Journal of Software-Evolution and Process最新文献

{"title":"The Perspective of Agile Software Developers on Data Privacy","authors":"Mariana Peixoto,&nbsp;Tony Gorschek,&nbsp;Daniel Mendez,&nbsp;Carla Silva,&nbsp;Davide Fucci","doi":"10.1002/smr.2755","DOIUrl":"https://doi.org/10.1002/smr.2755","url":null,"abstract":"<div>\u0000 \u0000 <p>Recent studies have shown that many software developers do not have sufficient knowledge and understanding of how to develop a privacy-friendly system. This may become a challenge in developing systems complying with data protection laws. To address this issue, we investigated the factors that influence developers' decision-making when developing privacy-sensitive systems. We conducted an empirical study by means of a survey with 109 practitioners. Our data analysis is based on the principles of social cognitive theory, which includes personal, behavioral, and external environmental factors. We identified six personal, five behavioral, and five external environment factors that affect how developers make decisions regarding privacy, including confusion between privacy and security and reliance on informal practices and organizational support gaps. These findings contribute to understanding how practitioners and companies consider privacy, showing improvements in formal training and structured support over previous studies yet highlighting persistent challenges in consistent privacy integration.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 2","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143118226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Neural Networks-Based Software Development Effort Estimation: A Systematic Literature Review","authors":"Fatima Ezzahra Boujida,&nbsp;Fatima Azzahra Amazal,&nbsp;Ali Idri","doi":"10.1002/smr.2756","DOIUrl":"https://doi.org/10.1002/smr.2756","url":null,"abstract":"<div>\u0000 \u0000 <p>Software development effort estimation (SDEE) is a key task in managing software projects. Among the existing SDEE models, artificial neural networks (ANN) have garnered considerable attention from the software engineering community because of their ability to learn from previous data and yield acceptable estimates. However, to the best of the authors' knowledge, no systematic literature review (SLR) has been carried out with focus on the use of ANNs in SDEE. This work aims to analyze ANN-based SDEE studies from five view-points: estimation accuracy, accuracy comparison, estimation context, impact of combining ANN-based SDEE models with other techniques, and ANNs parameters. To find relevant ANN-based SDEE studies, we carried out an automated search using four electronic databases. The quality of the relevant papers was assessed to determine the set of papers to include in our review. We identified 65 papers published in the period 1993–2023 with acceptable quality score. The results of our systematic review revealed that ANN-based SDEE models perform better than 11 machine learning (ML) and non-ML SDEE models. Further, the estimation accuracy is improved when neural networks are used in combination with other techniques such as fuzzy clustering techniques. This study found that the use of ANN models in SDEE is promising to get accurate estimates. However, the application of ANN models in industry is still limited. Therefore, it is recommended that practitioners cooperate with researchers to encourage and facilitate the application of ANN models in industry.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 2","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143118245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Serious Game Approach to Introduce the Code Review Practice","authors":"Baris Ardic,&nbsp;Eray Tuzun","doi":"10.1002/smr.2750","DOIUrl":"https://doi.org/10.1002/smr.2750","url":null,"abstract":"<p>Code review is a widely utilized practice that focuses on improving code via manual inspections. However, this practice is not addressed adequately in a typical software engineering curriculum. We aim to help address the code review practice knowledge gap between the software engineering curricula and the industry with a serious game approach. We determine our learning objectives around the introduction of the code review process. To realize these objectives, we design, build, and test the serious game. We then conduct three case studies with a total of 280 students. We evaluated the results by comparing the student's knowledge and confidence about code review before and after case studies, as well as evaluating how they performed in code review quizzes and game levels themselves. Our analysis indicates that students had a positive experience during gameplay, and an in-depth examination suggests that playing the game also enhanced their knowledge. We conclude that the game had a positive impact on introducing the code review process. This study represents a step taken toward moving code review education from industry starting positions to higher education. The game and its auxiliary materials are available online.