Journal of Systems and Software最新文献

{"title":"CodeSpeak: Improving smart contract vulnerability detection via LLM-assisted code analysis","authors":"Shuyu Chang ,&nbsp;Chen Geng ,&nbsp;Haiping Huang ,&nbsp;Rui Wang ,&nbsp;Qi Li ,&nbsp;Yang Zhang","doi":"10.1016/j.jss.2025.112635","DOIUrl":"10.1016/j.jss.2025.112635","url":null,"abstract":"<div><div>Smart contracts play a crucial role in blockchain technology, but their security remains vulnerable to various threats. While deep learning approaches have shown promise in vulnerability detection, they often require complex graph constructions that complicate the detection process. Large language models (LLMs) offer powerful code comprehension capabilities, but their direct application to vulnerability detection often yields inconsistent or unreliable results. To address these challenges, we introduce CodeSpeak, a novel framework that enhances smart contract vulnerability detection by leveraging LLM-assisted code analysis. Our approach first eliminates redundant code statements to focus on security-critical sections. We then leverage LLMs with designed domain-specific instructions that simulate security expert auditing practices. These instructions serve as intermediate representations that bridge the gap between natural language and vulnerability patterns. CodeSpeak processes this analysis by LLMs and creates structured prompt templates with these results, which are used to train a detection model. Compared to deep learning approaches, this framework offers a more intuitive solution while maintaining high detection effectiveness. Extensive experiments conducted on four types of vulnerabilities (<em>Reentrancy</em>, <em>Timestamp</em>, <em>Overflow/Underflow</em>, and <em>Delegatecall</em>) demonstrate the effectiveness of our approach. Our framework also demonstrates strong adaptability to new vulnerability types with minimal training samples, and provides a cost-effective solution for practical deployment. Moreover, a user study with developers shows CodeSpeak reduces detection time by 98.7% compared to manual analysis while maintaining superior accuracy. These improvements highlight the potential of LLM-assisted code analysis in smart contract security assessment.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112635"},"PeriodicalIF":4.1,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145105391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Generative AI for software architecture. Applications, challenges, and future directions","authors":"Matteo Esposito ,&nbsp;Xiaozhou Li ,&nbsp;Sergio Moreschini ,&nbsp;Noman Ahmad ,&nbsp;Tomas Cerny ,&nbsp;Karthik Vaidhyanathan ,&nbsp;Valentina Lenarduzzi ,&nbsp;Davide Taibi","doi":"10.1016/j.jss.2025.112607","DOIUrl":"10.1016/j.jss.2025.112607","url":null,"abstract":"<div><h3>Context:</h3><div>Generative Artificial Intelligence (GenAI) is transforming much of software development, yet its application in software architecture is still in its infancy.</div></div><div><h3>Aim:</h3><div>Systematically synthesize the use, rationale, contexts, usability, and challenges of GenAI in software architecture.</div></div><div><h3>Method:</h3><div>Multivocal literature review (MLR), analyzing peer-reviewed and gray literature, identifying current practices, models, adoption contexts, reported challenges, and extracting themes via open coding.</div></div><div><h3>Results:</h3><div>This review identifies a significant adoption of GenAI for architectural decision support and architectural reconstruction. OpenAI GPT models are predominantly applied, and there is consistent use of techniques such as few-shot prompting and retrieval-augmented generation (RAG). GenAI has been applied mostly to the initial stages of the Software Architecture Life Cycle (SALC), such as Requirements-to-Architecture and Architecture-to-Code. Monolithic and microservice architectures were the main targets. However, rigorous testing of GenAI outputs was typically missing from the studies. Among the most frequent challenges are model precision, hallucinations, ethical aspects, privacy issues, lack of architecture-specific datasets, and the absence of sound evaluation frameworks.</div></div><div><h3>Conclusions:</h3><div>GenAI shows significant potential in software design, but there are several challenges on its way towards greater adoption. Research efforts should target designing general evaluation methodologies, handling ethics and precision, increasing transparency and explainability, and promoting architecture-specific datasets and benchmarks to overcome the gap between theoretical possibility and practical use.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112607"},"PeriodicalIF":4.1,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Code Less to Code More","authors":"Federico Bruzzone,&nbsp;Walter Cazzola,&nbsp;Luca Favalli","doi":"10.1016/j.jss.2025.112554","DOIUrl":"10.1016/j.jss.2025.112554","url":null,"abstract":"<div><div>Developing editing support for <span><math><mi>L</mi></math></span> languages in <span><math><mi>E</mi></math></span> editors is complex and time-consuming. Some languages do not provide dedicated editors, while others offer a single native editor. The <em>language server protocol</em> (LSP) reduces the language-editor combinations <span><math><mrow><mi>L</mi><mo>×</mo><mi>E</mi></mrow></math></span> to <span><math><mrow><mi>L</mi><mo>+</mo><mi>E</mi></mrow></math></span>, where a single language server communicates with editors via LSP plugins. However, overlapping