Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering最新文献_第5页

On the Reliability of the Area Under the ROC Curve in Empirical Software Engineering 实证软件工程中ROC曲线下面积的可靠性研究

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593456

L. Lavazza, S. Morasca, Gabriele Rotoloni

{"title":"On the Reliability of the Area Under the ROC Curve in Empirical Software Engineering","authors":"L. Lavazza, S. Morasca, Gabriele Rotoloni","doi":"10.1145/3593434.3593456","DOIUrl":"https://doi.org/10.1145/3593434.3593456","url":null,"abstract":"Binary classifiers are commonly used in software engineering research to estimate several software qualities, e.g., defectiveness or vulnerability. Thus, it is important to adequately evaluate how well binary classifiers perform, before they are used in practice. The Area Under the Curve (AUC) of Receiver Operating Characteristic curves has often been used to this end. However, AUC has been the target of some criticisms, so it is necessary to evaluate under what conditions and to what extent AUC can be a reliable performance metric. We analyze AUC in relation to ϕ (also known as Matthews Correlation Coefficient), often considered a more reliable performance metric, by building the lines in the ROC space with constant value of ϕ, for several values of ϕ, and computing the corresponding values of AUC. By their very definitions, AUC and ϕ depend on the prevalence ρ of a dataset, which is the proportion of its positive instances (e.g., the defective software modules). Hence, so does the relationship between AUC and ϕ. It turns out that AUC and ϕ are very well correlated, and therefore provide concordant indications, for balanced datasets (those with ρ ≃ 0.5). Instead, AUC tends to become quite large, and hence provide over-optimistic indications, for very imbalanced datasets (those with ρ ≃ 0 or ρ ≃ 1). We use examples from the software engineering literature to illustrate the analytical relationship linking AUC, ϕ, and ρ. We show that, for some values of ρ, the evaluation of performance based exclusively on AUC can be deceiving. In conclusion, this paper provides some guidelines for an informed usage and interpretation of AUC.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129957524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Too long; didn’t read: Automatic summarization of GitHub README.MD with Transformers 太长时间;没有读:GitHub README的自动摘要。带变压器的MD

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593448

Thu T. H. Doan, P. Nguyen, Juri Di Rocco, Davide Di Ruscio

{"title":"Too long; didn’t read: Automatic summarization of GitHub README.MD with Transformers","authors":"Thu T. H. Doan, P. Nguyen, Juri Di Rocco, Davide Di Ruscio","doi":"10.1145/3593434.3593448","DOIUrl":"https://doi.org/10.1145/3593434.3593448","url":null,"abstract":"The ability to allow developers to share their source code and collaborate on software projects has made GitHub a widely used open source platform. Each repository in GitHub is generally equipped with a README.MD file to exhibit an overview of the main functionalities. Nevertheless, while offering useful information, README.MD is usually lengthy, requiring time and effort to read and comprehend. Thus, besides README.MD, GitHub also allows its users to add a short description called “About,” giving a brief but informative summary about the repository. This enables visitors to quickly grasp the main content and decide whether to continue reading. Unfortunately, due to various reasons–not excluding laziness–oftentimes this field is left blank by developers. This paper proposes GitSum as a novel approach to the summarization of README.MD. GitSum is built on top of BART and T5, two cutting-edge deep learning techniques, learning from existing data to perform recommendations for repositories with a missing description. We test its performance using two datasets collected from GitHub. The evaluation shows that GitSum can generate relevant predictions, outperforming a well-established baseline.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130921833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Toward Successful Secure Software Deployment: An Empirical Study 迈向成功的安全软件部署:一个实证研究

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593966

Azzah Alghamdi, M. Niazi

{"title":"Toward Successful Secure Software Deployment: An Empirical Study","authors":"Azzah Alghamdi, M. Niazi","doi":"10.1145/3593434.3593966","DOIUrl":"https://doi.org/10.1145/3593434.3593966","url":null,"abstract":"Software deployment is the last stage of the software development life cycle (SDLC). It includes the execution of software in a customer environment. Nowadays, security has been integrated with the SDLC stages to produce secure software, improve software quality, and increase customer satisfaction. However, the software has become complex in recent execution environments, putting more pressure on securely deploying the software in these environments. This work extends our previous study published in [11], in which we have identified a list of best practices to address the secure software deployment challenges. In our previous study, we categorized secure software deployment challenges into five levels of importance; critical, high, medium, low, and very low level. In this study, we provided best practices to overcome critical, high, and medium level challenges. Initially, a traditional literature review was conducted to identify best practices to overcome the challenges of secure software deployment. After that, data was collected via a questionnaire from 10 software deployment professionals to identify best practices that can be used to address the identified challenges. The outcome of this research assists software organizations in overcoming the challenges of secure software deployment. In addition, this study guides software organizations toward the secure deployment of software products.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116011979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Survey on Botnets Attack Detection Utilizing Machine and Deep Learning Models 基于机器和深度学习模型的僵尸网络攻击检测研究综述

