{"title":"Ensuring Confidentiality in Supply Chains With an Application to Life-Cycle Assessment","authors":"Achim D. Brucker, Sakine Yalman","doi":"10.1002/smr.2763","DOIUrl":"https://doi.org/10.1002/smr.2763","url":null,"abstract":"<div>\u0000 \u0000 <p>Modern supply chains of goods and services rely heavily on close collaborations between the partners within these supply chains. Consequently, there is a demand for IT systems that support collaborations between business partners, for instance, allowing for joint computations for global optimizations (in contrast to local optimizations that each partner can do on their own). Still, businesses are very reluctant to share data or connect their enterprise systems to allow for such joint computation. The topmost factor that businesses name as reason for not collaborating, is their security concern in general and, in particular, the confidentiality of business critical data. While there are techniques (e.g., homomorphic encryption or secure multiparty computation) that allow joint computations <i>and</i>, at the same time, that are protecting the confidentiality of the data that flows into such a joint computation, they are not widely used. One of the main problems that prevent their adoption is their perceived performance overhead. In this paper, we address this problem by an approach that utilized the structure of supply chains by decomposing global computations into local groups, and applying secure multiparty computation within each group. This results in a scalable (resulting in a significant smaller runtime overhead than traditional approaches) <i>and</i> secure (i.e., protecting the confidentiality of data provided by supply chain partners) approach for joint computations within supply chains. We evaluate our approach using life-cycle assessment (LCA) as a case study. Our experiments show that, for instance, secure LCA computations even in supply chains with 15 partners are possible within less than two minutes, while traditional approaches using secure multiparty computation need more than a day.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143119858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Process-Technology Fit Decisions: Evidence From an Expert Panel and Case Studies","authors":"Tahir Ahmad, Amy Van Looy","doi":"10.1002/smr.70000","DOIUrl":"https://doi.org/10.1002/smr.70000","url":null,"abstract":"<div>\u0000 \u0000 <p>Business process management (BPM) combined with new technologies can trigger both incremental and disruptive improvements in how organizations operate. More specifically, today's fourth industrial revolution can bring rapid changes in an organization's process dynamics. Our study explores differences between possible process-technology “fit” and “unfit” situations in BPM innovative projects. We extend relevant past studies and theories using a mix of qualitative techniques consisting of expert panel interviews and a case design using two field studies. Our findings reveal that, although alternative process-technology “fit” and “no-fit” situations exist, elements such as creativity, efficiency, integration, user friendliness, and proper task monitoring turn out to be the most promising factors to gain a process-technology fit. Novelty in our work includes discovering “fit” and “no-fit” factors in terms of process-technology alignment, and the development of a decision framework with a generic set of suggestions for BPM practitioners and decision makers. Our mixed-method approach is based on qualitative results by emphasizing in-depth insights and lessons learned rather than building a generalizable theory. We intend to guide managers and decision makers to help them think about possible directions, as suggested by our experts and case participants at the time of their technology adoption in a BPM context.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143119857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Dissecting Code Features: An Evolutionary Analysis of Kernel Versus Nonkernel Code in Operating Systems","authors":"Yangyang Zhao, Chenglin Li, Zhifei Chen, Zuohua Ding","doi":"10.1002/smr.2752","DOIUrl":"https://doi.org/10.1002/smr.2752","url":null,"abstract":"<div>\u0000 \u0000 <p>Understanding the evolution of software systems is crucial for advancing software engineering practices. Many studies have been devoted to exploring software evolution. However, they primarily treat software as an entire entity and overlook the inherent differences between subsystems, which may lead to biased conclusions. In this study, we attempt to explore variations between subsystems by investigating the code feature differences between kernel and nonkernel components from an evolutionary perspective. Based on three operating systems as case studies, we examine multiple dimensions, including the code churn characteristics and code inherent characteristics. The main findings are as follows: (1) The proportion of kernel code remains relatively small, and exhibits consistent stability across the majority of versions as systems evolve. (2) Kernel code exhibits higher stability in contrast to nonkernel code, characterized by a lower modification rate and finer modification granularity. The patterns of modification activities are similar in both kernel and nonkernel code, with a preference of changing code and a tendency to avoid the combination of adding and deleting code. (3) The cumulative code size and complexity of kernel files show an upward trajectory as the system evolves. (4) Kernel files exhibit a significantly higher code density and complexity than nonkernel files, featuring a greater number of code line, comments, and statements, along with a larger program length, vocabulary, and volume. Conversely, kernel functions prioritize modularity and maintainability, with a significantly smaller size and lower complexity than nonkernel functions. These insights contribute to a deeper understanding of the dynamics within operating system codebases and highlight the necessity of targeted maintenance strategies for different subsystems.