Journal of Software-Evolution and Process最新文献

{"title":"Advances in Software Engineering Research for Systems-of-Systems and Software Ecosystems","authors":"Rodrigo Santos,&nbsp;Antonia Bertolino,&nbsp;Pablo Antonino,&nbsp;Doo-Hwan Bae","doi":"10.1002/smr.70046","DOIUrl":"https://doi.org/10.1002/smr.70046","url":null,"abstract":"<p>For more than a decade, software engineering for systems-of-systems (SoS) and software ecosystems (SECO) has been largely investigated in order to cope with complexity in software-intensive systems. SoS research addresses several aspects related to software system architecture comprising a set of constituent systems that relate to each other to perform missions. As such, SoS have key characteristics such as operational and managerial independence, distribution, emergent behavior, and evolutionary development. Full interoperability and dynamic architecture become critical challenges in this context. On the hand, SECO research refers to modeling and analysis of a socio-technical network of actors and artifacts formed on top of common technological platforms, in which business factors directly influence software maintenance and evolution. Software sustainability and diversity as well as quality attributes that affect the SECO platform health represent challenges in the field. From the long-running, successful series of the International Workshop on Software Engineering for systems-of-systems and Software Ecosystems (SESoS), co-located with the IEEE/ACM International Conference on Software Engineering (ICSE), we present this special issue on the topics in the Journal of Software: Evolution and Process from SESoS 2023 in Melbourne, Australia. Four articles were accepted and published in this special issue, covering a longitudinal analysis of SoS research, as well as strategic patterns, services, and trust in SECO. These articles provide researchers and practitioners with advances in the state of the art and point out opportunities for further research.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 9","pages":""},"PeriodicalIF":1.8,"publicationDate":"2025-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70046","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144935249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards Explainable Code Readability Classification With Graph Neural Networks","authors":"Qing Mi,&nbsp;Zhiyou Xiao,&nbsp;Yi Zhan,&nbsp;Liyan Tao,&nbsp;Jiahe Zhang","doi":"10.1002/smr.70048","DOIUrl":"https://doi.org/10.1002/smr.70048","url":null,"abstract":"<div>\u0000 \u0000 <p>Code readability is of central concern for developers, as a more readable code indicates higher maintainability, reusability, and portability. In recent years, many deep learning–based code readability classification methods have been proposed. Among them, a graph neural network (GNN)–based model has achieved the best performance in the field of code readability classification. However, it is still unclear what aspects of the model's input lead to its decisions, which hinders its practical use in the software industry. To improve the interpretability of existing code readability classification models and identify key code characteristics that drive their readability predictions, we propose an explanation framework with GNN explainers towards transparent and trustworthy code readability classification. First, we propose a simplified Abstract Syntax Tree (AST)–based code representation method, which transforms Java code snippets into ASTs and discards lower-level nodes with limited information. Then, we retrain the state-of-the-art GNN-based model together with our simplified program graphs. Finally, we employ SubgraphX to explain the model's code readability predictions at the subgraph level and visualize the explanation results to further analyze what causes such predictions. The experimental results show that sequential logic, code comments, selection logic, and nested structure are the most influential code characteristics when classifying code snippets as readable or unreadable. Further investigations indicate the model's proficiency in capturing features related to complex logic structures and extensive data flows but point to its limitations in identifying readability issues associated with naming conventions and code formatting. The explainability analysis conducted in this research is the first step towards more transparent and reliable code readability classification. We believe that our findings are useful in providing constructive suggestions for developers to write more readable code and delimitating directions for future model improvement.