IET Software最新文献

{"title":"Comparing Measured Agile Software Development Metrics Using an Agile Model-Based Software Engineering Approach versus Scrum Only","authors":"Moe Huss, Daniel R. Herber, J. Borky","doi":"10.3390/software2030015","DOIUrl":"https://doi.org/10.3390/software2030015","url":null,"abstract":"This study compares the reliability of estimation, productivity, and defect rate metrics for sprints driven by a specific instance of the agile approach (i.e., scrum) and an agile model-Bbased software engineering (MBSE) approach called the integrated Scrum Model-Based System Architecture Process (sMBSAP) when developing a software system. The quasi-experimental study conducted ten sprints using each approach. The approaches were then evaluated based on their effectiveness in helping the product development team estimate the backlog items that they could build during a time-boxed sprint and deliver more product backlog items (PBI) with fewer defects. The commitment reliability (CR) was calculated to compare the reliability of estimation with a measured average scrum-driven value of 0.81 versus a statistically different average sMBSAP-driven value of 0.94. Similarly, the average sprint velocity (SV) for the scrum-driven sprints was 26.8 versus 31.8 for the MBSAP-driven sprints. The average defect density (DD) for the scrum-driven sprints was 0.91, while that of the sMBSAP-driven sprints was 0.63. The average defect leakage (DL) for the scrum-driven sprints was 0.20, while that of the sMBSAP-driven sprints was 0.15. The t-test analysis concluded that the sMBSAP-driven sprints were associated with a statistically significant larger mean CR, SV, DD, and DL than that of the scrum-driven sprints. The overall results demonstrate formal quantitative benefits of an agile MBSE approach compared to an agile alone, thereby strengthening the case for considering agile MBSE methods within the software development community. Future work might include comparing agile and agile MBSE methods using alternative research designs and further software development objectives, techniques, and metrics.","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"43 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2023-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78344153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Revisit security in the era of DevOps: An evidence-based inquiry into DevSecOps industry","authors":"Xin Zhou,&nbsp;Runfeng Mao,&nbsp;He Zhang,&nbsp;Qiming Dai,&nbsp;Huang Huang,&nbsp;Haifeng Shen,&nbsp;Jingyue Li,&nbsp;Guoping Rong","doi":"10.1049/sfw2.12132","DOIUrl":"https://doi.org/10.1049/sfw2.12132","url":null,"abstract":"<p>By adopting agile and lean practices, DevOps aims to achieve rapid value delivery by speeding up development and deployment cycles, which however lead to more security concerns that cannot be fully addressed by an isolated security role only in the final stage of development. <i>DevSecOps</i> promotes security as a shared responsibility integrated into the DevOps process that seamlessly intertwines development, operations, and security from the start throughout to the end of cycles. While some companies have already begun to embrace this new strategy, both industry and academia are still seeking a common understanding of the DevSecOps movement. The goal of this study is to report the state-of-the-practice of DevSecOps, including the impact of DevOps on security, practitioners' understanding of DevSecOps, and the practices associated with DevSecOps as well as the challenges of implementing DevSecOps. The authors used a mixed-methods approach for this research. The authors carried out a grey literature review on DevSecOps, and surveyed the practitioners of DevSecOps in industry of China. The status quo of DevSecOps in industry is summarized. Three major software security risks are identified with DevOps, where the establishment of DevOps pipeline provides opportunities for security-related activities. The authors classify the interpretations of DevSecOps into three core aspects of DevSecOps capabilities, cultural enablers, and technological enablers. To materialise the interpretations into daily software production activities, the recommended DevSecOps practices from three perspectives—people, process, and technology. Although a preliminary consensus is that DevSecOps is regarded as an extension of DevOps, there is a debate on whether DevSecOps is a superfluous term. While DevSecOps is attracting an increasing attention by industry, it is still in its infancy and more effort needs to be invested to promote it in both research and industry communities.</p>","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"435-454"},"PeriodicalIF":1.6,"publicationDate":"2023-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12132","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50144606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Guest Editorial: Machine learning applied to quality and security in software systems","authors":"Honghao Gao,&nbsp;Walayat Hussain,&nbsp;Ramón J. Durán Barroso,&nbsp;Junaid Arshad,&nbsp;Yuyu Yin","doi":"10.1049/sfw2.12141","DOIUrl":"10.1049/sfw2.12141","url":null,"abstract":"&lt;p&gt;During the development of software systems, even with advanced planning, problems with quality and security occur. These defects may result in threats to program development and maintenance. Therefore, to control and minimise these defects, machine learning can be used to improve the quality and security of software systems. This special issue focuses on recent advances in architecture, algorithms, optimisation, and models for machine learning applied to quality and security in software systems. After a rigorous review according to relevance, originality, technical novelties, and presentation quality, we selected 4 manuscripts. A summary of these accepted papers is outlined below.