Information and Software Technology最新文献

{"title":"A systematic literature review of agile software development projects","authors":"Soumya Prakash Rath ,&nbsp;Nikunj Kumar Jain ,&nbsp;Gunjan Tomer ,&nbsp;Alok Kumar Singh","doi":"10.1016/j.infsof.2025.107727","DOIUrl":"10.1016/j.infsof.2025.107727","url":null,"abstract":"<div><h3>Context</h3><div>Agile software development (ASD) is gaining prominence as the leading methodology for modern software development organizations because it enables a fast, effective, and customer-centric approach in the current disruptive and dynamic work environment.</div></div><div><h3>Objective</h3><div>Despite increasing interest in ASD as a research area, the extant literature remains scattered and lacks convergence. This study provides a detailed account of all aspects of ASD, including emerging agile concepts, such as agile governance and large-scale agile implementations.</div></div><div><h3>Method</h3><div>A systematic literature review (SLR) technique identifies 208 relevant articles. The study included papers published between 1999 and 2024.</div></div><div><h3>Results</h3><div>This SLR provides a concise overview of the various theories applied in the context of ASD. The study classifies previous literature into numerous different facets of ASD. In addition, the paper has prepared an extensive list of relevant research questions for future investigations in each domain of ASD.</div></div><div><h3>Conclusion</h3><div>This study offers scholars insights into the status of ASD research as well as the current trends in ASD. Furthermore, the proposed future research questions provide researchers with precise direction for delving deeper into different facets of ASD.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107727"},"PeriodicalIF":3.8,"publicationDate":"2025-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143654731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dynamic information utilization for securing Ethereum smart contracts: A literature review","authors":"Tianyuan Hu ,&nbsp;Bixin Li","doi":"10.1016/j.infsof.2025.107719","DOIUrl":"10.1016/j.infsof.2025.107719","url":null,"abstract":"<div><div>Smart contracts, self-executing programs that govern digital assets on blockchain platforms, have gained widespread adoption due to their automation and transparency. However, vulnerabilities in smart contracts can lead to financial losses and reputational damage, making their security a critical concern. Static code auditing methods are prone to false positives and false negatives, as they fail to account for real-time execution conditions. The integration of dynamic information offers a promising avenue for addressing these limitations and enhancing smart contract security. Ethereum, the most widely used blockchain platform, provides a wealth of publicly available data and has attracted significant attention from researchers due to its security problems. This paper presents a systematic mapping study focused on Ethereum, reviewing the existing literature on the use of dynamic information for enhancing the security of smart contracts. It offers a comprehensive overview of security problems, dynamic information types, technical approaches, and validation methods. Furthermore, we examine the implications and limitations of current research and propose future directions for further exploration in the field of Ethereum smart contract protection.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107719"},"PeriodicalIF":3.8,"publicationDate":"2025-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143629118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A software vulnerability detection method based on multi-modality with unified processing","authors":"Wenjing Cai ,&nbsp;Junlin Chen ,&nbsp;Jiaping Yu ,&nbsp;Wei Hu ,&nbsp;Lipeng Gao","doi":"10.1016/j.infsof.2025.107703","DOIUrl":"10.1016/j.infsof.2025.107703","url":null,"abstract":"<div><div>With the development of the Internet and the Internet of Things, software has become an indispensable part, making software vulnerabilities one of the main threats to computer security. In recent years, a multitude of deep learning-based software vulnerability detection methods have been proposed, especially those based on multimodal approaches. Although these multimodal methods have proven to be effective, they often treat each modality separately. We propose a novel multimodal deep learning method for software vulnerability detection that achieves unified processing of various modalities. This method uses complex network analysis to convert the Code Property Graph into an image-like matrix, obtains key fragments from the source code using code slicing, and then uses a Transformer for function-level vulnerability detection. This enables deeper integration of information from multiple modalities, enhancing detection accuracy. Additionally, it significantly simplifies the model architecture. The result shows that compared to the state-of-the-art methods, our method has improved accuracy by 3%. Furthermore, our approach is capable of detecting some of the vulnerabilities recently released by CVE.