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 9","pages":""},"PeriodicalIF":1.8,"publicationDate":"2025-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144934921","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Securing Software Development Through People Maturity: A Fuzzy-AHP Decision-Making Framework","authors":"Rafiq Ahmad Khan,&nbsp;Hussein A. Al Hashimi,&nbsp;Hathal S. Alwageed,&nbsp;Ismail Keshta,&nbsp;Alaa Omran Almagrabi,&nbsp;Sarra Ayouni","doi":"10.1002/smr.70045","DOIUrl":"https://doi.org/10.1002/smr.70045","url":null,"abstract":"<div>\u0000 \u0000 <p>The increasing complexity of software development processes has heightened the need for robust security measures. Although technical safeguards are essential, the role of human factors in securing software development remains underexplored. This paper presents a novel approach that integrates people's maturity with a fuzzy analytic hierarchy process (Fuzzy-AHP) decision-making framework to enhance the security in software development. The framework provides a systematic method for evaluating and prioritizing human factors that influence an organization's security posture, such as team-expertized communication and adherence to security protocols. Using the decision-making model allows the project managers and stakeholders to determine the appropriate areas for improvement and develop the right strategies and actions to nurture a secure and mature development culture. The paper identifies 24 human success factors (HSFs) and human security vulnerabilities (HSVs) and 38 practices for addressing these HSFs and HSVs through systematic literature review (SLR) and empirical survey. Furthermore, we discuss the local and global ranks of each HSF and HSV practice and categorize the identified practices into nine categories to determine the ranks and weight of each category. Based on collected data, Fuzzy-AHP prioritized these practices; the category “C4: Skill development and stakeholder engagement” is ranked highest at rank-1 and possesses the most significant weight of 0.12435. Similarly, the highest global weight is 0.051506, and the global ranked (rank-1) HSF and HSV practice is “P15: Hands-on practice and stakeholder communication.” The proposed approach complements existing technical methods by addressing the human element of security, making it adaptable to diverse organizational environments. Through this integration of people maturity and Fuzzy-AHP, the paper contributes a new dimension to securing software development, emphasizing the critical role of human factors in achieving comprehensive security.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 9","pages":""},"PeriodicalIF":1.8,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144927289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Semiautomated Approach for Detecting Ambiguities in Software Requirements Using SpanBERT and Named Entity Recognition","authors":"Fiza Talha,&nbsp;Touseef Tahir,&nbsp;Talha Nadeem","doi":"10.1002/smr.70041","DOIUrl":"https://doi.org/10.1002/smr.70041","url":null,"abstract":"<p>Ambiguous user requirements present a challenge in software requirement engineering. A manual approach to handling ambiguity is time-consuming. Software requirements are essential inputs to software development processes, including architecture and design, implementation, and testing. Requirement ambiguities lead to project cost overruns, delays in project delivery, and poor software product quality. Timely identification and correction of ambiguity can result in better software systems that meet product objectives and satisfy the needs of all stakeholders. This study explores various natural language processing techniques and SpanBERT (a variant of BERT). This research proposes a semiautomated approach for detecting anaphoric, coordination, and missing condition ambiguities in functional requirements. The proposed approach is validated on a new, original dataset containing 425 functional requirements from 16 domains. The ambiguities identified through our approach are compared with those detected manually and by ChatGPT. Our approach outperforms ChatGPT in detecting ambiguities. The proposed approach will aid project managers and requirement engineers in identifying ambiguities in requirement specifications, thereby helping to reduce cost overruns and delays in the software development process caused by requirement ambiguities.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 8","pages":""},"PeriodicalIF":1.8,"publicationDate":"2025-08-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70041","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144810976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Scalability and Limitations of Existing Software Requirements Prioritization Techniques: A Systematic Literature Review","authors":"Muhammad Yaseen,&nbsp;Waqar Mehmood,&nbsp;Fazal Hameed,&nbsp;Muhammad Asif Nauman","doi":"10.1002/smr.70039","DOIUrl":"https://doi.org/10.1002/smr.70039","url":null,"abstract":"<div>\u0000 \u0000 <p>Requirements prioritization puts more emphasis on the software requirements based on their importance, making it a crucial activity in managing software requirements throughout the software development process. This work explains the concept of prioritization techniques, their relevance, and related issues. Recent literature has described many requirement prioritization techniques, but each comes with its own limitations and challenges, specifically regarding scalability. In this article, we provide a systematic literature review (SLR) of the requirement prioritization techniques over the past decade and identify their limitations and scalability issues. In this context, we develop a planned protocol that includes all the necessary steps required for the SLR process. As a result of conducting the SLR, 53 primary studies were shortlisted for data extraction. The analysis of the results indicates that there is a minimal focus on large-scale functional requirements, with only 9% of the work addressing this area. To the best of our knowledge, no work has been done on prioritizing requirements between ERP systems and mobile-specific applications. Most existing studies focus on imaginary or simulated projects, and very limited actual work has been carried out during the execution of the industrial projects. When requirements are prioritized correctly, the likelihood of successful implementation will be high, and it will lead to a higher quality product.