&lt;/p&gt;&lt;p&gt;In the first paper entitled “Robust Malware Identification via Deep Temporal Convolutional Network with Symmetric Cross Entropy Learning” by Sun et al., the authors propose a robust Malware identification method using the temporal convolutional network (TCN). Moreover, word embedding techniques are generally utilised to understand the contextual relationship between the input operation code (opcode) and application programming interface (API) function names in many cases. Here, considering the numerous unlabelled samples in practical intelligent environments, the authors pre-train the TCN model on an unlabelled set using a word embedding method, that is, &lt;i&gt;word&lt;/i&gt;2&lt;i&gt;vec&lt;/i&gt;. In the experiments, the proposed method is compared to several traditional statistical methods and more recent neural networks on a synthetic Malware dataset and a real-world dataset. The performance comparisons demonstrate the better performance and noise robustness of the proposed method, that the proposed method can yield the best identification accuracy of 98.75% in real-world scenarios.&lt;/p&gt;&lt;p&gt;In the second paper entitled “Just-In-Time Defect Prediction Enhanced by the Joint Method of Line Label Fusion and File Filtering” by Zhang et al., the authors propose a Just-in-Time defect prediction model enhanced by the joint method of line label Fusion and file Filtering (JIT-FF). First, to distinguish added and removed lines while preserving the original software changes information, the authors represent the code changes as original, added, and removed codes according to line labels. Second, to obtain semantics-enhanced code representation, the authors propose a cross-attention-based line label fusion method to perform complementary feature enhancement. Third, to generate code changes containing fewer defect-irrelevant files, the authors formalise the file filtering as a sequential decision problem and propose a reinforcement learning-based file filtering method. Finally, based on generated code changes, CodeBERT-based commit representation and multi-layer perceptron-based defect prediction are performed to identify the defective software changes. The experiments demonstrate that JIT-FF predicts defective software changes more effectively.&lt;/p&gt;&lt;p&gt;In the third paper entitled “Android Malwar","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"345-347"},"PeriodicalIF":1.6,"publicationDate":"2023-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12141","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44482903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Structuring meaningful bug-fixing patches to fix software defect","authors":"Hui Li,&nbsp;Yong Liu,&nbsp;Xuexin Qi,&nbsp;Xi Yu,&nbsp;Shikai Guo","doi":"10.1049/sfw2.12140","DOIUrl":"https://doi.org/10.1049/sfw2.12140","url":null,"abstract":"<p>Currently, software projects require a significant amount of time, effort and other resources to be invested in software testing to reduce the number of code defects. However, this process decreases the efficiency of software development and leads to a significant waste of workforce and resources. To address this challenge, researchers developed various solutions utilising deep neural networks. However, these solutions are frequently challenged by issues, such as a vast vocabulary, network training difficulties and elongated training processes resulting from the handling of redundant information. To overcome these limitations, the authors proposed a new neural network-based model named HopFix, designed to detect software defects that may be introduced during the coding process. HopFix consists of four parts: data preprocessing, encoder, decoder and code generation components, which were used for preprocessing data, extracting information about software defects, analysing defect information, generating software patches and controlling the generation process of software patches, respectively. Experimental studies on Bug-Fix Pairs (BFP) show that HopFix correctly fixed 47.2% (<i>BFP</i>_<i>small</i> datasets) and 25.7% (<i>BFP</i>_{<i>medium</i>} datasets) of software defects.</p>","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"566-581"},"PeriodicalIF":1.6,"publicationDate":"2023-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12140","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50130089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A memetic algorithm for high-strength covering array generation","authors":"Xu Guo,&nbsp;Xiaoyu Song,&nbsp;Jian-tao Zhou,&nbsp;Feiyu Wang,&nbsp;Kecheng Tang,&nbsp;Zhuowei Wang","doi":"10.1049/sfw2.12138","DOIUrl":"https://doi.org/10.1049/sfw2.12138","url":null,"abstract":"<p>Covering array generation (CAG) is the key research problem in combinatorial testing and is an NP-complete problem. With the increasing complexity of software under test and the need for higher interaction covering strength <i>t</i>, the techniques for constructing high-strength covering arrays are expected. This paper presents a hybrid heuristic memetic algorithm named QSSMA for high-strength CAG problem. The sub-optimal solution acceptance rate is introduced to generate multiple test cases after each iteration to improve the efficiency of constructing high-covering strength test suites. The QSSMA method could successfully build high-strength test suites for some instances where <i>t</i> up to 15 within one day cutoff time and report five new best test suite size records. Extensive experiments demonstrate that QSSMA is a competitive method compared to state-of-the-art methods.