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 2","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.2750","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143118158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Advancing Software Project Effort Estimation: Leveraging a NIVIM for Enhanced Preprocessing","authors":"Syed Sarmad Ali,&nbsp;Jian Ren,&nbsp;Ji Wu,&nbsp;Kui Zhang,&nbsp;Liu Chao","doi":"10.1002/smr.2745","DOIUrl":"https://doi.org/10.1002/smr.2745","url":null,"abstract":"<div>\u0000 \u0000 <p>Software development effort estimation (SDEE) is essential for effective project planning and relies heavily on data quality affected by incomplete datasets. Missing data (MD) are a prevalent problem in machine learning, yet many models treat it arbitrarily despite its significance. Inadequate handling of MD may introduce bias into the induced knowledge. It can be challenging to choose optimal imputation approaches for software development projects. This article presents a <i>novel incomplete value imputation model (NIVIM)</i> that uses a variational autoencoder (VAE) for imputation and synthetic data. By combining contextual and resemblance components, our approach creates an SDEE dataset and improves the data quality using contextual imputation. The key feature of the proposed model is its applicability to a wide variety of datasets as a preprocessing unit. Comparative evaluations demonstrate that NIVIM outperforms existing models such as VAE, generative adversarial imputation network (GAIN), <span></span><math>\u0000 <semantics>\u0000 <mrow>\u0000 <mi>k</mi>\u0000 </mrow>\u0000 <annotation>$$ k $$</annotation>\u0000 </semantics></math>-nearest neighbor (K-NN), and multivariate imputation by chained equations (MICE). Our proposed model NIVIM produces statistically substantial improvements on six benchmark datasets, that is, ISBSG, Albrecht, COCOMO81, Desharnais, NASA, and UCP, with an average improvement in RMSE of <i>11.05%</i> to <i>17.72%</i> and MAE of <i>9.62%</i> to <i>21.96%</i>.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143116408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Ensemble Deep Network for Secured Refactoring Framework by Predicting Code-Bad Smells in Software Projects","authors":"T. Pandiyavathi,&nbsp;B. Sivakumar","doi":"10.1002/smr.2749","DOIUrl":"https://doi.org/10.1002/smr.2749","url":null,"abstract":"<div>\u0000 \u0000 <p>In modern times, refactoring is one of the significantly utilized approaches for enhancing the software's quality like understandability, testability, and maintainability. Moreover, the refactoring effect on its security has been underrated. In addition to that, there are only a few studies that offer the classification over refactoring approaches depending on the effect over the quality attributes that help the designer to attain certain objectives by choosing the most significant approach and it is applied in the right places based on the specified software quality attributes. The contradictory outcomes are attained by considering the quality of the software creates limitations for the developers while performing the software refactoring process. In this paper, a secured deep learning-based software refactoring approach is designed. At first, software projects collected from online sources are offered as input for this software refactoring process to detect the security metrics in the projects. After detecting the security metrics, refactoring is applied in the software projects to change the internal design. Then, the security metrics of the refactored projects are detected again. Further, the security metrics computed before and after refactoring are compared with the software projects. The projects are labeled based on security, needs, and refactoring level. Then, the Ensemble Attention-based Deep Network (EA-DNet) is developed, which is designed with the Recurrent Neural Network (RNN), Deep Temporal Convolution Network (DTCN), and Bi-directional Long Short Term Memory (Bi-LSTM). This network is trained to get better results in the prediction of code-bad smells in software projects. The prior software refactoring approaches are compared with the proposed code-bad smells-based software refactoring process.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 2","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143380571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Comparing the Efficacy of Rapid Review With a Systematic Review in the Software Engineering Field","authors":"Carolline Pena,&nbsp;Bruno Cartaxo,&nbsp;Igor Steinmacher,&nbsp;Deepika Badampudi,&nbsp;Deyvson da Silva,&nbsp;Williby Ferreira,&nbsp;Adauto Almeida,&nbsp;Fernando Kamei,&nbsp;Sérgio Soares","doi":"10.1002/smr.2748","DOIUrl":"https://doi.org/10.1002/smr.2748","url":null,"abstract":"<div>\u0000 \u0000 \u0000 <section>\u0000 \u0000 <h3> Context</h3>\u0000 \u0000 <p>Rapid Reviews are secondary studies aiming to deliver evidence to experts in a more timely manner and with lower costs than traditional literature reviews. Previous studies have shown that experts and researchers are positive toward Rapid Reviews. However, little is known about how Rapid Reviews differ from traditional Systematic Reviews.</p>\u0000 </section>\u0000 \u0000 <section>\u0000 \u0000 <h3> Objective</h3>\u0000 \u0000 <p>The goal of this paper is to compare a Rapid Review with a Systematic Review in terms of their methods (e.g., search strategy, study selection, quality assessment, and data extraction) and findings to understand how optimizing the traditional Systematic Review method impacts what we obtain with Rapid Review.