Information and Software Technology最新文献

筛选
英文 中文
Naming the Pain in machine learning-enabled systems engineering 命名机器学习系统工程中的痛点
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-08-10 DOI: 10.1016/j.infsof.2025.107866
Marcos Kalinowski , Daniel Mendez , Görkem Giray , Antonio Pedro Santos Alves , Kelly Azevedo , Tatiana Escovedo , Hugo Villamizar , Helio Lopes , Teresa Baldassarre , Stefan Wagner , Stefan Biffl , Jürgen Musil , Michael Felderer , Niklas Lavesson , Tony Gorschek
{"title":"Naming the Pain in machine learning-enabled systems engineering","authors":"Marcos Kalinowski ,&nbsp;Daniel Mendez ,&nbsp;Görkem Giray ,&nbsp;Antonio Pedro Santos Alves ,&nbsp;Kelly Azevedo ,&nbsp;Tatiana Escovedo ,&nbsp;Hugo Villamizar ,&nbsp;Helio Lopes ,&nbsp;Teresa Baldassarre ,&nbsp;Stefan Wagner ,&nbsp;Stefan Biffl ,&nbsp;Jürgen Musil ,&nbsp;Michael Felderer ,&nbsp;Niklas Lavesson ,&nbsp;Tony Gorschek","doi":"10.1016/j.infsof.2025.107866","DOIUrl":"10.1016/j.infsof.2025.107866","url":null,"abstract":"<div><h3>Context:</h3><div>Machine learning (ML)-enabled systems are being increasingly adopted by companies aiming to enhance their products and operational processes.</div></div><div><h3>Objective:</h3><div>This paper aims to deliver a comprehensive overview of the current status quo of engineering ML-enabled systems and lay the foundation to steer practically relevant and problem-driven academic research.</div></div><div><h3>Method:</h3><div>We conducted an international survey to collect insights from practitioners on the current practices and problems in engineering ML-enabled systems. We received 188 complete responses from 25 countries. We conducted quantitative statistical analyses on contemporary practices using bootstrapping with confidence intervals and qualitative analyses on the reported problems using open and axial coding procedures.</div></div><div><h3>Results:</h3><div>Our survey results reinforce and extend existing empirical evidence on engineering ML-enabled systems, providing additional insights into typical ML-enabled systems project contexts, the perceived relevance and complexity of ML life cycle phases, and current practices related to problem understanding, model deployment, and model monitoring. Furthermore, the qualitative analysis provides a detailed map of the problems practitioners face within each ML life cycle phase and the problems causing overall project failure.</div></div><div><h3>Conclusions:</h3><div>The results contribute to a better understanding of the status quo and problems in practical environments. We advocate for the further adaptation and dissemination of software engineering practices to enhance the engineering of ML-enabled systems.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107866"},"PeriodicalIF":4.3,"publicationDate":"2025-08-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144809939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Software Defect Prediction evaluation: New metrics based on the ROC curve 软件缺陷预测评估:基于ROC曲线的新度量
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-08-09 DOI: 10.1016/j.infsof.2025.107865
Luigi Lavazza, Sandro Morasca, Gabriele Rotoloni
{"title":"Software Defect Prediction evaluation: New metrics based on the ROC curve","authors":"Luigi Lavazza,&nbsp;Sandro Morasca,&nbsp;Gabriele Rotoloni","doi":"10.1016/j.infsof.2025.107865","DOIUrl":"10.1016/j.infsof.2025.107865","url":null,"abstract":"<div><h3>Context:</h3><div>ROC (Receiver Operating Characteristic) curves are widely used to represent how well fault-proneness models (e.g., probability models) classify software modules as faulty or non-faulty. <em>AUC</em>, the Area Under the ROC Curve, is usually used to quantify the overall discriminating power of a fault-proneness model. Alternative indicators proposed, e.g., <em>RRA</em> (Ratio of Relevant Areas), consider the area under a portion of a ROC curve. Each point of a ROC curve represents a binary classifier, obtained by setting a specified threshold on the fault-proneness model. Several performance metrics (Precision, Recall, the F-score, etc.) are used to assess a binary classifier.</div></div><div><h3>Objectives:</h3><div>We investigate the relationships linking “under the ROC curve area” indicators such as <em>AUC</em> and <em>RRA</em> to performance metrics.