</p>","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"538-553"},"PeriodicalIF":1.6,"publicationDate":"2023-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12138","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50130090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Gravitational search algorithm-extreme learning machine for COVID-19 active cases forecasting","authors":"Boyu Huang,&nbsp;Youyi Song,&nbsp;Zhihan Cui,&nbsp;Haowen Dou,&nbsp;Dazhi Jiang,&nbsp;Teng Zhou,&nbsp;Jing Qin","doi":"10.1049/sfw2.12139","DOIUrl":"https://doi.org/10.1049/sfw2.12139","url":null,"abstract":"<p>Corona Virus disease 2019 (COVID-19) has shattered people's daily lives and is spreading rapidly across the globe. Existing non-pharmaceutical intervention solutions often require timely and precise selection of small areas of people for containment or even isolation. Although such containment has been successful in stopping or mitigating the spread of COVID-19 in some countries, it has been criticized as inefficient or ineffective, because of the time-delayed and sophisticated nature of the statistics on determining cases. To address these concerns, we propose a GSA-ELM model based on a gravitational search algorithm to forecast the global number of active cases of COVID-19. The model employs the gravitational search algorithm, which utilises the gravitational law between two particles to guide the motion of each particle to optimise the search for the global optimal solution, and utilises an extreme learning machine to address the effects of nonlinearity in the number of active cases. Extensive experiments are conducted on the statistical COVID-19 dataset from Johns Hopkins University, the MAPE of the authors’ model is 7.79%, which corroborates the superiority of the model to state-of-the-art methods.</p>","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"554-565"},"PeriodicalIF":1.6,"publicationDate":"2023-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12139","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50128533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A case study of environmental considerations and opportunities in cyber physical systems","authors":"Mario Cortes-Cornax,&nbsp;Paula Lago,&nbsp;Claudia Roncancio","doi":"10.1049/sfw2.12130","DOIUrl":"https://doi.org/10.1049/sfw2.12130","url":null,"abstract":"<p>Cyber Physical Systems (CPS) are becoming more ubiquitous, complex and powerful as well as more and more present in our daily life. The inherent benefit and comfort come with an environmental impact at every step of their life-cycle. This impact is significant and unfortunately often ignored today. As cyber-physical systems tend to be ‘invisible’, there is a need for awareness of the underlying infrastructure and required resources, early in the design phases. In this article, the environmental impact considerations in the early stages of the implementation and opportunities to improve design choices with a people-planet-system perspective are discussed. The authors discuss the aspects related to system configuration, data management and the overall goal and functionalities supported by the CPS. Through a specific smart home case, the potential of considering life-cycle assessment of both the devices and data management is illustrated. By explicitly considering different configurations, it will be possible to analyse the environmental impacts of the design decisions. Our research in progress targets a design approach to converge into an equilibrium between utility, performance, and minor environmental impact of smart systems.</p>","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"424-434"},"PeriodicalIF":1.6,"publicationDate":"2023-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12130","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50125208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust Malware identification via deep temporal convolutional network with symmetric cross entropy learning","authors":"Jiankun Sun,&nbsp;Xiong Luo,&nbsp;Weiping Wang,&nbsp;Yang Gao,&nbsp;Wenbing Zhao","doi":"10.1049/sfw2.12137","DOIUrl":"https://doi.org/10.1049/sfw2.12137","url":null,"abstract":"<p>Recent developments in the field of Internet of things (IoT) have aroused growing attention to the security of smart devices. Specifically, there is an increasing number of malicious software (Malware) on IoT systems. Nowadays, researchers have made many efforts concerning supervised machine learning methods to identify malicious attacks. High-quality labels are of great importance for supervised machine learning, but noises widely exist due to the non-deterministic production environment. Therefore, learning from noisy labels is significant for machine learning-enabled Malware