implementations of linguistic components remain an issue. Existing language workbenches struggle with modularity, reusability, and leveraging type systems for language server generation. In this work, we propose: (i) Typelang, a family of domain-specific languages for modular, composable, and reusable type system implementation, (ii) a modular language server generation process, producing servers for languages built in a modular workbench, (iii) the variant-oriented programming paradigm and a cross-artifact coordination layer to manage interdependent software variants, and (iv) an LSP plugin generator, reducing <span><math><mi>E</mi></math></span> to <span><math><mi>1</mi></math></span> by automating plugin creation for multiple editors. To simplify editing support for language families, each language artifact integrates its own Typelang variant, used to generate language servers. This reduces combinations to <span><math><mrow><mi>T</mi><mo>×</mo><mi>1</mi></mrow></math></span>, where <span><math><mrow><mi>T</mi><mo>=</mo><mi>L</mi></mrow></math></span> represents the number of type systems. Further reuse of language artifacts across languages lowers this to <span><math><mrow><mi>N</mi><mo>×</mo><mi>1</mi></mrow></math></span>, where <span><math><mrow><mi>N</mi><mo>&lt;</mo><mo>&lt;</mo><mi>T</mi></mrow></math></span>, representing unique type systems. We implement Typelang in Neverlang, generating language servers for each artifact and LSP plugins for three editors. Empirical evaluation shows a 93.48% reduction in characters needed for type system implementation and 100% automation of LSP plugin generation, significantly lowering effort for editing support in language families, especially when artifacts are reused.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112554"},"PeriodicalIF":4.1,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leveraging multi-task learning to fine-tune RoBERTa for self-admitted technical debt identification and classification","authors":"Yihang Xu,&nbsp;Dongjin Yu,&nbsp;Xin Chen,&nbsp;Quanxin Yang,&nbsp;Sixuan Wang,&nbsp;Wangliang Yan","doi":"10.1016/j.jss.2025.112629","DOIUrl":"10.1016/j.jss.2025.112629","url":null,"abstract":"<div><div>Self-Admitted Technical Debt (SATD) detection aims to identify whether a code comment explicitly admits technical debt and classify its specific type. Existing research largely treats identification and classification as separate tasks, with classification-focused approaches suffering from Out-Of-Vocabulary (OOV) issues and relatively low macro-averaged <span><math><msub><mrow><mi>F</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span>-score. To address these challenges, this paper presents FRoM, a unified and efficient approach that integrates SATD identification and classification into a single pipeline. Specifically, FRoM employs a byte-level tokenizer to effectively mitigate OOV problems and leverages multi-task learning to fine-tune a pre-trained model for improved classification performance. Additionally, FRoM incorporates a novel undersampling technique to remove semantically similar non-SATD samples, reducing the time required for fine-tuning. Empirical evaluations on two datasets, comprising 38,902 and 2,528 comments respectively, demonstrate that FRoM achieves state-of-the-art performance in both identification and classification tasks. Furthermore, a case study highlights that our deployed tool, FRoMD, exhibits competitive performance compared to ChatGPT-4o. The dataset and the code are available at <span><span>https://github.com/HduDBSI/FRoM</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112629"},"PeriodicalIF":4.1,"publicationDate":"2025-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145118303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Establishing technical debt management — A five-step workshop approach and an action research study","authors":"Marion Wiese ,&nbsp;Kamila Serwa ,&nbsp;Anastasia Besier ,&nbsp;Ariane S. Marion-Jetten ,&nbsp;Eva Bittner","doi":"10.1016/j.jss.2025.112606","DOIUrl":"10.1016/j.jss.2025.112606","url":null,"abstract":"<div><h3>Context:</h3><div>Technical debt (TD) items are constructs in a software system providing short-term benefits but hindering future changes. TD management (TDM) is frequently researched but rarely adopted in practice.</div></div><div><h3>Goal:</h3><div>This study aimed to establish a TDM process in an IT company based on a predefined workshop concept. We analyzed which research approaches practitioners adopted for each TD activity and the TDM’s long-term effect on TD awareness.</div></div><div><h3>Method:</h3><div>We used action research (fiveaction cycles in 16months) with an IT team that creates IT solutions for signal processing. To examine TD awareness, we (1) analyzed questionnaires completed during each workshop, (2) observed team meetings, (3) adopted a method from psychology for measuring awareness in decision-making situations called TD-SAGAT, and (4) evaluated the backlog data.</div></div><div><h3>Results:</h3><div>Practitioners preferred TD repayment and prioritization based on the system’s evolution and cost calculations, i.e., repayment of so-called low-hanging fruits. Reminders in the backlog items, such as checkboxes or text templates, led to a sustainable rise in TD awareness.</div></div><div><h3>Conclusions:</h3><div>We showed that a workshop-based approach is feasible and leads to sustainable process changes. New ideas for TDM applicable to other IT teams emerged, e.g., using a <em>re-submission date</em>, using a <em>Talked about TD</em> checkbox, and using visualizations for TD prioritization.