Information and Software Technology最新文献

{"title":"Layered microservices architecture: A multitree-based domain-driven approach","authors":"Duc Minh Le ,&nbsp;Duc-Hanh Dang ,&nbsp;Hieu Dinh Vo","doi":"10.1016/j.infsof.2025.107720","DOIUrl":"10.1016/j.infsof.2025.107720","url":null,"abstract":"<div><h3>Context:</h3><div>Domain-driven design is commonly used with microservices architecture to develop complex microservices-based software systems. Layered, tree-based microservices architectures have recently been discussed as a solution to tame the complexity of these systems. However, there exists a knowledge gap in terms of the exact nature of this architecture style and how it is constructed.</div></div><div><h3>Objective:</h3><div>In this paper, we propose a domain-driven multitree microservices architecture (TMSA) to bridge this gap.</div></div><div><h3>Method:</h3><div>We precisely define the TMSA metamodel in UML/OCL. A service is composed of a nested service tree, whose internal nodes are domain-driven modules. Service structure reuse is enabled by unidirectional edges that connect nodes in distinct service trees. The multitree structure provides a scaffolding on which to precisely define service resiliency and TMSA model evolution. We use OCL and the UML communication diagram to model the resiliency patterns and the architectural model evolution.</div></div><div><h3>Results:</h3><div>Our UML/OCL-based metamodel of TMSA provides a foundation on which to define three essential service resiliency patterns and two operators for architectural model evolution. To ease software construction, we further define an annotation-based DSL, named <span>TASL</span>, to specify the TMSA model and a semi-automatic procedure that takes a <span>TASL</span> specification as input and constructs software as the output. We demonstrate TMSA with an implementation in a Java software framework and a real-world software example. We also evaluate the performance, resiliency and modifiability of TMSA. The results show that TMSA possesses the expected levels of quality for these attributes.</div></div><div><h3>Conclusion:</h3><div>Our work provides not only a framework to identify and formally define multitree-based MSAs but a state-of-the-art realisation of this framework in high-level object-oriented programming languages.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"183 ","pages":"Article 107720"},"PeriodicalIF":3.8,"publicationDate":"2025-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143838560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An empirical study on the impact of code duplication-aware refactoring practices on quality metrics","authors":"Eman Abdullah AlOmar","doi":"10.1016/j.infsof.2025.107687","DOIUrl":"10.1016/j.infsof.2025.107687","url":null,"abstract":"<div><h3>Context:</h3><div>Code refactoring is widely recognized as an essential software engineering practice that improves the understandability and maintainability of source code. Several studies attempted to detect refactoring activities through mining software repositories, allowing one to collect, analyze, and get actionable data-driven insights about refactoring practices within software projects.</div></div><div><h3>Objective:</h3><div>Our goal is to identify, among the various quality models presented in the literature, the ones that align with the developer’s vision of eliminating duplicates of code, when they explicitly mention that they refactor the code to improve them.</div></div><div><h3>Method:</h3><div>We extract a corpus of 332 refactoring commits applied and documented by developers during their daily changes from 128 open-source Java projects. In particular, we extract 32 structural metrics from which we identify code duplicate removal commits with their corresponding refactoring operations, as perceived by software engineers. Thereafter, we empirically analyze the impact of these refactoring operations on a set of common state-of-the-art design quality metrics.</div></div><div><h3>Results:</h3><div>The statistical analysis of the results obtained shows that (i) some state-of-the-art metrics are capable of capturing the developer’s intention of removing code duplication; and (ii) some metrics are being more emphasized than others. We confirm that various structural metrics can effectively represent code duplication, leading to different impacts on software quality. Some metrics contribute to improvements, while others may lead to degradation.</div></div><div><h3>Conclusion:</h3><div>Most of the mapped metrics associated with the main quality attributes successfully capture developers’ intentions for removing code duplicates, as is evident from the commit messages. However, certain metrics do not fully capture these intentions.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107687"},"PeriodicalIF":3.8,"publicationDate":"2025-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143680933","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Requirements engineering for older adult digital health software: A systematic literature review","authors":"Yuqing Xiao ,&nbsp;John Grundy ,&nbsp;Anuradha Madugalla","doi":"10.1016/j.infsof.2025.107718","DOIUrl":"10.1016/j.infsof.2025.107718","url":null,"abstract":"<div><h3>Context:</h3><div>Growth of the older adult population has led to an increasing interest in technology-supported aged care. However the area has some challenges such as lack of care givers and limitations in understanding the emotional, social, physical, and mental well-being needs of older adults. Furthermore, there is a gap in the understanding between younger developers and ageing people of their requirements from digital systems. Digital health can play an important role supporting older adults’ well-being, emotional requirements, and social needs.