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 8","pages":""},"PeriodicalIF":1.8,"publicationDate":"2025-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144773745","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Simple Yet Practical Backdoor Prompt Attack Against Black-Box Code Summarization Engines","authors":"Yubin Qu,&nbsp;Song Huang,&nbsp;Yongming Yao,&nbsp;Peng Nie","doi":"10.1002/smr.70032","DOIUrl":"https://doi.org/10.1002/smr.70032","url":null,"abstract":"<div>\u0000 \u0000 <p>A code summarization engine based on large language models (LLMs) can describe code functionality from different perspectives according to programmers' needs. However, these engines are at risk of black-box backdoor attacks. We propose a simple yet practical method called <b>Bad Prompt Attack</b> (<span>BPA</span>), specifically designed to investigate such black-box backdoor attacks. This innovative attack method aims to induce the code summarization engine to generate summarizations that conceal security vulnerabilities in source code. Consistent with most commercial code summarization engines, <span>BPA</span> only assumes black-box query access to the target engine without requiring knowledge of its internal structure. This attack targets in-context learning by injecting adversarial demonstrations into user input prompts. We validated our method on the SOTA black-box commercial service, OpenAI API. In security-critical test cases covering seven types of CWE, <span>BPA</span> significantly increased the likelihood that the code summarization engine would generate the attacker-desired code summarization targets, achieving an average attack success rate (ASR) of 91.4%. This result underscores the potential threat of backdoor attacks on code summarization tasks while providing essential reference points for future defense research.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 8","pages":""},"PeriodicalIF":1.8,"publicationDate":"2025-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144767854","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluating Sustainability Through Business Processes Indicators: A Case Study","authors":"Raimel Sobrino-Duque,&nbsp;Juan Antonio Plasencia,&nbsp;María Ángeles Moraga,&nbsp;Félix García,&nbsp;Begoña Moros,&nbsp;Joaquín Nicolás,&nbsp;José Luis Fernández-Alemán","doi":"10.1002/smr.70042","DOIUrl":"https://doi.org/10.1002/smr.70042","url":null,"abstract":"<p>Researchers, organizations, and professionals have a great interest in defining sustainability indicators within the framework of Green Business Process Management (Green BPM), together with business process models that allow the impact of those indicators to be assessed in organizations. However, there is a lack of procedures that help organizations to incorporate indicators in Green BPM. For this reason, the so-called Gaia method has been developed based on the Green BPM lifecycle. This method allows the implementation, monitoring, and continuous improvement of sustainability in business processes based on sustainability indicators. This paper presents an empirical validation of Gaia through a case study carried out in a higher education institution, emphasizing the definition and evaluation of sustainability indicators in business processes. The evaluation of sustainability indicators into the BPM lifecycle allowed sustainability indices to be obtained for each process, leading to the calculation of an organization's sustainability coefficient. The proposal has been applied to a higher education organization, which obtained a sustainability coefficient <span></span><math>\u0000 <semantics>\u0000 <mrow>\u0000 <mfenced>\u0000 <msub>\u0000 <mi>C</mi>\u0000 <mi>su</mi>\u0000 </msub>\u0000 </mfenced>\u0000 <mo>=</mo>\u0000 <mn>0.57</mn>\u0000 </mrow>\u0000 <annotation>$$ left({C}_{su}right)=0.57 $$</annotation>\u0000 </semantics></math>, corresponding to the medium sustainability level (<span></span><math>\u0000 <semantics>\u0000 <mrow>\u0000 <msub>\u0000 <mi>L</mi>\u0000 <mi>SU</mi>\u0000 </msub>\u0000 </mrow>\u0000 <annotation>$$ {L}_{SU} $$</annotation>\u0000 </semantics></math>). The case study has been the basis for the re-elaboration of objectives, lines of action, and the redesign of business processes that contribute to evaluating and improving the levels of sustainability desired by the organization under study. The main limitation of our study is that the Gaia method has been applied on one organization only. A tool that automates the method to assess the sustainability of business processes is being developed.