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107703"},"PeriodicalIF":3.8,"publicationDate":"2025-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143637461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fairness-aware practices from developers’ perspective: A survey","authors":"Gianmario Voria,&nbsp;Giulia Sellitto,&nbsp;Carmine Ferrara,&nbsp;Francesco Abate,&nbsp;Andrea De Lucia,&nbsp;Filomena Ferrucci,&nbsp;Gemma Catolino,&nbsp;Fabio Palomba","doi":"10.1016/j.infsof.2025.107710","DOIUrl":"10.1016/j.infsof.2025.107710","url":null,"abstract":"<div><h3>Context:</h3><div>Machine Learning (ML) technologies have shown great promise in many areas, but when used without proper oversight, they can produce biased results that discriminate against historically underrepresented groups. In recent years, the software engineering research community has contributed to addressing the need for ethical machine learning by proposing a number of fairness-aware practices, e.g., fair data balancing or testing approaches, that may support the management of fairness requirements throughout the software lifecycle. Nonetheless, the actual validity of these practices, in terms of practical application, impact, and effort, from the developers’ perspective has not been investigated yet.</div></div><div><h3>Objective:</h3><div>This paper addresses this limitation, assessing the developers’ perspective of a set of 28 fairness practices collected from the literature.</div></div><div><h3>Methods:</h3><div>We perform a survey study involving 155 practitioners who have been working on the development and maintenance of ML-enabled systems, analyzing the answers via statistical and clustering analysis to group fairness-aware practices based on their application frequency, impact on bias mitigation, and effort required for their application.</div></div><div><h3>Results:</h3><div>While all the practices are deemed relevant by developers, those applied at the early stages of development appear to be the most impactful. More importantly, the effort required to implement the practices is average and sometimes high, with a subsequent average application.</div></div><div><h3>Conclusion:</h3><div>The findings highlight the need for effort-aware automated approaches that ease the application of the available practices, as well as recommendation systems that may suggest when and how to apply fairness-aware practices throughout the software lifecycle.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107710"},"PeriodicalIF":3.8,"publicationDate":"2025-03-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143593490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Unveiling security weaknesses in autonomous driving systems: An in-depth empirical study","authors":"Wenyuan Cheng ,&nbsp;Zengyang Li ,&nbsp;Peng Liang ,&nbsp;Ran Mo ,&nbsp;Hui Liu","doi":"10.1016/j.infsof.2025.107709","DOIUrl":"10.1016/j.infsof.2025.107709","url":null,"abstract":"<div><h3>Context:</h3><div>The advent of Autonomous Driving Systems (ADS) has marked a significant shift towards intelligent transportation, with implications for public safety and traffic efficiency. While these systems integrate a variety of technologies and offer numerous benefits, their security is paramount, as vulnerabilities can have severe consequences for safety and trust.</div></div><div><h3>Objective:</h3><div>This study aims to systematically investigate potential security weaknesses in the codebases of prominent open-source ADS projects using CodeQL, a static code analysis tool. The goal is to identify common vulnerabilities, their distribution and persistence across versions to enhance the security of ADS.</div></div><div><h3>Methods:</h3><div>We selected three representative open-source ADS projects, Autoware, AirSim, and Apollo, based on their high GitHub star counts and Level 4 autonomous driving capabilities. Using CodeQL, we analyzed multiple versions of these projects to identify vulnerabilities, focusing on CWE categories such as CWE-190 (Integer Overflow or Wraparound) and CWE-20 (Improper Input Validation). We also tracked the lifecycle of these vulnerabilities across software versions. This approach allows us to systematically analyze vulnerabilities in projects, which has not been extensively explored in previous ADS research.</div></div><div><h3>Results:</h3><div>Our analysis revealed that specific CWE categories, particularly CWE-190 (59.6%) and CWE-20 (16.1%), were prevalent across the selected ADS projects. These vulnerabilities often persisted for over six months, spanning multiple version iterations. The empirical assessment showed a direct link between the severity of these vulnerabilities and their tangible effects on ADS performance.</div></div><div><h3>Conclusions:</h3><div>These security issues among ADS still remain to be resolved. Our findings highlight the need for integrating static code analysis into ADS development to detect and mitigate common vulnerabilities. Meanwhile, proactive protection strategies, such as regular update of third-party libraries, are essential to improve ADS security. And regulatory bodies can play a crucial role in promoting the use of static code analysis tools and setting industry security standards.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107709"},"PeriodicalIF":3.8,"publicationDate":"2025-03-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143593491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"JIT-CF: Integrating contrastive learning with feature fusion for enhanced just-in-time defect prediction","authors":"Xiaolin Ju ,&nbsp;Yi Cao ,&nbsp;Xiang Chen ,&nbsp;Lina Gong ,&nbsp;Vaskar Chakma ,&nbsp;Xin Zhou","doi":"10.1016/j.infsof.2025.107706","DOIUrl":"10.1016/j.infsof.2025.107706","url":null,"abstract":"<div><h3>Context:</h3><div>Just-in-time defect prediction (JIT-DP) is a crucial process in software development that focuses on identifying potential defects during code changes, facilitating early mitigation and quality assurance. Pre-trained language models like CodeBERT have shown promise in various applications but often struggle to distinguish between defective and non-defective code, especially when dealing with noisy labels.