</div></div><div><h3>Methods:</h3><div>We study these relationships analytically. We introduce iso-PM ROC curves, whose points have the same value <span><math><mover><mrow><mi>P</mi><mi>M</mi></mrow><mo>¯</mo></mover></math></span> for a given performance metric PM. When evaluating a ROC curve, we identify the iso-PM curve with the same value of <em>AUC</em> or <em>RRA</em>. Its <span><math><mover><mrow><mi>P</mi><mi>M</mi></mrow><mo>¯</mo></mover></math></span> can be seen as a property of the ROC curve and fault-proneness model under evaluation.</div></div><div><h3>Results:</h3><div>There is an S-shaped relationship between <span><math><mover><mrow><mi>P</mi><mi>M</mi></mrow><mo>¯</mo></mover></math></span> and <em>AUC</em> for performance metrics that do not depend on the proportion <span><math><mi>ρ</mi></math></span> of faulty modules, i.e., dataset balancedness. <span><math><mi>ϕ</mi></math></span> (Matthews Correlation Coefficient) depends on <span><math><mi>ρ</mi></math></span>: with very imbalanced datasets, <em>AUC</em> appears over-optimistic and <span><math><mi>ϕ</mi></math></span> over-pessimistic. <em>RRA</em> defines the region of interest in terms of <span><math><mi>ρ</mi></math></span>, so all performance metrics depend on <span><math><mi>ρ</mi></math></span>. <em>RRA</em> is related to performance metrics via S-shaped curves.</div></div><div><h3>Conclusion:</h3><div>Our proposal helps gain a better quantitative understanding of the goodness of a ROC curve, especially in practically relevant regions of interest. Also, showing a ROC curve and iso-PM curves provides an intuitive perception of the goodness of a fault-proneness model.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107865"},"PeriodicalIF":4.3,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144826948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
FVulPri: Fine-grained vulnerability prioritization based on BERT-BGRU and multiple indicators FVulPri:基于BERT-BGRU和多指标的细粒度漏洞优先级
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-08-07 DOI: 10.1016/j.infsof.2025.107853
Sixuan Wang, Dongjin Yu, Xiongjie Liang, Chen Huang
{"title":"FVulPri: Fine-grained vulnerability prioritization based on BERT-BGRU and multiple indicators","authors":"Sixuan Wang,&nbsp;Dongjin Yu,&nbsp;Xiongjie Liang,&nbsp;Chen Huang","doi":"10.1016/j.infsof.2025.107853","DOIUrl":"10.1016/j.infsof.2025.107853","url":null,"abstract":"<div><h3>Introduction:</h3><div>Extensive efforts have been made to mitigate the impact of software vulnerabilities on information security. The researchers aim to prioritize vulnerabilities after they are disclosed and then take remediation actions. However, existing methods have problems such as a low degree of automation, coarse-grained granularity and insufficient scoring indicators.</div></div><div><h3>Objectives:</h3><div>This paper aims to provide a new approach to vulnerability prioritization, bridging the existing shortcomings with a more comprehensive evaluation system, improving the automation of the process and providing fine-grained scoring.</div></div><div><h3>Methods:</h3><div>In this paper, we propose FVulPri, a fine-grained vulnerability prioritization method that ranks software vulnerabilities at the function-level for the first time. FVulPri employs the BERT-BGRU model to evaluate vulnerability severity, introduces a novel code learning approach to analyze vulnerability-related functions and integrates multiple indicators to provide a comprehensive assessment.</div></div><div><h3>Results:</h3><div>The experimental results show that FVulPri has a more reasonable distribution compared to the CVSS (Common Vulnerability Scoring System) scores, achieves an average of 69.06% effectiveness on newly added function-level metrics, and its ranking results show a stronger alignment with expert assessments than those of CVSS, effectively enhancing the quality of vulnerability prioritization.</div></div><div><h3>Conclusion:</h3><div>This paper presents a Fine-grained Vulnerability Prioritization Method that leverages BERT-BGRU and multiple indicators to assess 14 metrics across three dimensions, namely necessity, function level, and scope of impact, thereby improving the efficiency and quality of vulnerability prioritization.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107853"},"PeriodicalIF":4.3,"publicationDate":"2025-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144810294","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Metamorphic testing for textual and visual entailment: A unified framework for model evaluation and explanation 文本和视觉蕴涵的变形测试:模型评估和解释的统一框架
