understanding profiles of 13,517 ...
Modeling microservice architectures
Modern microservice architectures demand new features from traditional architecture description languages, many of them related to the complexity of the modeled systems. This paper first identifies common concerns found in microservice ...
Highlights
- Abstract modeling language for microservice-based architectures.
- Concerns and requirements for modeling microservice-based architectures.
- Definition of an architectural style through a hierarchical type hypergraph.
- Deployment ...
A conceptual and architectural characterization of antifragile systems
Antifragility is one of the terms that have recently emerged with the aim of indicating a direction that should be pursued toward the objective of designing Information and Communications Technology systems that remain trustworthy despite their ...
Highlights
- We present a conceptual characterization of antifragility.
- We discuss the inclusion of antifragility in the well-known dependability taxonomy.
- We derive a possible path toward the engineering of antifragile systems.
The never-ending story–How companies transition to and sustain continuous software engineering practices
- Software organizations follow unique paths to Continuous Software Engineering (CSE).
- The CSE infrastructure is not stable but continuously evolves.
- Infrastructure and infrastructuring helps understand and address CSE dynamics.
- ...
– There is increasing interest in Continuous Software Engineering (CSE) among practitioners and researchers. CSE addresses the need to increase flexibility and short release cycles, especially when augmenting software as a ...
GraalSP: Polyglot, efficient, and robust machine learning-based static profiler
Compilers use profiles to apply profile-guided optimizations and produce efficient programs. Dynamic profilers collect high-quality profiles but require identifying suitable profile collection workloads, introduce additional complexity to the ...
Highlights
- Compilers require execution profiles to produce highly optimized programs.
- Dynamic profilers collect best-quality execution profiles at a high cost.
- We propose GraalSP, a lightweight and robust machine learning-based static ...
Research artifacts in software engineering publications: Status and trends
The Software Engineering (SE) community has been embracing the open science policy and encouraging researchers to disclose artifacts in their publications. However, the status and trends of artifact practice and quality remain unclear, lacking ...
Highlights
- An empirical study on artifacts for software engineering publications.
- Uncover the status of 1,487 artifacts across 2,196 top-tier SE publications.
- Provide practical suggestions to different stakeholders based on findings.
- Open-...
Local features: Enhancing variability modeling in software product lines
Software Product Lines (SPL) enable the creation of software product families with shared core components using feature models to model variability. Choosing features from a feature model to generate a product may not be ...
Highlights
- Application of both general and specific variability to a system.
- Defining local and global features in a software product line variability model.
- Formalization using multimodels and implementation using a DSL.
- Case study: Web-...
Data visualization guidance using a software product line approach
Data visualization aims to convey quantitative and qualitative information effectively by determining which techniques and visualizations are most appropriate for different situations and why. Various software solutions can produce numerous ...
Highlights
- A new approach to manage the variability in data visualization using a software product line.
- Encoding best design practices for graphs and tables in feature models.
- Step-wise configuration approach to customize the most ...
Investigating effectiveness and compliance to DevOps policies and practices for managing productivity and quality variability
- DevOps practices effective in managing maintenance risks for critical systems at JPL.
- Maintenance risk arises from uncontrolled variability in quality and productivity.
- Practical methods to ensure compliance with DevOps practices.
The Mission Design and Navigation Software (MDN) Group at the Jet Propulsion Laboratory (JPL) develops and continuously maintains software systems critical for NASA deep space missions. Due to limited resources and tight schedules, there is ...
ACCESS: Assurance Case Centric Engineering of Safety–critical Systems
- Ran Wei,
- Simon Foster,
- Haitao Mei,
- Fang Yan,
- Ruizhe Yang,
- Ibrahim Habli,
- Colin O’Halloran,
- Nick Tudor,
- Tim Kelly,
- Yakoub Nemouchi
Assurance cases are used to communicate and assess confidence in critical system properties such as safety and security. Historically, assurance cases have been manually created documents, which are evaluated by system stakeholders through ...
Highlights
- ACCESS -- a critical systems engineering methodology.
- Automated means to evaluate model-based assurance cases.
- Means to integrate diverse formal verification results into an assurance case.
- The application of all of above to an ...
A study on creating energy efficient cloud-connected user applications using the RMVRVM paradigm
Many applications that run on smartphones are heavy on User Interface (UI) and depend on back-end services deployed on the cloud to fetch the required data through REST-based API. Because of the large number of devices actively being used, their ...
Highlights
- Details on the architecture and properties of the novel RMVRVM paradigm.
- Propose a migration framework for MVVM apps to move to RMVRVM with minimal effort.
- Use the proposed migration framework to migrate an open-source MVVM ...
Collection skeletons: Declarative abstractions for data collections
Modern programming languages provide programmers with rich abstractions for data collections as part of their standard libraries, e.g., Containers in the C++ STL, the Java Collections Framework, or the Scala Collections API. Typically, these ...
Highlights
- A novel, declarative approach to data collections based on their properties.
- Reduces risk of over-specification and increases implementation flexibility.
- Introduces minimal overhead while maximising performance enhancement ...