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112606"},"PeriodicalIF":4.1,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145060461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An empirical study of CGO usage in Go projects — Distribution, purposes, patterns and critical issues","authors":"Jinbao Chen,&nbsp;Boyao Ding,&nbsp;Yu Zhang,&nbsp;Qingwei Li,&nbsp;Fugen Tang","doi":"10.1016/j.jss.2025.112601","DOIUrl":"10.1016/j.jss.2025.112601","url":null,"abstract":"<div><div>Multilingual software development integrates multiple languages into a single application, with the Foreign Function Interface (FFI) enabling seamless interaction. While FFI boosts efficiency and extensibility, it also introduces risks. Existing studies focus on FFIs in languages like Python and Java, neglecting CGO, the emerging FFI in Go, which poses unique risks.</div><div>To address these concerns, we conduct an empirical study of CGO usage across 920 open-source Go projects. Our study aims to reveal the distribution, patterns, purposes, and critical issues associated with CGO, offering insights for developers and the Go team. We develop <em>CGOAnalyzer</em>, a tool to efficiently identify and quantify CGO-related features. Our findings reveal that: (1) 11.3% of analyzed Go projects utilize CGO, with usage concentrated in a subset of projects; (2) CGO serves 4 primary purposes, including system-level interactions and performance optimizations, with 15 distinct usage patterns observed; (3) 19 types of CGO-related issues exist, including one critical issue involving unnecessary pointer checks that pose risks of runtime crashes due to limitations in the current Go compilation toolchain; (4) a temporary solution reduces unnecessary pointer checks, mitigating crash risks, and (5) we submitted a proposal to improve the Go toolchain for a permanent fix, which has been grouped within an accepted proposal for future resolution. Our findings provide valuable insights for developers and the Go team, enhancing development efficiency and reliability while improving the robustness of the Go toolchain.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112601"},"PeriodicalIF":4.1,"publicationDate":"2025-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145057096","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Studying SATD in drone systems with Human-AI collaboration","authors":"Leevi Rantala ,&nbsp;Lwin Khin Shar ,&nbsp;Mika V. Mäntylä ,&nbsp;Wei Minn ,&nbsp;Yan Naing Tun","doi":"10.1016/j.jss.2025.112625","DOIUrl":"10.1016/j.jss.2025.112625","url":null,"abstract":"<div><h3>Background:</h3><div>Self-Admitted Technical Debt (SATD) refers to sub-optimal solutions that developers acknowledge within the source code. SATD research originated on Java projects but is expanding to other domains. We focus on SATD in drones, which are used for various critical tasks.</div></div><div><h3>Aims:</h3><div>The primary objective is to investigate SATD in drone systems. The second aim is to explore the integration of AI and human collaboration for SATD labelling and classification.</div></div><div><h3>Method:</h3><div>Method: We conducted a sample study of SATD comments in drone systems (14 open source, 4 SDKs) to analyse the quantity and types of SATD comments present. Our study incorporates collaboration between AI and humans by utilising LLM for SATD classification. Additionally, we classified a sample of 385 SATD comments as either drone-specific or non-drone-specific.</div></div><div><h3>Results:</h3><div>The most prevalent SATD categories in drone software are Code Debt (35%), Unclassifiable Debt (16%), and Design Debt (15%). We found that 22% of SATD is specific to drones. Drone-specific SATD is proportionally more focused on Requirements and Design Debt compared to non-drone-specific SATD. We found that using both human and LLM for SATD classification can improve accuracy, as both LLM and human revised their initial ratings. After two rounds, a “near-perfect agreement” (Fleiss’ kappa 0.83) was achieved.</div></div><div><h3>Conclusions:</h3><div>Future studies should investigate whether our observation that domain-specific (drone) SATD comments relate more to Requirement Debt holds true in other domains. We propose a workflow that integrates AI into classification tasks, enhancing the accuracy of both human and AI classifications.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112625"},"PeriodicalIF":4.1,"publicationDate":"2025-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145105458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"GLA-SDP: A novel attention-based semantic and static feature fusion method using GCN and LSTM for software defect prediction","authors":"Haining Meng ,&nbsp;Han Wu ,&nbsp;Xiaoqing Li ,&nbsp;Xinhong Hei","doi":"10.1016/j.jss.2025.112630","DOIUrl":"10.1016/j.jss.2025.112630","url":null,"abstract":"<div><div>Software defect prediction (SDP) is crucial for improving software quality and optimizing resource allocation by identifying potential defects at early development stages. Traditional SDP methods rely on manually crafted static features, which often fail to capture the semantic and contextual information in code. Recent advances using abstract syntax trees (ASTs) have improved semantic feature extraction, yet they often neglect structural dependencies and lack effective integration with static features. To address these limitations, this study proposes