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-08-07 DOI: 10.1016/j.infsof.2025.107855
Mingyue Jiang , Bintao Hu , Xiao-Yi Zhang
{"title":"Metamorphic testing for textual and visual entailment: A unified framework for model evaluation and explanation","authors":"Mingyue Jiang ,&nbsp;Bintao Hu ,&nbsp;Xiao-Yi Zhang","doi":"10.1016/j.infsof.2025.107855","DOIUrl":"10.1016/j.infsof.2025.107855","url":null,"abstract":"<div><h3>Context:</h3><div>Textual entailment (TE) and visual entailment (VE) serve as the basis for a broad spectrum of tasks in natural language processing and vision–language modeling. However, although being extensively studied, both TE and VE models exhibit several quality issues. Additionally, their black-box nature hampers the understanding of their behaviors, making it unclear why the model fails to correctly predict entailment relationships. Consequently, there is a pressing need for methods that can effectively evaluate and explain TE and VE models.</div></div><div><h3>Objective:</h3><div>This study aims to develop a unified approach for detecting and interpreting failures, in both TE and VE models.</div></div><div><h3>Methods:</h3><div>We propose a metamorphic testing-based approach for evaluating and explaining both TE and VE models. The central aspect of our approach lies in the proposed three metamorphic relations, which are generic to both TE and VE, and also preserve specific associations among relevant inputs. The proposed approach conducts metamorphic testing to detect failures in TE and VE models. When a failure is revealed, it further performs a post-hoc analysis within the relevant group of inputs to identify information that is critical for the detected failure.</div></div><div><h3>Results:</h3><div>Experimental results demonstrate the effectiveness of the proposed approach in failure detection and also confirm its potential to provide useful information to pinpoint the root causes of detected failures.</div></div><div><h3>Conclusion:</h3><div>This study presents a general metamorphic testing approach for both TE and VE. It also demonstrates that, with specifically designed metamorphic relations, metamorphic testing can serve as an effective basis for model explanation.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107855"},"PeriodicalIF":4.3,"publicationDate":"2025-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144841594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CtrlFuzz: A controllable diffusion-based fuzz testing for deep neural networks via coverage-aware manifold guidance CtrlFuzz:基于覆盖感知流形制导的深度神经网络可控扩散模糊测试
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-07-30 DOI: 10.1016/j.infsof.2025.107856
Aoshuang Ye , Shilin Zhang , Runze Yan , Jianpeng Ke , Fei Zhu , Benxiao Tang
{"title":"CtrlFuzz: A controllable diffusion-based fuzz testing for deep neural networks via coverage-aware manifold guidance","authors":"Aoshuang Ye ,&nbsp;Shilin Zhang ,&nbsp;Runze Yan ,&nbsp;Jianpeng Ke ,&nbsp;Fei Zhu ,&nbsp;Benxiao Tang","doi":"10.1016/j.infsof.2025.107856","DOIUrl":"10.1016/j.infsof.2025.107856","url":null,"abstract":"<div><h3>Context:</h3><div>Deep neural networks (DNNs) have been extensively deployed in safety-critical applications. Nevertheless, the inherent vulnerability to subtle perturbations of inputs constitutes serious risks to the reliability of DNN-based systems. While mutation-based coverage-guided fuzzing (CGF) ensures test oracle through deliberately limited perturbations, it struggles to obtain diverse and sparse test cases. Conversely, generation-based CGF is able to create more diverse test cases aligned with data distribution but lacks precise controllability.</div></div><div><h3>Objective:</h3><div>To refine the controllability and effectiveness of CGF in DNN testing, we aim to design a framework that is capable of generating realistic test cases with fine-grained control, while systematically exploring model vulnerabilities through a manifold-aware coverage criterion.