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143119356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yuying Wang, Yichen Li, Haozhao Wang, Lei Zhao, Xiaofang Zhang
{"title":"Better Knowledge Enhancement for Privacy-Preserving Cross-Project Defect Prediction","authors":"Yuying Wang, Yichen Li, Haozhao Wang, Lei Zhao, Xiaofang Zhang","doi":"10.1002/smr.2761","DOIUrl":"https://doi.org/10.1002/smr.2761","url":null,"abstract":"<div>\u0000 \u0000 <p>Cross-project defect prediction (CPDP) poses a nontrivial challenge to construct a reliable defect predictor by leveraging data from other projects, particularly when data owners are concerned about data privacy. In recent years, federated learning (FL) has become an emerging paradigm to guarantee privacy information by collaborative training a global model among multiple parties without sharing raw data. While the direct application of FL to the CPDP task offers a promising solution to address privacy concerns, the data heterogeneity arising from proprietary projects across different companies or organizations will bring troubles for model training. In this paper, we study the privacy-preserving CPDP with data heterogeneity under the FL framework. To address this problem, we propose a novel knowledge enhancement approach named <b>FedDP</b> with two simple but effective solutions: 1. local heterogeneity awareness and 2. global knowledge distillation. Specifically, we employ open-source project data as the distillation dataset and optimize the global model with the heterogeneity-aware local model ensemble via knowledge distillation. Experimental results on 19 projects from two datasets demonstrate that our method significantly outperforms baselines.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143117384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sergio Salomón, Rafael Duque, Santos Bringas, Káthia Marçal de Oliveira
{"title":"Quality-in-Use in Practice: A Study for Context-Aware Software Systems in Pervasive Environments","authors":"Sergio Salomón, Rafael Duque, Santos Bringas, Káthia Marçal de Oliveira","doi":"10.1002/smr.2764","DOIUrl":"https://doi.org/10.1002/smr.2764","url":null,"abstract":"<div>\u0000 \u0000 <p>Software quality models have increasingly emphasized human factors and user needs. In 2011, ISO/IEC 25010 introduced the quality-in-use (QinU) model, designed to evaluate software quality as an outcome of a user utilizing a system through the evaluation of five characteristics: effectiveness, efficiency, freedom from risk, satisfaction, and context coverage. As a generic reference, this standard has been customized for various software types (e.g., web portals and artificial intelligence systems). This article presents a customization for context-aware software systems (CASSs), which are software systems that interpret and use context information (regarding the user, the software application features, and the environment) to adapt their functionalities. We are particularly interested in CASS for pervasive, or ubiquitous, environments. To address this goal, each QinU characteristic was analyzed by professionals from the academy and industry, taking into account the CASS features for pervasive/ubiquitous environments. A cyclical process of definition, revision, and improvement based on measurement theory was carried out before empirical validation in case studies. As the main result, a novel set of QinU measures specifically tailored for CASSs in a pervasive environment is provided, considering not only the classic explicit user interactions (e.g., mouse clicks and text input) but also the implicit interactions during everyday activities (e.g., walking or driving), captured through sensors and processed to support the user (e.g., recommending nearby museums and providing driving guidance). This set of measures supports CASS assessment and improvements, offering more accurate and context-sensitive quality measurement.