GLA-SDP, a novel defect prediction model that fuses features through the integration of Graph Convolutional Networks (GCNs), Long Short-Term Memory (LSTM) networks, and an additive attention fusion mechanism. Specifically, a recursive AST-to-graph construction method is designed to extract rich semantic features using GCNs, while LSTMs are employed to capture sequential patterns from static code metrics. Furthermore, an attention-based fusion mechanism dynamically weight and combine semantic and static features, preserving their complementary importance in defect prediction. Extensive experiments on eight Java projects from the PROMISE dataset and four C-language projects from the Devign dataset demonstrate that GLA-SDP consistently outperforms state-of-the-art baselines, achieving average improvements of 37 % in F1-score and 24 % in MCC. These results highlight the superior accuracy and practical applicability of the proposed approach.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112630"},"PeriodicalIF":4.1,"publicationDate":"2025-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145105457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From attack descriptions to vulnerabilities: A sentence transformer-based approach","authors":"Refat Othman ,&nbsp;Diaeddin Rimawi ,&nbsp;Bruno Rossi ,&nbsp;Barbara Russo","doi":"10.1016/j.jss.2025.112615","DOIUrl":"10.1016/j.jss.2025.112615","url":null,"abstract":"<div><div>In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures (CVE) reports. Establishing a connection between attacks and vulnerabilities is essential for enabling timely incident response, as it provides defenders with immediate, actionable insights. However, manually mapping attacks to CVEs is infeasible, thereby motivating the need for automation. This paper evaluates 14 state-of-the-art (SOTA) sentence transformers for automatically identifying vulnerabilities from textual descriptions of attacks. Our results demonstrate that the <span>multi-qa-mpnet-base-dot-v1 (MMPNet)</span> model achieves superior classification performance when using attack Technique descriptions, with an F<span><math><msub><mrow></mrow><mrow><mn>1</mn></mrow></msub></math></span>-score of 89.0, precision of 84.0, and recall of 94.7. Furthermore, it was observed that, on average, 56% of the vulnerabilities identified by the <span>MMPNet</span> model are also represented within the CVE repository in conjunction with an attack, while 61% of the vulnerabilities detected by the model correspond to those cataloged in the CVE repository. A manual inspection of the results revealed the existence of 275 predicted links that were not documented in the MITRE repositories. Consequently, the automation of linking attack techniques to vulnerabilities not only enhances the detection and response capabilities related to software security incidents but also diminishes the duration during which vulnerabilities remain exploitable, thereby contributing to the development of more secure systems.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112615"},"PeriodicalIF":4.1,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145057094","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Managing security issues in software containers: From practitioners’ perspective","authors":"Maha Sroor ,&nbsp;Rahul Mohanani ,&nbsp;Ricardo Colomo-Palacios ,&nbsp;Sandun Dasanayake ,&nbsp;Tommi Mikkonen","doi":"10.1016/j.jss.2025.112616","DOIUrl":"10.1016/j.jss.2025.112616","url":null,"abstract":"<div><div>Software development industries are increasingly adopting containers to enhance the scalability and flexibility of applications. Security in containerized projects is a critical challenge that can lead to data breaches and performance degradation, thereby directly affecting the reliability and operations of the container services. Despite the ongoing effort to manage the security issues in containerized projects in SE research, more investigations are needed to explore the human perspective of security management in containerized projects. This research aims to explore security management in containerized projects by exploring how SE practitioners manage the security issues in containerized projects. A clear understanding of security management in containerized projects will enable industries to develop robust security strategies that enhance software reliability and trust. To achieve this, we conducted two semi-structured interview studies to examine how practitioners approach security management. The first study focused on practitioners’ perceptions of security challenges in containerized environments, where we interviewed 15 participants between December 2022 and October 2023. The second study explored how to address security issues, with 20 participants interviewed between October 2024 and December 2024. Data analysis reveals how SE practitioners address the various security challenges in containerized projects. Our analysis also identified the technical and non-technical enablers that can be utilized to enhance security in containerized projects. Overall, we propose a conceptual model that visualizes how practitioners manage security issues in containerized projects. We argue that our proposed model will guide practitioners in making informed decisions to plan, develop, and deploy secure container systems.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112616"},"PeriodicalIF":4.1,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145057095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}