</div></div><div><h3>Method:</h3><div>In this paper, we propose <em>CtrlFuzz</em>, a manifold coverage-guided controllable diffusion framework for testing DNNs. CtrlFuzz leverages manifold learning to embed high-dimensional inputs into a lower-dimensional Euclidean space, preserving geometric structure. Based on this, we define a manifold coverage by quantifying the ratio between the distances from seed and the non-adversarial counterparts to class center. We further enhance the testing controllability via performing semantic decomposition on seed inputs. A customized diffusion model based on the U-Net structure integrates manifold coverage and semantic constraints into the denoising process, which allows to remain semantically natural while covering vulnerable regions.</div></div><div><h3>Results:</h3><div>Experimental results on four popular datasets and ten benchmark DNN architectures demonstrate that CtrlFuzz (1) effectively maintains the semantic coherence of generated test cases, (2) achieves improved exploration of vulnerable manifold regions compared to existing CGF techniques, and (3) discovers significantly more error-inducing inputs on multiple model types.</div></div><div><h3>Conclusion:</h3><div>CtrlFuzz introduces a novel manifold guiding and diffusion-based fuzzing for controllable test case synthesis. By enhancing both manifold coverage and controllability in CGF, CtrlFuzz improves the thoroughness and effectiveness of DNN testing, which offers a promising direction for future robustness evaluation frameworks.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107856"},"PeriodicalIF":4.3,"publicationDate":"2025-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144780388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An empirical study on the accuracy of GitHub’s dependency graph and the nature of its inaccuracy 实证研究GitHub依赖图的准确性及其不准确性的本质
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-07-29 DOI: 10.1016/j.infsof.2025.107854
Daniele Bifolco , Simone Romano , Sabato Nocera , Rita Francese , Giuseppe Scanniello , Massimiliano Di Penta
{"title":"An empirical study on the accuracy of GitHub’s dependency graph and the nature of its inaccuracy","authors":"Daniele Bifolco ,&nbsp;Simone Romano ,&nbsp;Sabato Nocera ,&nbsp;Rita Francese ,&nbsp;Giuseppe Scanniello ,&nbsp;Massimiliano Di Penta","doi":"10.1016/j.infsof.2025.107854","DOIUrl":"10.1016/j.infsof.2025.107854","url":null,"abstract":"<div><h3>Context:</h3><div>GitHub’s dependency graph is a tool that eases Software Composition Analysis (SCA), and it is leveraged not only by other tools or by practitioners in their analyses but also by researchers when conducting studies on open-source projects. However, its potential inaccuracy may seriously harm its applicability and usefulness.</div></div><div><h3>Objective:</h3><div>This paper quantitatively and qualitatively analyzes the accuracy of GitHub’s dependency graphs for Java and Python projects, how such accuracy has changed over time, and what the likely pitfalls and limitations of the dependency graph are.</div></div><div><h3>Method:</h3><div>After creating statistically significant samples of Java and Python projects, we analyzed their dependency graph in two directions, forward (by looking at dependencies), backward (by looking at dependents), and inspected their manifest/lock files.</div></div><div><h3>Results:</h3><div>Results indicate that in our sample, dependencies have over 27% of inaccuracy, and dependents up to 10%. Errors depend on several reasons, among others, an oversimplified processing of manifest/lock files by the dependency graph generator.</div></div><div><h3>Conclusion:</h3><div>Our results provide (i) guidelines for researchers to understand the threats arising in studies based on the dependency graph and (ii) insights to practitioners and tool builders to enhance their SCA, given the current limitations of the dependency graph.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107854"},"PeriodicalIF":4.3,"publicationDate":"2025-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144772356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Teamwork in agile software development: A mixed-method study of gender diversity and collaboration dynamics 敏捷软件开发中的团队合作:性别多样性和协作动态的混合方法研究
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-07-28 DOI: 10.1016/j.infsof.2025.107840
Viktoria Stray , Idunn Stabell , Gyda Elisa Sæter , Astri Barbala , Yngve Lindsjørn
