发布求助
文献互助 智能选刊 最新文献

2009 3rd International Symposium on Empirical Software Engineering and Measurement最新文献

筛选
英文 中文
Improving CVSS-based vulnerability prioritization and response with context information 使用上下文信息改进基于cvss的漏洞优先级和响应
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5314230
C. Frühwirth, T. Männistö
{"title":"Improving CVSS-based vulnerability prioritization and response with context information","authors":"C. Frühwirth, T. Männistö","doi":"10.1109/ESEM.2009.5314230","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5314230","url":null,"abstract":"The growing number of software security vulnerabilities is an ever-increasing challenge for organizations. As security managers in the industry have to operate within limited budgets they also have to prioritize their vulnerability responses. The Common Vulnerability Scoring System (CVSS) aids in such prioritization by providing a metric for the severity of vulnerabilities. In its most prominent application, as the severity metric in the U.S. National Vulnerability Database (NVD), CVSS scores omit information pertaining the potential exploit victims' context. Researchers and managers in the industry have long understood that the severity of vulnerabilities varies greatly among different organizational contexts. Therefore the CVSS scores provided by the NVD alone are of limited use for vulnerability prioritization in practice. Security managers could address this limitation by adding the missing context information themselves to improve the quality of their CVSS-based vulnerability prioritization. It is unclear for them, however, whether the potential improvements are worth the additional effort. We present a method that enables practitioners to estimate these improvements. Our method is of particular use to practitioners who do not have the resources to gather large amounts of empirical data, because it allows them to simulate the improvement potential using only publicly available data in the NVD and distribution models from the literature. We applied the method on a sample set of 720 vulnerability announcements from the NVD and found that adding context information significantly improved the prioritization and selection of vulnerability response process. Our findings contribute to the discourse on returns on security investment, measurement of security processes and quantitative security management.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115154413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 89
Does aspect-oriented programming increase the development speed for crosscutting code? An empirical study 面向方面的编程是否提高了横切代码的开发速度?实证研究
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5316028
Stefan Hanenberg, Sebastian Kleinschmager, Manuel Josupeit-Walter
{"title":"Does aspect-oriented programming increase the development speed for crosscutting code? An empirical study","authors":"Stefan Hanenberg, Sebastian Kleinschmager, Manuel Josupeit-Walter","doi":"10.1109/ESEM.2009.5316028","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5316028","url":null,"abstract":"Aspect-oriented software development is an approach which addresses the construction of software artifacts that traditional software engineering constructs fail to modularize: the so-called crosscutting concerns. However, although aspect-orientation claims to permit a better modularization of crosscutting concerns, it is still not clear whether the development time for such crosscutting concerns is increased or decreased by the application of aspect-oriented techniques. This paper addresses this issue by an experiment which compares the development times of crosscutting concerns using traditional composition techniques and aspect-oriented composition techniques using the object-oriented programming language Java and the aspect-oriented programming language AspectJ. In that way, the experiment reveals opportunities and risks caused by aspect-oriented programming techniques in comparison to object-oriented ones.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126973758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 49
What do we know about perspective-based reading? An approach for quantitative aggregation in software engineering 我们对基于视角的阅读了解多少?软件工程中的一种定量聚合方法
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5316026
M. Ciolkowski
{"title":"What do we know about perspective-based reading? An approach for quantitative aggregation in software engineering","authors":"M. Ciolkowski","doi":"10.1109/ESEM.2009.5316026","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5316026","url":null,"abstract":"One of the main challenges in empirical software engineering today lies in the aggregation of evidence. Existing summaries often use qualitative narrative approaches or ad-hoc quantitative methods, such as box plots. With these, information important for decision makers, such as existence and magnitude of a technology's effect, is hard to obtain objectively. Meta-analysis addresses this issue by providing objective quantitative information about a set of studies; however, its usefulness for software engineering studies suffers from high heterogeneity of the studies and missing information. In this paper, we describe an approach for quantitative aggregation of controlled experiments that reduces these two problems. We demonstrate the approach by aggregating available experiments to investigate whether Perspective-Based reading (PBR) improves team effectiveness compared to alternative reading approaches. We then compare the results of our aggregation to previous summaries addressing PBR's team effectiveness. Although the findings are similar, our approach is able to provide the required quantitative information objectively. Our aggregation showed that there is no clear positive effect of PBR: Inspection teams using PBR on requirements documents are more effective when compared to ad-hoc approaches, but are less effective when compared to checklists. In addition, we found strong indicators of researcher bias.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122557547","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Using concept mapping for maintainability assessments 使用概念映射进行可维护性评估