</div></div><div><h3>Objective:</h3><div>The primary aim of this study is to enhance the robustness of pre-trained language models in identifying software defects by developing an innovative framework that leverages contrastive learning and feature fusion.</div></div><div><h3>Method:</h3><div>We introduce JIT-CF, a framework that improves model robustness by employing contrastive learning to maximize similarity within positive pairs and minimize it between negative pairs, thereby enhancing the model’s ability to detect subtle differences in code changes. Additionally, feature fusion is used to combine semantic and expert features, enabling the model to capture richer contextual information. This integrated approach aims to improve the identification and resolution of code defects.</div></div><div><h3>Results:</h3><div>JIT-CF was evaluated using the JIT-Defects4J dataset, which includes 23,379 code commits from 21 projects. The results indicate substantial performance improvements over seven state-of-the-art baselines, with enhancements of up to 13.9% in F1-score, 8% in AUC, and 11% in Recall@20%E. The study also explores the impact of specific customization enhancements, demonstrating the potential for improved just-in-time defect localization.</div></div><div><h3>Conclusion:</h3><div>The proposed JIT-CF framework significantly advances the field of just-in-time defect prediction by effectively addressing the challenges encountered by pre-trained models in distinguishing code defects. The integration of contrastive learning and feature fusion not only enhances the model’s robustness but also leads to notable improvements in prediction accuracy, offering valuable insights for future applications in software development.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107706"},"PeriodicalIF":3.8,"publicationDate":"2025-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143577972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A review of backdoor attacks and defenses in code large language models: Implications for security measures","authors":"Yubin Qu ,&nbsp;Song Huang ,&nbsp;Peng Nie","doi":"10.1016/j.infsof.2025.107707","DOIUrl":"10.1016/j.infsof.2025.107707","url":null,"abstract":"<div><h3>Context:</h3><div>Large Language Models (LLMS) have revolutionized software engineering by bridging human language understanding and complex problem solving. However, resource constraints often lead users to rely on open-source models or third-party platforms for training and prompt engineering, introducing significant security vulnerabilities.</div></div><div><h3>Objective:</h3><div>This study provides a comprehensive analysis of backdoor attacks targeting LLMS in software engineering, with a particular focus on fine-tuning methods. Our work addresses a critical gap in existing literature by proposing a novel three-category framework for backdoor attacks: full-parameter fine-tuning, parameter-efficient fine-tuning, and no-tuning attacks.</div></div><div><h3>Methods:</h3><div>We systematically reviewed existing studies and analyzed attack success rates across different methods. Full-parameter fine-tuning generally achieves high success rates but requires significant computational resources. Parameter-efficient fine-tuning offers comparable success rates with lower resource demands, while no-tuning attacks exhibit variable success rates depending on prompt design, posing unique challenges due to their minimal resource requirements.</div></div><div><h3>Results:</h3><div>Our findings underscore the evolving landscape of backdoor attacks, highlighting the shift towards more resource-efficient and stealthy methods. These trends emphasize the need for advanced detection mechanisms and robust defense strategies.</div></div><div><h3>Conclusion:</h3><div>By focusing on code-specific threats, this study provides unique insights into securing LLMS in software engineering. Our work lays the foundation for future research on developing sophisticated defense mechanisms and understanding stealthy backdoor attacks.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107707"},"PeriodicalIF":3.8,"publicationDate":"2025-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143562207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cascading failure prediction and recovery in large-scale critical infrastructure networks: A survey","authors":"Beibei Li,&nbsp;Wei Hu,&nbsp;Chaoxuan Yuan,&nbsp;Xinxin Wang,&nbsp;Yiwei Li,&nbsp;Yibing Wu","doi":"10.1016/j.infsof.2025.107705","DOIUrl":"10.1016/j.infsof.2025.107705","url":null,"abstract":"<div><h3>Context:</h3><div>Large-scale critical infrastructure (CI) networks are crucial to society but prone to cascading failures due to their dynamic and interconnected characteristics. Recent research focuses on their reliability, using network theories and real-world data to develop recovery functions and crash warning indicators.</div></div><div><h3>Objective:</h3><div>This review evaluates cascading failure prediction and recovery trends, examines verification methods, and addresses challenges in enhancing network reliability and topology recovery within CI systems.</div></div><div><h3>Methods:</h3><div>A comprehensive survey explores cascading failure prediction and recovery from two perspectives: inter-network and inter-module structures. It summarizes recent research trends, common verification platforms, and datasets for predicting and recovering from cascading failures.</div></div><div><h3>Results:</h3><div>The review focuses on low-dimensional static networks, revealing significant challenges in dynamic environments. It underscores the necessity for improved recovery techniques and enhanced network reliability.