</p>\u0000 </section>\u0000 \u0000 <section>\u0000 \u0000 <h3> Method</h3>\u0000 \u0000 <p>To achieve this goal, we conducted a Systematic Review with the same research questions answered by a pre-existing Rapid Review and compared those two studies. Also, we surveyed experts from industry and academia to evaluate the relevance of the findings obtained from both the secondary studies.</p>\u0000 </section>\u0000 \u0000 <section>\u0000 \u0000 <h3> Results</h3>\u0000 \u0000 <p>The Rapid Review lasted 6 days, while the Systematic Review took 1 year and 2 months. The main bottlenecks we identified in the Systematic Review are (i) executing the search strategy and (ii) selecting the procedure. Together, they took 10 months. The researchers had to analyze the information from 11,383 papers for the Systematic Review compared with 1973 for the Rapid Review. Still, most (<span></span><math>\u0000 <semantics>\u0000 <mrow>\u0000 <mo>∼</mo>\u0000 </mrow>\u0000 <annotation>$$ sim $$</annotation>\u0000 </semantics></math> 78%) of the papers included in the Systematic Review were returned by the Rapid Review search, and some papers that could be included were unduly excluded during the Rapid Review's selection procedure. Both secondary studies identified the same number of pieces of evidence (30), but the pieces of evidence are not the same.</p>\u0000 </section>\u0000 \u0000 <section>\u0000 \u0000 <h3> Conclusion</h3>\u0000 \u0000 <p>The Rapid Review and Systematic Review results are inherently different and complementary. The time and cost to conduct a Systematic Review can be prohibitive in experts' contexts. Thus, at least in such situations, a Rapid Review may be an adequate choice. Moreover, a Rapid Review may be executed in the experts' context as a previous low-cost step before deciding to invest in a high-cost Systematic Review.</p>\u0000 </section>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143111135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Refactoring to Standard C++20 Modules","authors":"Richárd Szalay,&nbsp;Zoltán Porkoláb","doi":"10.1002/smr.2736","DOIUrl":"https://doi.org/10.1002/smr.2736","url":null,"abstract":"<p>Good component-based design for software projects is a desired property both for development and maintenance. The C++ programming language inherited the “translation unit” model from C, where every source file is individually compiled with no knowledge about other parts of the project. This model has several drawbacks, and C++20 <i>Modules</i> is the Standard's answer for them. Moreover, <i>Modules</i> allows a cleaner encapsulation of concern. This paper investigates a semi-automatic modularization method to refactor existing C++ projects. Our approach uses dependency analysis and clustering to organize elements of an existing project into modules, without domain-specific information. Based on our study of two medium-size open-source projects from disjoint domains and vastly distinct architecture, upgrading existing software systems to the new <i>Modules</i> feature is limited by the existing design of the project's architecture. To fully facilitate the use of <i>Modules</i> in a project, it is likely that both project-internal and user-facing interfaces must be changed.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.2736","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143120413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Strategic Patterns to Foster the Evolution of Emerging Software Ecosystems","authors":"Ítalo Belo,&nbsp;Carina Alves","doi":"10.1002/smr.2747","DOIUrl":"https://doi.org/10.1002/smr.2747","url":null,"abstract":"<div>\u0000 \u0000 <p>Platform owners like SAP, Eclipse Foundation, and Microsoft have developed partnership models to expand their software ecosystems. These models govern the cluster of complementors, enabling the attraction and maintenance of partners and consumers. Companies aiming to define new partnership models when moving from a software product approach to an ecosystem face challenges that may limit their growth. When establishing an emerging ecosystem, platform providers (i.e., keystones) must perform several activities, such as attracting and retaining partners, defining rules of participation, managing risks, and maintaining the quality of the platform. This paper proposes three strategic patterns to assist companies in structuring their partnership models. The patterns provide actionable guidance to companies establishing new ecosystems. We adopted the Design Science Research (DSR) method to conduct the study. Following the DSR cycle, the strategic patterns were defined using a Multivocal Literature Review. The strategies described in the proposed patterns were validated by the industry professionals with experience in emerging software ecosystems. The proposed patterns help keystone companies adopt suitable strategies to address the following challenges: selecting partners, attracting and retaining consumers, technically structuring the platform while maintaining the robustness of the ecosystem, managing risks and conflicts, and assisting complementors in developing, selling, and distributing solutions in the ecosystem.