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143117383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cloud and Edge Computing as Effective Trends in Business Model Innovation: A Bibliometric Review","authors":"Y. Sun","doi":"10.1002/smr.2754","DOIUrl":"https://doi.org/10.1002/smr.2754","url":null,"abstract":"<div>\u0000 \u0000 <p>Developing an information technology (IT) infrastructure for business and organizational operations has gained importance concurrently with the emergence of edge and cloud computing technologies. On the other hand, innovation is crucial for businesses because consumers demand better service and lower ownership costs. Several firms use the cloud as their innovation platform to expand and stay competitive. In the commercial world, cloud computing is swiftly embraced by small, medium, and big businesses in sectors including aerospace, automotive, logistics, financial services, textiles, and health. With all the benefits cloud computing has for business improvement, some issues and problems prevent organizations and companies from migrating to the cloud. Due to these evidentiary gaps, I combined quantitative and qualitative analytical techniques to synthesize the existing literature and identify possible directions for future studies that may have an impact. The primary aim of this research is to provide a bibliometric procedure to review the state of the art on this scope and provide a roadmap for future studies; then, it provides insight into how the adoption and sustained usage of cloud sourcing could and edge encourage the creation of novel business models and impact a company's competitive advantage. The publications were reviewed using a bibliometric approach that divided the papers into four categories: cloud computing data security, business risk management techniques, resource allocation, and business performance. According to the results, adopting cloud and edge computing service delivery models is connected with increased revenue and less capital investment in IT assets for the company. Also, the results showed that one of the main obstacles to implementing cloud and edge computing technology in organizations is low security and lack of sufficient internal resources.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143115639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Aurora Vizcaíno, Julio Suárez, Darja Šmite, Félix O. García
{"title":"Understanding Remote Work Experience: Insights Into Well-Being","authors":"Aurora Vizcaíno, Julio Suárez, Darja Šmite, Félix O. García","doi":"10.1002/smr.2757","DOIUrl":"https://doi.org/10.1002/smr.2757","url":null,"abstract":"<div>\u0000 \u0000 \u0000 <section>\u0000 \u0000 <h3> Background</h3>\u0000 \u0000 <p>After the pandemic, software engineers were forced to work remotely, in many cases without prior experience of doing so.</p>\u0000 </section>\u0000 \u0000 <section>\u0000 \u0000 <h3> Objective</h3>\u0000 \u0000 <p>The objective of this work is to analyze the factors that influence engineers' motivation, stress and performance when working remotely after the pandemic, and to what level.</p>\u0000 </section>\u0000 \u0000 <section>\u0000 \u0000 <h3> Methods</h3>\u0000 \u0000 <p>A significant number (around 1000) of Latin-American software development professionals from different countries who work remotely were surveyed in order to study the factors that affect them and how when they work in this manner. The data collected from the survey were then statistically analyzed using the partial least square-structural equation modeling (PLS-SEM) method.</p>\u0000 </section>\u0000 \u0000 <section>\u0000 \u0000 <h3> Conclusions</h3>\u0000 \u0000 <p>The analysis of the data made it possible to conclude that there are direct negative effects of stress on performance and direct positive effects of motivation on performance. In addition, we found that skills, experience, and teamwork behavior, such as trust, communication, and knowledge sharing, play an important role when working remotely.</p>\u0000 </section>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.2757","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143115640","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Strengthening Large-Scale Agile Teams: The Interplay of High-Quality Relationships, Psychological Safety, and Learning From Failures","authors":"Muhammad Ovais Ahmad","doi":"10.1002/smr.2759","DOIUrl":"https://doi.org/10.1002/smr.2759","url":null,"abstract":"<p>Agile methods have become a standard practice within software industry, with organizations increasingly adopting large-scale agile (LSA) frameworks. However, as these frameworks are implemented across multiple teams and organizational functions, new challenges emerge, particularly in maintaining alignment, coherence, and collaboration across teams. One crucial element in addressing these challenges is fostering of a culture of continuous learning and psychological safety, with the objective of optimizing team performance and ensuring project success. Despite the importance of this topic, there is a significant gap in existing literature regarding antecedents of psychological safety and its impact on team learning and performance in LSA environments. This study aims to investigate impact of high-quality relationships and psychological safety on learning from failures and, consequently, on team performance in LSA context. An online survey of 167 software professionals in Sweden was conducted to test a conceptual model that is developed based on existing literature. The hypotheses were analyzed using partial least squares structural equation modeling. The results demonstrate strong positive correlation between the presence of high-quality relationships, psychological safety, and capacity to learn from failures and team performance. Specifically, the formation of high-quality relationships has been demonstrated to significantly enhance psychological safety, which in turn facilitates learning from failures and leads to improved team performance. These findings offer valuable insights for both practitioners and researchers, highlighting the importance of cultivating relational dynamics and a psychologically safe environment in LSA projects. Furthermore, the study offers guidance for future research, regarding the scalability and generalizability of these findings.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.2759","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143115671","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rafiq Ahmad Khan, Ismail Keshta, Hussein A. Al Hashimi, Alaa Omran Almagrabi, Hathal S. Alwageed, Musaad Alzahrani