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5314234
A. Yamashita, Hans Christian Benestad, Bente Anda, Per Einar Arnstad, Dag I.K. Sjøberg, L. Moonen
{"title":"Using concept mapping for maintainability assessments","authors":"A. Yamashita, Hans Christian Benestad, Bente Anda, Per Einar Arnstad, Dag I.K. Sjøberg, L. Moonen","doi":"10.1109/ESEM.2009.5314234","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5314234","url":null,"abstract":"Many important phenomena within software engineering are difficult to define and measure. One example is software maintainability, which has been the subject of considerable research and is believed to be a critical determinant of total software costs. We propose using concept mapping, a well-grounded method used in social research, to operationalize the concept of software maintainability according to a given goal and perspective in a concrete setting. We apply this method to describe four systems that were developed as part of an industrial multiple-case study. The outcome is a conceptual map that displays an arrangement of maintainability constructs, their interrelations, and corresponding measures. Our experience is that concept mapping (1) provides a structured way of combining static code analysis and expert judgment; (2) helps in the tailoring of the choice of measures to a particular system context; and (3) supports the mapping between software measures and aspects of software maintainability. As such, it constitutes a useful addition to existing frameworks for evaluating quality, such as ISO/IEC 9126 and GQM, and tools for static measurement of software code. Overall, concept mapping provides a systematic, structured, and repeatable method for developing constructs and measures, not only of maintainability, but also of software engineering phenomena in general.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128412348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Impact of the visitor pattern on program comprehension and maintenance 访问者模式对程序理解和维护的影响
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5316015
Sebastien Jeanmart, Yann-Gaël Guéhéneuc, H. Sahraoui, N. Habra
{"title":"Impact of the visitor pattern on program comprehension and maintenance","authors":"Sebastien Jeanmart, Yann-Gaël Guéhéneuc, H. Sahraoui, N. Habra","doi":"10.1109/ESEM.2009.5316015","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5316015","url":null,"abstract":"In the software engineering literature, many works claim that the use of design patterns improves the comprehensibility of programs and, more generally, their maintainability. Yet, little work attempted to study the impact of design patterns on the developers' tasks of program comprehension and modification. We design and perform an experiment to collect data on the impact of the Visitor pattern on comprehension and modification tasks with class diagrams. We use an eye-tracker to register saccades and fixations, the latter representing the focus of the developers' attention. Collected data show that the Visitor pattern plays a role in maintenance tasks: class diagrams with its canonical representation requires less efforts from developers.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116326585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 66
The curse of copy&paste — Cloning in requirements specifications 复制和粘贴的诅咒——需求规范中的克隆
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5315992
Christoph Domann, Elmar Jürgens, Jonathan Streit
{"title":"The curse of copy&paste — Cloning in requirements specifications","authors":"Christoph Domann, Elmar Jürgens, Jonathan Streit","doi":"10.1109/ESEM.2009.5315992","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5315992","url":null,"abstract":"Cloning in source code is a well known quality defect that negatively affects software maintenance. In contrast, little is known about cloning in requirements specifications. We present a study on cloning in 11 real-world requirements specifications comprising 2,500 pages. For specification clone detection, an existing code clone detection tool is adapted and its precision analyzed. The study shows that a considerable amount of cloning exists, although the large variation between specifications suggests that some authors manage to avoid cloning. Examples of frequent types of clones are given and the negative consequences of cloning, particulary the obliteration of commonalities and variations, are discussed.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"109 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131934935","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
A systematic mapping study on empirical evaluation of software requirements specifications techniques 软件需求规格说明技术经验评价的系统映射研究
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5314232
Nelly Condori-Fernández, M. Daneva, K. Sikkel, R. Wieringa, Óscar Dieste Tubío, Ó. Pastor