identification. In this study, motivated by the symmetric cross entropy with satisfactory noise robustness, the authors propose a robust Malware identification method using temporal convolutional network (TCN). Moreover, word embedding techniques are generally utilised to understand the contextual relationship between the input operation code (opcode) and application programming interface function names. Here, considering the numerous unlabelled samples in real-world intelligent environments, the authors pre-train the TCN model on an unlabelled set using a word embedding method, that is, Word2Vec. In the experiments, the proposed method is compared with several traditional statistical methods and more recent neural networks on a synthetic Malware dataset and a real-world dataset. The performance comparisons demonstrate the better performance and noise robustness of their proposed method, especially that the proposed method can yield the best identification accuracy of 98.75% in real-world scenarios.</p>","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"392-404"},"PeriodicalIF":1.6,"publicationDate":"2023-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12137","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50123778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Proposed ethical framework for software requirements engineering","authors":"Seblewongel E. Biable,&nbsp;Nuno M. Garcia,&nbsp;Dida Midekso","doi":"10.1049/sfw2.12136","DOIUrl":"https://doi.org/10.1049/sfw2.12136","url":null,"abstract":"<p>Requirements engineering is a fundamental process in software development phases. At the same time, it is a difficult phase and exposed many ethical violations. The main purpose is proposing an ethical framework for software requirements engineering that addresses the identified concerns. These concerns include problems associated with a knowledge gap, requirements identification, quality-related concerns, unwillingness to give requirements, and practicing forbidden activities. These concerns are grouped into a category as the proposed framework components. Each of the categories encompasses more than one problem domain. The proposed framework suggests resolving mechanisms as collections of clauses for each of those concerns. An expert evaluation technique is used to validate the proposed framework. The experts are purposefully selected from software industries and institutions. Questionnaires and focus group discussions were used as data-gathering tools for the validation of the proposed framework. The validity (face validity, content validity, and construct validity) and the reliability of the proposed framework were checked. The evaluation results show that the proposed framework has an acceptable range of validity and reliability. The proposed framework can be used as a guideline for software engineers to minimise the occurrence of those identified concerns during the requirements engineering process.</p>","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"526-537"},"PeriodicalIF":1.6,"publicationDate":"2023-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12136","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50122748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CTHP: Selection for adoption of open-source bioinformatics software based on a customised ISO 25010 quality model, three-way decision and Delphi hierarchy process","authors":"Yuqi Li,&nbsp;Yixin Bian,&nbsp;Ziheng Zhang,&nbsp;Song Zhao,&nbsp;Yiqi Liu","doi":"10.1049/sfw2.12134","DOIUrl":"https://doi.org/10.1049/sfw2.12134","url":null,"abstract":"<div>\u0000 \u0000 \u0000 <section>\u0000 \u0000 <p>The ever-growing open-source software tools in different domains increase the difficulty of software selection from the end-users perspective. The process of evaluating, comparing, and selecting open-source solutions is far from trivial. Especially, when additional requirements need to be considered, the existing methodologies will fail to adapt to the new tasks. The objective of this study is to present a solution for dealing with this issue. A novel approach, CTHP, is presented for the evaluation and selection of open-source software in the Bioinformatics domain. First, the ISO 25010 quality model is chosen as the basis. This model is customised according to the special characteristics of the Bioinformatics applications. The customisation is done by extracting the quality factors from the Bioinformatics applications, weighting these factors from the viewpoints of both developers and end-users, and adding them to the model. After that, Three-way Decision and Delphi Hierarchy Process are integrated to assist in the selection for adoption. Finally, as a case study, the proposed approach is applied to assist the decision-making process of two popular natural language processing frameworks in the Bioinformatics area. Our study is a valuable contribution since it provides a systematic way to document the decision-making process and help the researchers and practitioners of Bioinformatics to make better decisions among the alternatives.</p>\u0000 </section>\u0000 </div>","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"17 4","pages":"496-508"},"PeriodicalIF":1.6,"publicationDate":"2023-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/sfw2.12134","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50145616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}