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593967

Dorieh M. Alomari, Fatima M. Anis, Maryam Alabdullatif, Hamoud Aljamaan

引用次数: 0

On the Energy Consumption and Performance of WebAssembly Binaries across Programming Languages and Runtimes in IoT 物联网中跨编程语言和运行时WebAssembly二进制文件的能耗和性能研究

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593454

Linus Wagner, Maximilian Mayer, Andrea Marino, Alireza Soldani Nezhad, Hugo Zwaan, I. Malavolta

{"title":"On the Energy Consumption and Performance of WebAssembly Binaries across Programming Languages and Runtimes in IoT","authors":"Linus Wagner, Maximilian Mayer, Andrea Marino, Alireza Soldani Nezhad, Hugo Zwaan, I. Malavolta","doi":"10.1145/3593434.3593454","DOIUrl":"https://doi.org/10.1145/3593434.3593454","url":null,"abstract":"Context. WebAssembly (WASM) is a low-level bytecode format that is gaining traction among Internet of Things (IoT) devices. Because of IoT devices’ resources limitations, using WASM is becoming a popular technique for virtualization on IoT devices. However, it is unclear if the promises of WASM regarding its efficient use of energy and performance gains hold true. Goal. This study aims to determine how different source programming languages and runtime environments affect the energy consumption and performance of WASM binaries. Method. We perform a controlled experiment where we compile three benchmarking algorithms from four different programming languages (i.e., C, Rust, Go, and JavaScript) to WASM and run them using two different WASM runtimes on a Raspberry Pi 3B. Results. The source programming language significantly influences the performance and energy consumption of WASM binaries. We did not find evidence of the impact of the runtime environment. However, certain combinations of source programming language and runtime environment leads to a significant improvement of its energy consumption and performance. Conclusions. IoT developers should choose the source programming language wisely to benefit from better performance and a reduction in energy consumption. Specifically, Javy-compiled JavaScript should be avoided, while C and Rust are better options. We found no conclusive results for the choice of the WASM runtime.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122097421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Automatic Data-Driven Software Change Identification via Code Representation Learning 基于代码表示学习的自动数据驱动软件变更识别

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593505

Tjaša Heričko

{"title":"Automatic Data-Driven Software Change Identification via Code Representation Learning","authors":"Tjaša Heričko","doi":"10.1145/3593434.3593505","DOIUrl":"https://doi.org/10.1145/3593434.3593505","url":null,"abstract":"Changes to a software project are inevitable as the software requires continuous adaptations, improvements, and corrections throughout maintenance. Identifying the purpose and impact of changes made to the codebase is critical in software engineering. However, manually identifying and characterizing software changes can be a time-consuming and tedious process that adds to the workload of software engineers. To address this challenge, several attempts have been made to automatically identify and demystify intents of software changes based on software artifacts such as commit change logs, issue reports, change messages, source code files, and software documentation. However, these existing approaches have their limitations. These include a lack of data, limited performance, and an inability to evaluate compound changes. This paper presents a doctoral research proposal that aims to automate the process of identifying commit-level changes in software projects using software repository mining and code representation learning models. The research background, state-of-the-art, research objectives, research agenda, and threats to validity are discussed.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132273963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Perceived Trust in Blockchain Systems: An Interview-based Survey 区块链系统中的感知信任:基于访谈的调查

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593521

Huikun Liu, Yanze Wang, Zhaowei Jiang, He Zhang, Jingyue Li, Sigurd Eileras, Haakon Pelsholen Busterud