{"title":"Teamwork in agile software development: A mixed-method study of gender diversity and collaboration dynamics","authors":"Viktoria Stray ,&nbsp;Idunn Stabell ,&nbsp;Gyda Elisa Sæter ,&nbsp;Astri Barbala ,&nbsp;Yngve Lindsjørn","doi":"10.1016/j.infsof.2025.107840","DOIUrl":"10.1016/j.infsof.2025.107840","url":null,"abstract":"<div><h3>Context:</h3><div>Teamwork is an important aspect of agile software development, and the widespread adoption of agile methodologies emphasizes the need for educational approaches that prepare students for effective teamwork. Capstone courses in agile software engineering provide a valuable setting for students to experience collaborative work. However, the dynamics within these teams, particularly regarding gender, require further exploration.</div></div><div><h3>Objectives:</h3><div>This study examines teamwork experiences in an agile capstone course focusing on how team gender composition affects role distribution, teamwork quality, and gender bias.</div></div><div><h3>Methods:</h3><div>This study involved 94 teams comprising 561 students over two years (213 women and 348 men). We employed a mixed-methods approach, using four surveys (806 responses) and 12 in-depth interviews to capture ambition level, satisfaction with agile practices, and gender differences.</div></div><div><h3>Results:</h3><div>Team gender composition significantly impacted teamwork quality (TWQ), with female-dominated but gender-diverse teams showing the highest TWQ scores. Interestingly, women in token positions in male-majority teams reported unexpectedly high satisfaction levels, challenging aspects of Kanter’s tokenism theory. However, women were more likely to report that team members underestimated their competence, particularly in male-majority teams. Observed gender differences included a tendency for women to engage more in design and process-oriented tasks, while men predominantly focused on programming and technical aspects such as architecture and algorithms.</div></div><div><h3>Conclusion:</h3><div>This study underscores the importance of considering team composition in relation to gender in agile teams, as we found this aspect greatly impacts team dynamics. Further, the implementation of agile practices in capstone courses yielded high overall TWQ scores, indicating significant educational value. Our findings provide insights for both software engineering education and agile practitioners.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107840"},"PeriodicalIF":4.3,"publicationDate":"2025-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144772358","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
What is Generative AI good for? Introduction to the special issue on Generative AI in software engineering 生成式人工智能有什么好处?软件工程中生成式人工智能专题介绍
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-07-25 DOI: 10.1016/j.infsof.2025.107857
Viktoria Stray, Geir Kjetil Hanssen, Astri Barbala, Darja Šmite, Klaas-Jan Stol
{"title":"What is Generative AI good for? Introduction to the special issue on Generative AI in software engineering","authors":"Viktoria Stray,&nbsp;Geir Kjetil Hanssen,&nbsp;Astri Barbala,&nbsp;Darja Šmite,&nbsp;Klaas-Jan Stol","doi":"10.1016/j.infsof.2025.107857","DOIUrl":"10.1016/j.infsof.2025.107857","url":null,"abstract":"<div><div>A major question that can be asked of any new major technology or innovation is: what is it good for? For this special issue, we invited manuscripts that answer exactly that question in the context of Generative AI and Software Engineering. We received 33 submission, which underwent a rigorous peer review process. This process led to inclusion of 13 manuscripts, which we organized according to McGrath’s Group Task typology in this editorial. In doing so, we acknowledge that not all tasks are equal, and we demonstrate the breadth of tasks that GenAI can assist in. This set of curated articles provides a variety of interesting applications and studies of GenAI technology. We conclude this editorial with an outlook on the future.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107857"},"PeriodicalIF":4.3,"publicationDate":"2025-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144925177","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Structural Semantic Enhancement: Better integrating code semantics for vulnerability detection 结构语义增强:更好地集成漏洞检测的代码语义
IF 4.3 2区 计算机科学
Information and Software Technology Pub Date : 2025-07-23 DOI: 10.1016/j.infsof.2025.107824
Shaohui Wang , Yan Wu , Zifeng Cui , Lin Chen