{"title":"A Fuzzy-AHP Decision-Making Framework for Optimizing Software Maintenance and Deployment in Information Security Systems","authors":"Rafiq Ahmad Khan, Ismail Keshta, Hussein A. Al Hashimi, Alaa Omran Almagrabi, Hathal S. Alwageed, Musaad Alzahrani","doi":"10.1002/smr.2758","DOIUrl":"https://doi.org/10.1002/smr.2758","url":null,"abstract":"<div>\u0000 \u0000 \u0000 <section>\u0000 \u0000 <p>Information System Security (ISS) is the primary economic lever for the global economy. It is the cornerstone for value generation, and its absence undeniably affects technology, people, and finances. The emergence of the worldwide information society has introduced fresh economic and legal challenges attributed to the surge in Internet utilization and advancements in the digital economy. Ensuring the security of advancements within information systems has emerged as a primary concern in propelling the evolution of information processes within the software development industry. This study aims to develop and propose a Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) framework to enhance decision-making for software maintenance and deployment in ISS. This framework aims to provide a systematic, flexible method for evaluating and prioritizing multiple conflicting criteria under conditions of uncertainty. The study initially adopts an empirical survey to identify software security maintenance and deployment risks and their practices for ISS organizations. Then adopts the Fuzzy-AHP method to handle the imprecision of expert judgments and organizes decision-making into a hierarchical structure. The framework is applied to evaluate key criteria related to software maintenance and deployment, including security risks, system performance, operational costs, and compliance requirements. Data from 50 ISS experts were collected and used to validate the framework. The paper identifies 52 security risks in maintenance and deployment (SRMD) processes in ISS and also identified 139 best practices for ensuring security, including regular updates, patch management, and adherence to industry-standard security protocols. The Fuzzy-AHP framework effectively structured the decision-making process by prioritizing criteria and sub-criteria. The results demonstrated that the framework helps mitigate the subjective biases in expert judgment and provides a more balanced assessment of maintenance and deployment strategies. Prioritizing security risks and compliance emerged as key factors in the decision-making process. The proposed Fuzzy-AHP framework provides an innovative and adaptable solution for optimizing ISS organizations' software maintenance and deployment decisions. It addresses the complexity and uncertainty involved in such decisions, offering a transparent and structured approach that improves the accuracy and reliability of outcomes. Future research should focus on empirical validation of the framework in real-world case studies and expand its application to other industries with similar decision-making needs.</p>\u0000 </section>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143115670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Affan Yasin, Rubia Fatima, Ira Puspitasari, Zheng JiangBin, Zhi Li
{"title":"Enhancing Literature Quality Assessment Skill in Novice Researchers: A Collaborative Card-Based Learning Approach","authors":"Affan Yasin, Rubia Fatima, Ira Puspitasari, Zheng JiangBin, Zhi Li","doi":"10.1002/smr.2753","DOIUrl":"https://doi.org/10.1002/smr.2753","url":null,"abstract":"<div>\u0000 \u0000 <p>Assessing the quality and credibility of research is crucial across disciplines. However, training early career scholars in systematic quality appraisal poses challenges. The rise of online grey literature increases the need for nuanced evaluation capabilities. This study aims to impart basic literature quality assessment knowledge in early career software engineering researchers using an interactive card-based learning activity. The PRISMA abstract quality checklist was adapted into a physical card deck. Sixteen novice researchers participated in a session using the cards to collaborate, discuss, and analyze a sample review paper abstract based on structured criteria. Quantitative feedback was gathered. Survey results indicated the card activity positively enhanced perceived understanding of quality principles, engagement, and assessment skills. Open-ended feedback highlighted cards improved focus, interactivity, and peer exchanges. This preliminary study provides encouraging evidence that a customized card-based approach can effectively instill foundational skills for assessing abstract quality while increasing motivation and enjoyment. Further research should evaluate long-term retention and optimal instructional design parameters.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143113616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}