</div></div><div><h3>Objective:</h3><div>We carried out a systematic review of the literature on RE for older adult digital health software. This was necessary to show the representatives of the current stage of understanding the needs of older adults in aged care digital health.</div></div><div><h3>Methods:</h3><div>Using established guidelines we developed a protocol, followed by the systematic search of eight databases. This resulted in 69 primary studies of high relevance, which were subsequently subjected to data extraction, synthesis, and reporting.</div></div><div><h3>Results:</h3><div>This systematic literature review highlights key RE processes used in digital health software for older people. It explored the key features developed for many digital solutions, utilization of technology for older user well-being and care, and the evaluations of proposed solutions. The review also identified key limitations found in existing primary studies that inspire future research opportunities.</div></div><div><h3>Conclusion:</h3><div>Our results indicate that requirements gathering and understanding have a significant variation between different studies. The differences are in the quality, depth, and techniques adopted for requirement gathering and this reason for these differences is largely due to uneven adoption of RE methods.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"183 ","pages":"Article 107718"},"PeriodicalIF":3.8,"publicationDate":"2025-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143735241","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Open source oriented cross-platform survey","authors":"Simeng Yao ,&nbsp;Xunhui Zhang ,&nbsp;Yang Zhang ,&nbsp;Tao Wang","doi":"10.1016/j.infsof.2025.107704","DOIUrl":"10.1016/j.infsof.2025.107704","url":null,"abstract":"<div><h3>Context:</h3><div>Open-source software development has become a widely adopted approach to software creation. However, developers’ activities extend beyond social coding platforms (e.g., GitHub), encompassing social Q&amp;A platforms (e.g., StackOverflow) and social media platforms (e.g., Twitter). Therefore, cross-platform research is essential for a deeper understanding of the nature of software development activities.</div></div><div><h3>Objective:</h3><div>This paper focuses on open-source platforms and systematically summarizes relevant cross-platform research. It aims to assess the current state of cross-platform research and provide insights into the challenges and future developments in this field.</div></div><div><h3>Method:</h3><div>This paper reviews 69 cross-platform research papers related to open-source software from 2013 to 2024, with a focus on several key areas, including platform interconnections, research themes, experimental design methods, challenges and research opportunities.</div></div><div><h3>Results:</h3><div>Through the analysis of 69 papers, we found that cross-platform research primarily involves platforms such as social coding, social Q&amp;A, and social media. Researchers typically rely on information traces, including user personal info, technical info, project/post/bug report metadata, interaction info, to facilitate connections between platforms. Cross-platform research in the open-source domain mainly focuses on problem classification and feature extraction. The predominant research methods include data-driven approaches, qualitative studies, modeling and machine learning, and tool development and implementation. Despite these advancements, common challenges remain, such as subjective evaluation bias in manual data classification, insufficient data source coverage, and inaccurate data recognition. Future research opportunities may focus on increasing the diversity of data sources, improving data recognition accuracy, optimizing data classification methods, and clarifying user skill requirements.</div></div><div><h3>Conclusions:</h3><div>Based on our findings, we propose six future directions for cross-platform research in the open-source domain and provide corresponding recommendations for developers, researchers, and service/tool providers.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107704"},"PeriodicalIF":3.8,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143697634","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A systematic literature review of agile software development projects","authors":"Soumya Prakash Rath ,&nbsp;Nikunj Kumar Jain ,&nbsp;Gunjan Tomer ,&nbsp;Alok Kumar Singh","doi":"10.1016/j.infsof.2025.107727","DOIUrl":"10.1016/j.infsof.2025.107727","url":null,"abstract":"<div><h3>Context</h3><div>Agile software development (ASD) is gaining prominence as the leading methodology for modern software development organizations because it enables a fast, effective, and customer-centric approach in the current disruptive and dynamic work environment.</div></div><div><h3>Objective</h3><div>Despite increasing interest in ASD as a research area, the extant literature remains scattered and lacks convergence. This study provides a detailed account of all aspects of ASD, including emerging agile concepts, such as agile governance and large-scale agile implementations.</div></div><div><h3>Method</h3><div>A systematic literature review (SLR) technique identifies 208 relevant articles. The study included papers published between 1999 and 2024.