</div></div><div><h3>Conclusion:</h3><div>This article identifies future research directions and unresolved issues by analyzing existing work in cascading failure prediction and recovery. Understanding cascading failure mechanisms aims to inspire the design of more resilient and reliable network systems, contributing to developing cohesive and low-coupling CI systems.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107705"},"PeriodicalIF":3.8,"publicationDate":"2025-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143550405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Investigating the relationship between coordination strategy and coordination effectiveness in agile software development projects","authors":"Geetha Kanaparan ,&nbsp;Diane E. Strode","doi":"10.1016/j.infsof.2025.107708","DOIUrl":"10.1016/j.infsof.2025.107708","url":null,"abstract":"<div><h3>Context</h3><div>Agile software development (ASD) provides a way to coordinate teams and projects. Coordination is achieved by adopting a set of agile practices; however, these agile practices may differ for each project. The chosen assemblage of practices can be considered an agile project coordination strategy. The current body of knowledge about coordinative practices and theories of coordination in ASD is almost exclusively based on case studies. A validated model is currently lacking.</div></div><div><h3>Objective</h3><div>The objective is to validate a theoretical model to explain coordination in ASD, particularly the relationship between coordination strategy and coordination effectiveness.</div></div><div><h3>Method</h3><div>We validate this relationship based on an international survey of 340 agile practitioners and use PLS-SEM to estimate the relationships.</div></div><div><h3>Results</h3><div>The results show that an agile coordination strategy, that includes synchronisation, structure, and boundary-spanning, has a positive relationship with coordination effectiveness (implicit and explicit). Customer involvement moderates the relationship between coordination strategy and coordination effectiveness. These results are primarily supported by evidence from virtual work arrangements.</div></div><div><h3>Conclusion</h3><div>This research provides a validated coordination theory and information on what agile practices are related to effective coordination in agile software development. This coordination theory can be used to investigate coordination in future agile method variants used in system and software development projects.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107708"},"PeriodicalIF":3.8,"publicationDate":"2025-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143593482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Metaverse Applications: Challenges, Limitations and Opportunities - A Systematic Literature Review","authors":"Elena Enamorado-Díaz ,&nbsp;Julián A. García-García ,&nbsp;María José Escalona-Cuaresma ,&nbsp;David Lizcano-Casas","doi":"10.1016/j.infsof.2025.107701","DOIUrl":"10.1016/j.infsof.2025.107701","url":null,"abstract":"<div><h3>Context:</h3><div>The metaverse, an emerging concept at the intersection of digital technology and society, is gaining relevance in multiple domains, including education, entertainment and healthcare. Shared virtual spaces allow users to interact in innovative ways, but the design and development of these environments pose significant challenges for software engineering teams as well as users.</div></div><div><h3>Objective:</h3><div>The objective of this study is to provide a comprehensive systematic literature review of metaverse applications over the past decade. The review aims to identify key areas of application, technologies employed, virtualized elements, and economic aspects, as well as to explore the objectives, motivations, scope, challenges, and limitations faced in Software Engineering when conceptualizing metaverse environments. Additionally, the study examines the nature, knowledge area, type, and validation of the studies included in the review.</div></div><div><h3>Methods:</h3><div>This study was conducted using the Kitchenham methodology for systematic literature reviews (SLR). A total of 35 primary studies were selected from major scientific databases, including IEEE, ACM Digital Library, PubMed, ScienceDirect, and Scopus. These studies were evaluated to extract relevant data.</div></div><div><h3>Results:</h3><div>We have identified application areas, technologies used, virtualized elements and economic aspects used, as well as the objectives, motivations, scope, challenges and limitations in Software Engineering related to the conceptualization of environments and non-functional characteristics of the metaverse. The nature, area of knowledge, type and validation of the studies chosen in this review are also analyzed.</div></div><div><h3>Conclusion:</h3><div>The study concludes that while the metaverse presents huge opportunities across multiple domains, its development faces significant challenges, particularly in software engineering related to the non-functional aspects of these environments. To address these challenges, future research should focus on the application of the Model Driven Engineering (MDE) paradigm, which could optimize development processes and better manage the complexities of the metaverse.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107701"},"PeriodicalIF":3.8,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143549595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}