{"title":"Perceived Trust in Blockchain Systems: An Interview-based Survey","authors":"Huikun Liu, Yanze Wang, Zhaowei Jiang, He Zhang, Jingyue Li, Sigurd Eileras, Haakon Pelsholen Busterud","doi":"10.1145/3593434.3593521","DOIUrl":"https://doi.org/10.1145/3593434.3593521","url":null,"abstract":"Blockchain systems have received increased interest over the past few years, and several new fields of use, such as supply chain systems, are being investigated. Since blockchain is still a new technology, various papers have explored how to apply it to support use cases outside the limited scope of digital currencies. Systems require solid technological implementation and perceived trust among users to ensure their interests and successful usage in practice. This study aimed to understand what graphic user interface (GUI) elements of a blockchain-based system make users trust that their best interests, such as security and privacy, are maintained in the systems. As a case study, we developed a few blockchain-based supply chain GUI mockups with different elements that reflect the security and privacy features of the system. We then conducted 30 interviews in Norway and China to collect the users’ opinions on whether the information presented in the GUIs helps them trust the system. The results show that users want access to as much information and data as the system can provide. The users’ trust in the system increases if the GUI features give users the impression that the inner workings of the blockchain-based system are transparent. However, users prefer the information presented as more conceptual than technical in the first place. However, users appreciate the possibility of clicking on the conceptual explanation and getting more in-depth blockchain-related technical information if needed.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132357883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Investigating Software Engineering Artifacts in DevOps Through the Lens of Boundary Objects 从边界对象的角度研究DevOps中的软件工程工件

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593441

Christoph Matthies, R. Heinrich, Rebekka Wohlrab

{"title":"Investigating Software Engineering Artifacts in DevOps Through the Lens of Boundary Objects","authors":"Christoph Matthies, R. Heinrich, Rebekka Wohlrab","doi":"10.1145/3593434.3593441","DOIUrl":"https://doi.org/10.1145/3593434.3593441","url":null,"abstract":"Software engineering artifacts are central to DevOps, enabling the collaboration of teams involved with integrating the development and operations domains. However, collaboration around DevOps artifacts has yet to receive detailed research attention. We apply the sociological concept of Boundary Objects to describe and evaluate the specific software engineering artifacts that enable a cross-disciplinary understanding. Using this focus, we investigate how different DevOps stakeholders can collaborate efficiently using common artifacts. We performed a multiple case study and conducted twelve semi-structured interviews with DevOps practitioners in nine companies. We elicited participants’ collaboration practices, focusing on the coordination of stakeholders and the use of engineering artifacts as a means of translation. This paper presents a consolidated overview of four categories of DevOps Boundary Objects and eleven stakeholder groups relevant to DevOps. To help practitioners assess cross-disciplinary knowledge management strategies, we detail how DevOps Boundary Objects contribute to four areas of DevOps knowledge and propose derived dimensions to evaluate their use.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133426166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Using InnerSource for Improving Internal Reuse: An Industrial Case Study 使用InnerSource提高内部重用:一个工业案例研究

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593466

Xingru Chen, M. Usman, Deepika Badampudi

{"title":"Using InnerSource for Improving Internal Reuse: An Industrial Case Study","authors":"Xingru Chen, M. Usman, Deepika Badampudi","doi":"10.1145/3593434.3593466","DOIUrl":"https://doi.org/10.1145/3593434.3593466","url":null,"abstract":"Background: InnerSource consists of the use of open source development techniques within the corporation. It helps improve software reuse through increased transparency and inter-team collaboration. Companies need to understand their context and specific needs before deciding to adopt any specific InnerSource practices since they cannot apply all InnerSource practices at once. Aim: This study aims to support the case company in assessing its readiness for adopting InnerSource practices to improve its internal reuse, identify and prioritize the improvement areas, and identify suitable solutions. Method: We performed a case study using a questionnaire and a workshop to check the current and desired status of adopting InnerSource practices and collect potential solutions. Results: The study participants identified that the company needs to prioritize the improvements related to the discoverability, communication channels, and ownership of the reusable assets. In addition, they identified certain InnerSource practices as solutions for the prioritized improvement areas, such as better structured repositories for storing and searching the reusable assets and standardized documentation of the reusable assets. Conclusion: The questionnaire instrument aids the case company in identifying the improvement areas related to InnerSource and reuse practices. InnerSource practices could improve the development and maintenance of reusable assets. Keywords: InnerSource, software reuse, readiness","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123592138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Decentralised Autonomous Organisations for Public Procurement 分散的公共采购自治组织

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI: 10.1145/3593434.3593519

Felix Monteiro, Miguel Correia

引用次数: 0