</div></div><div><h3>Results</h3><div>This SLR provides a concise overview of the various theories applied in the context of ASD. The study classifies previous literature into numerous different facets of ASD. In addition, the paper has prepared an extensive list of relevant research questions for future investigations in each domain of ASD.</div></div><div><h3>Conclusion</h3><div>This study offers scholars insights into the status of ASD research as well as the current trends in ASD. Furthermore, the proposed future research questions provide researchers with precise direction for delving deeper into different facets of ASD.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107727"},"PeriodicalIF":3.8,"publicationDate":"2025-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143654731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Personalization goals for run-time adaptation of IoT-based assistance applications for the elderly","authors":"Luca Sabatucci,&nbsp;Claudia Di Napoli","doi":"10.1016/j.infsof.2025.107721","DOIUrl":"10.1016/j.infsof.2025.107721","url":null,"abstract":"<div><h3>Context:</h3><div>the increasing demand for Ambient Assisted Living (AAL) applications has led to the need for personalized assistive tasks that can adapt to individual users’ needs.</div></div><div><h3>Objectives:</h3><div>we aim to balance design-time personalization with techniques of run-time adaptation for designing and executing assistive AAL applications, personalized to both users’ specific needs and environmental conditions.</div></div><div><h3>Methods:</h3><div>we propose a personalization process based on: (1) representing assistive tasks as workflows initially defined at a high level of abstraction that specifies their functional components, (2) providing an instrument for specifying how to customize these workflows for individual users, and (3) a supporting architecture that enables the run-time transformation of high-level specifications into executable workflows.</div></div><div><h3>Results:</h3><div>our empirical evaluation demonstrates that the proposed personalization goals effectively support designers in creating adaptable workflows, showing improved quality scores in personalization compared to traditional BPMN practices, without increasing design effort. Performance analysis also shows the feasibility of our run-time adaptation approach with linear scaling as the number of personalization goals increases.</div></div><div><h3>Conclusion:</h3><div>a personalization process for modelling personalizable workflows may be a flexible instrument for designers to conceive assistive applications that are automatically adapted to individual users’ needs at run-time, allowing for balancing the benefits of design-time and run-time personalization techniques.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107721"},"PeriodicalIF":3.8,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143680935","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Beyond domain dependency in security requirements identification","authors":"Francesco Casillo,&nbsp;Vincenzo Deufemia,&nbsp;Carmine Gravino","doi":"10.1016/j.infsof.2025.107702","DOIUrl":"10.1016/j.infsof.2025.107702","url":null,"abstract":"<div><h3>Context:</h3><div>Early security requirements identification is crucial in software development, facilitating the integration of security measures into IT networks and reducing time and costs throughout software life-cycle.</div></div><div><h3>Objectives:</h3><div>This paper addresses the limitations of existing methods that leverage Natural Language Processing (NLP) and machine learning techniques for detecting security requirements. These methods often fall short in capturing syntactic and semantic relationships, face challenges in adapting across domains, and rely heavily on extensive domain-specific data. In this paper we focus on identifying the most effective approaches for this task, highlighting both domain-specific and domain-independent strategies.</div></div><div><h3>Method:</h3><div>Our methodology encompasses two primary streams of investigation. First, we explore shallow machine learning techniques, leveraging word embeddings. We test ensemble methods and grid search within and across domains, evaluating on three industrial datasets. Next, we develop several domain-independent models based on BERT, tailored to better detect security requirements by incorporating data on software weaknesses and vulnerabilities.</div></div><div><h3>Results:</h3><div>Our findings reveal that ensemble and grid search methods prove effective in domain-specific and domain-independent experiments, respectively. However, our custom BERT models showcase domain independence and adaptability. Notably, the CweCveCodeBERT model excels in Precision and F1-score, outperforming existing approaches significantly. It improves F1-score by <span><math><mo>∼</mo></math></span>3% and Precision by <span><math><mo>∼</mo></math></span>14% over the best approach currently in the literature.</div></div><div><h3>Conclusion:</h3><div>BERT-based models, especially with specialized pre-training, show promise for automating security requirement detection. This establishes a foundation for software engineering researchers and practitioners to utilize advanced NLP to improve security in early development phases, fostering the adoption of these state-of-the-art methods in real-world scenarios.