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143120412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A SWOT Analysis of Software Development Life Cycle Security Metrics","authors":"Ayesha Khalid,&nbsp;Mushtaq Raza,&nbsp;Palwasha Afsar,&nbsp;Rafiq Ahmad Khan,&nbsp;Muhammad Ismail Mohmand,&nbsp;Hanif Ur Rahman","doi":"10.1002/smr.2744","DOIUrl":"https://doi.org/10.1002/smr.2744","url":null,"abstract":"<div>\u0000 \u0000 <p>Cyber security is an ongoing and critical concern due to persistent threats posed by threat actors, such as hackers and crackers. With the development of information and communication technologies (ICT), the widespread usage of software systems has transformed modern society in many ways but also created new issues in protecting confidential and sensitive information. The quantification of security measures can provide evidence to support decision-making in software security, particularly when assessing the security performance of software systems. This entails understanding the key quality criteria of security metrics, which can assist in constructing security models aligned with practical requirements. To delve deeper into this subject, the current study conducted a systematic literature review (SLR) on security metrics and measures within the realm of secure software development (SSD). The study selected 61 research publications for data extraction based on the specific inclusion and exclusion criteria. The study identified 215 software security metrics and classified them into different phases of software development life cycle (SDLC). In order to evaluate the most cited metrics in each phase of SDLC, the strengths, weaknesses, opportunities, and threats (SWOT) analysis was performed. The SWOT analysis offers a structured framework enabling researchers to make more effective, well-informed decisions and mitigate potential risks, ultimately contributing to more valuable research findings. The study's findings provide researchers guidance for exploring emerging trends and addressing existing gaps in SDLC. This study also provides software professionals with a more comprehensive understanding of security measurements, constraints, and open-ended specific and general issues.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143119731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Prioritization of Software Bugs Using Entropy-Based Measures","authors":"Madhu Kumari,&nbsp;Rashmi Singh,&nbsp;V. B. Singh","doi":"10.1002/smr.2742","DOIUrl":"https://doi.org/10.1002/smr.2742","url":null,"abstract":"<div>\u0000 \u0000 <p>Open-source software is evolved through the active participation of users. In general, a user request for bug fixing, the addition of new features, and feature enhancements. Due to this, the software repositories are increasing day by day at an enormous rate. Additionally, user distinct requests add uncertainty and irregularity to the reported bug data. The performance of machine learning algorithms drastically gets influenced by the inappropriate handling of uncertainty and irregularity in the bug data. Researchers have used machine learning techniques for assigning priority to the bug without considering the uncertainty and irregularity in reported bug data. In order to capture the uncertainty and irregularity in the reported bug data, the summary entropy–based measure in combination with the severity and summary weight is considered in this study to predict the priority of bugs in the open-source projects. Accordingly, the classifiers are build using these measures for different machine learning techniques, namely, <i>k</i>-nearest neighbor (KNN), naïve Bayes (NB), J48, random forest (RF), condensed nearest neighbor (CNN), multinomial logistic regression (MLR), decision tree (DT), deep learning (DL), and neural network (NNet) for bug priority prediction This research aims to systematically analyze the summary entropy–based machine learning classifiers from three aspects: type of machine learning technique considered, estimation of various performance measures: Accuracy, Precision, Recall, and F-measure and through existing model comparison. The experimental analysis is carried out using three open-source projects, namely, Eclipse, Mozilla, and OpenOffice. Out of 145 cases (29 products X 5 priority levels), the J48, RF, DT, CNN, NNet, DL, MLR, and KNN techniques give the maximum F-measure for 46, 35, 28, 11, 15, 4, 3, and 1 cases, respectively. The result shows that the proposed summary entropy–based approach using different machine learning techniques performs better than without entropy-based approach and also entropy-based approach improves the Accuracy and F-measure as compared with the existing approaches. It can be concluded that the classifier build using summary entropy measure significantly improves the machine learning algorithms' performance with appropriate handling of uncertainty and irregularity. Moreover, the proposed summary entropy–based classifiers outperform the existing models available in the literature for predicting bug priority.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 2","pages":""},"PeriodicalIF":1.7,"publicationDate":"2024-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143253485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}