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 8","pages":""},"PeriodicalIF":1.8,"publicationDate":"2025-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70042","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144758641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Strategic Intelligence Management (ISO 56006)—Using AI by the Innovation Agent Task Force in the Automotive Skills Alliance (ASA)","authors":"Laura Aschbacher,&nbsp;Mikus Zelmenis,&nbsp;Richard Messnarz,&nbsp;Damjan Ekert","doi":"10.1002/smr.70038","DOIUrl":"https://doi.org/10.1002/smr.70038","url":null,"abstract":"<div>\u0000 \u0000 <p>In the EU blueprint project FLAMENCO (Forward Looking Approaches for Green Mobility Ecosystem Network Collaboration), an innovation agent task force has been founded, which acts as an expert panel to elaborate a skills set of an innovation agent for automotive and establishes an innovation capability assessment model based on the ISO 560xx Innovation Management Systems norm series. In 2024, a new EU project TRIREME (Digital &amp; Green Skills Towards Future of the Mobility Ecosystem, 2024–2027) started, which builds on this existing innovation agent task force and provides resources to elaborate MOOcs (Massive Open Online Courses) per chapter of the ISO 5600x norm applying new tools like AI. The MOOC is then configured in a European Skills Hub of the ASA (Automotive Skills Alliance). ASA represents the pact for skills partner in the EU Erasmus+ program for the automotive sector. The research work about the use of AI (artificial intelligence) for the implementation of specific ISO 560xx chapters will be published. This paper is about the results of the work on the ISO 56006 Strategic Intelligence Management implementation using AI in the TRIREME project.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 8","pages":""},"PeriodicalIF":1.8,"publicationDate":"2025-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144740510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Modeling Software Reliability With Power Law Testing Effort Function Under Operational Uncertain Environment","authors":"Anup Kumar Behera,&nbsp;Priyanka Agarwal","doi":"10.1002/smr.70037","DOIUrl":"https://doi.org/10.1002/smr.70037","url":null,"abstract":"<div>\u0000 \u0000 <p>In today's swiftly evolving technological landscape, the importance of software reliability has become crucial. To evaluate software reliability, many researchers have investigated several software reliability growth models (SRGMs). Software developers frequently use a controlled environment for software testing, where they are aware of all the factors. However, the operational environment can introduce unpredictable and unfamiliar factors. Many studies in the literature have recognized the existence of uncertainty in the operational environment with different scenarios like perfect and imperfect debugging, several testing coverage functions, different error detection rates, etc. However, the inclusion of the testing effort function (TEF) alongside this operating uncertain environment has received notably less attention. This paper addresses this gap by exploring a software reliability growth model that integrates a power law TEF to account for an operational uncertain environment. For the validation, a numerical analysis is done based on two datasets (DS1 and DS2), and the proposed model is compared to seven existing reliability models using six goodness-of-fit criteria, and other improved NCD ranking criteria. In addition, we have also conducted single and multiple-parameter sensitivity analysis, which has enabled us to identify the critical parameters. The proposed models could potentially assist system analysts in predicting various parameters related to certain software systems. The findings encourage the decision makers.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 7","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144589673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"“Eco-Friendly” Micro-Services: Resource Footprint of Cloud-Native Micro-Services Written in Java—A Balance Between Build-Time and Run-Time Effects of Releases","authors":"Alexander Poth,&nbsp;Olsi Rrjolli","doi":"10.1002/smr.70036","DOIUrl":"https://doi.org/10.1002/smr.70036","url":null,"abstract":"<div>\u0000 \u0000 <p>The usage of micro-services in IT services is increasing. As this growth continues, the importance of eco-friendly design and operation becomes a significant factor. This study aims to evaluates the potential of Java frameworks that facilitate cloud-native micro-services in reducing the energy footprint throughout the release lifecycle. The release lifecycle view also looks into the development phase and its footprint impact respectively potentials to build overall more energy footprint optimized releases. Technology-driven methods and tools based on micro-service frameworks can help reduce the energy footprint at the micro-service level. However, local optimizations at the micro-service level cannot diminish the importance of more holistic approaches, such as optimizing the overall system, architecture and design of micro-services. The concepts derived from this analysis can be implemented in industrial settings, as presented by the case study. The effects are measurable and represent a positive step towards more eco-friendly cloud-native micro-service-based IT service offerings.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 7","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144524874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}