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107702"},"PeriodicalIF":3.8,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143680934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Requirements engineering for no-code development (RE4NCD): Case studies of rapid application development during crisis","authors":"Meira Levy ,&nbsp;Irit Hadar","doi":"10.1016/j.infsof.2025.107724","DOIUrl":"10.1016/j.infsof.2025.107724","url":null,"abstract":"<div><h3>Context</h3><div>In recent years, a new development approach has emerged, for rapid application development (RAD) supported by platforms that enable low or no-code development (NCD). This approach is designed for developers with limited or no coding expertise and for achieving a very short time-to-deployment. The requirements engineering (RE) and design phases are typically omitted during RAD, thus posing challenges in ensuring a rigorous, sustainable, and flexible application.</div></div><div><h3>Objective</h3><div>To propose an RE method for NCD (RE4NCD) that would respect the limitations in which NCD is conducted yet ensure more rigorous development and outcome.</div></div><div><h3>Method</h3><div>A participatory case study aimed to explore RAD processes as performed with the \"Monday\" NCD platform and, accordingly, to develop the RE4NCD method. This study was followed by multiple (non-participatory) case studies for the refinement and validation of the proposed method. All case studies focused on civilian management systems that were developed rapidly during a time of war and included qualitative data collection and thematic analysis.</div></div><div><h3>Results</h3><div>The thematic analysis resulted in categories of RE activities to be included in the RE4NCD method, leading to its construction in the first case study, and its refinement and validation in the follow-up case studies.</div></div><div><h3>Conclusion</h3><div>The paper highlights the theoretical and practical implications of RE4NCD, underscoring the potential transformative impact of NCD on the software development industry. It also proposes future research aimed at refining and validating the RE4NCD method, tracking the adoption and evolution of applications in diverse organizations, and applying the method to additional case studies for evaluation and validation.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107724"},"PeriodicalIF":3.8,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143680937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dynamic information utilization for securing Ethereum smart contracts: A literature review","authors":"Tianyuan Hu ,&nbsp;Bixin Li","doi":"10.1016/j.infsof.2025.107719","DOIUrl":"10.1016/j.infsof.2025.107719","url":null,"abstract":"<div><div>Smart contracts, self-executing programs that govern digital assets on blockchain platforms, have gained widespread adoption due to their automation and transparency. However, vulnerabilities in smart contracts can lead to financial losses and reputational damage, making their security a critical concern. Static code auditing methods are prone to false positives and false negatives, as they fail to account for real-time execution conditions. The integration of dynamic information offers a promising avenue for addressing these limitations and enhancing smart contract security. Ethereum, the most widely used blockchain platform, provides a wealth of publicly available data and has attracted significant attention from researchers due to its security problems. This paper presents a systematic mapping study focused on Ethereum, reviewing the existing literature on the use of dynamic information for enhancing the security of smart contracts. It offers a comprehensive overview of security problems, dynamic information types, technical approaches, and validation methods. Furthermore, we examine the implications and limitations of current research and propose future directions for further exploration in the field of Ethereum smart contract protection.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107719"},"PeriodicalIF":3.8,"publicationDate":"2025-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143629118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A software vulnerability detection method based on multi-modality with unified processing","authors":"Wenjing Cai ,&nbsp;Junlin Chen ,&nbsp;Jiaping Yu ,&nbsp;Wei Hu ,&nbsp;Lipeng Gao","doi":"10.1016/j.infsof.2025.107703","DOIUrl":"10.1016/j.infsof.2025.107703","url":null,"abstract":"<div><div>With the development of the Internet and the Internet of Things, software has become an indispensable part, making software vulnerabilities one of the main threats to computer security. In recent years, a multitude of deep learning-based software vulnerability detection methods have been proposed, especially those based on multimodal approaches. Although these multimodal methods have proven to be effective, they often treat each modality separately. We propose a novel multimodal deep learning method for software vulnerability detection that achieves unified processing of various modalities. This method uses complex network analysis to convert the Code Property Graph into an image-like matrix, obtains key fragments from the source code using code slicing, and then uses a Transformer for function-level vulnerability detection. This enables deeper integration of information from multiple modalities, enhancing detection accuracy. Additionally, it significantly simplifies the model architecture. The result shows that compared to the state-of-the-art methods, our method has improved accuracy by 3%. Furthermore, our approach is capable of detecting some of the vulnerabilities recently released by CVE.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107703"},"PeriodicalIF":3.8,"publicationDate":"2025-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143637461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}