{"title":"A systematic mapping study on empirical evaluation of software requirements specifications techniques","authors":"Nelly Condori-Fernández, M. Daneva, K. Sikkel, R. Wieringa, Óscar Dieste Tubío, Ó. Pastor","doi":"10.1109/ESEM.2009.5314232","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5314232","url":null,"abstract":"This paper describes an empirical mapping study, which was designed to identify what aspects of Software Requirement Specifications (SRS) are empirically evaluated, in which context, and by using which research method. On the basis of 46 identified and categorized primary studies, we found that understandability is the most commonly evaluated aspect of SRS, experiments are the most commonly used research method, and the academic environment is where most empirical evaluation takes place.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132726212","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 103
Effect of staffing pattern on software project: An empirical analysis 人员配置模式对软件项目影响的实证分析
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5316046
Fei Dong, Mingshu Li, Juan Li, Ye Yang, Qing Wang
{"title":"Effect of staffing pattern on software project: An empirical analysis","authors":"Fei Dong, Mingshu Li, Juan Li, Ye Yang, Qing Wang","doi":"10.1109/ESEM.2009.5316046","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5316046","url":null,"abstract":"Resource allocation in software development is important and many methods have been proposed. Related empirical research is yet scarce and evidence is required to validate the theoretical methods. This paper introduces the staffing pattern as a metric of resource distribution among project phases, and verifies its effect on software quality and productivity using real project data. The main findings are: (1) there exist different staffing patterns in reality; (2) the staffing pattern has significant effect on software quality (post-release defect density); (3) the staffing pattern has no significant effect on productivity; (4) the effort invested on test, document or code inspection possibly explains the effect of staffing pattern on software quality; (5) the effort consumed by rework perhaps counteracts the effect of other potential factors on productivity. Preliminary heuristics are suggested to resource allocation practices.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127818814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Exploring language in software process elicitation: A grounded theory approach 探索软件过程启发中的语言:一种扎根的理论方法
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5315984
Carlton A. Crabtree, C. Seaman, A. F. Norcio
{"title":"Exploring language in software process elicitation: A grounded theory approach","authors":"Carlton A. Crabtree, C. Seaman, A. F. Norcio","doi":"10.1109/ESEM.2009.5315984","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5315984","url":null,"abstract":"This paper presents the results of exploratory research that investigated how people describe software processes in natural language. We conducted a small field study with four participants working at an IT Help Desk. We elicited and documented a trouble ticketing process using a template under conditions similar to that of many process improvement initiatives. This study included two treatments. In the first treatment, the process engineer elicited information and documented the process. In the second treatment, the participants used the template to document the process on their own. The resulting data, including the process representations, observation field notes, and interview transcripts, were analyzed using a grounded theory approach. The results suggest that there are distinct ways in which process users describe process. We construct a theory that posits that descriptions of process are dependent upon perspectives shaped by the elicitation and process context. Future research will focus on the evaluation of this theory relative to other elicitation approaches and contexts.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127373652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
The evolution and impact of code smells: A case study of two open source systems 代码气味的演变和影响:两个开源系统的案例研究
2009 3rd International Symposium on Empirical Software Engineering and Measurement Pub Date : 2009-10-15 DOI: 10.1109/ESEM.2009.5314231
Steffen M. Olbrich, D. Cruzes, V. Basili, N. Zazworka
{"title":"The evolution and impact of code smells: A case study of two open source systems","authors":"Steffen M. Olbrich, D. Cruzes, V. Basili, N. Zazworka","doi":"10.1109/ESEM.2009.5314231","DOIUrl":"https://doi.org/10.1109/ESEM.2009.5314231","url":null,"abstract":"Code smells are design flaws in object-oriented designs that may lead to maintainability issues in the further evolution of the software system. This study focuses on the evolution of code smells within a system and their impact on the change behavior (change frequency and size). The study investigates two code smells, God Class and Shotgun Surgery, by analyzing the historical data over several years of development of two large scale open source systems. The detection of code smells in the evolution of those systems was performed by the application of an automated approach using detection strategies. The results show that we can identify different phases in the evolution of code smells during the system development and that code smell infected components exhibit a different change behavior. This information is useful for the identification of risk areas within a software system that need refactoring to assure a future positive evolution.","PeriodicalId":128479,"journal":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115419978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 229
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信