{"title":"Structural Semantic Enhancement: Better integrating code semantics for vulnerability detection","authors":"Shaohui Wang ,&nbsp;Yan Wu ,&nbsp;Zifeng Cui ,&nbsp;Lin Chen","doi":"10.1016/j.infsof.2025.107824","DOIUrl":"10.1016/j.infsof.2025.107824","url":null,"abstract":"<div><div>Code vulnerability detection is particularly critical in software development and maintenance because it may prevent software instability, data leakage, or more serious security threats. Traditional code vulnerability detection methods usually rely on static analysis. While static analysis covers the entire code base and detects early errors, it may struggle with highly complex code structures, leading to potential false positives or false negatives. Deep learning has introduced new opportunities for detecting vulnerabilities but faces challenges with complex code structures and logical relationships. Efforts to integrate natural language processing embeddings into models like Graph Neural Networks aim to enhance semantic understanding but depend on the quality of the NLP model and embeddings.</div><div>To address these challenges, we propose a methodology centered around the Structural Semantic Enhancement Method (SSEM), which combines the semantic understanding of deep learning with structured code information provided by static analysis. Specifically, our method extracts the key information of control flow graphs and data dependency graphs and designs specialized SSEM with attention mechanisms. Based on two large-scale datasets, including more than 40,000 code snippets, we experimentally validated the effectiveness of the proposed method. Experimental results show that our method performs better in identifying potential vulnerabilities in code compared to traditional deep learning methods and advanced deep learning vulnerability detection models.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107824"},"PeriodicalIF":4.3,"publicationDate":"2025-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144722109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Burnout in agile teams: The role of mindful software development 敏捷团队中的倦怠:正念软件开发的作用
IF 3.8 2区 计算机科学
Information and Software Technology Pub Date : 2025-07-22 DOI: 10.1016/j.infsof.2025.107852
Hamed Jafarzadeh , Hossein Mosafer , Jalal Sarabadani
{"title":"Burnout in agile teams: The role of mindful software development","authors":"Hamed Jafarzadeh ,&nbsp;Hossein Mosafer ,&nbsp;Jalal Sarabadani","doi":"10.1016/j.infsof.2025.107852","DOIUrl":"10.1016/j.infsof.2025.107852","url":null,"abstract":"<div><h3>Context</h3><div>Agile project management methods are widely adopted in software development, offering flexibility and efficiency. However, the dynamic and fast-paced nature of agile environments can subject team members—such as developers, business analysts, and project managers—to stress, potentially leading to work exhaustion and burnout.</div></div><div><h3>Objectives</h3><div>This study aims to investigate the role of mindfulness as a dynamic personality trait in reducing burnout in agile software development environments. It focuses on how mindfulness influences the use of problem-focused and emotion-focused coping strategies to mitigate burnout. We examine whether mindful agile practitioners are more likely to adopt problem-focused rather than emotion-focused coping strategies, and whether these strategies help alleviate burnout.</div></div><div><h3>Methods</h3><div>The research draws on the theoretical foundations of mindfulness and the transactional model of stress and coping (TMSC) to develop a model for understanding the relationships between mindfulness, coping behaviors, and burnout. The proposed model was tested through a survey of 319 IT and software development professionals who use agile methods in their work. Finally, path analysis was conducted using SmartPLS to assess the hypothesized relationships.</div></div><div><h3>Results</h3><div>The findings of this research suggest that individuals with higher levels of mindfulness in agile software development are more likely to adopt problem-focused coping behaviors, which in turn reduces burnout. In addition, the results show that mindful agile team members also use coping strategies to gain emotional stability (e.g., venting to their colleagues) although it may increase their level of burnout.</div></div><div><h3>Conclusion</h3><div>Contextualizing the notion of mindful engagement with agile software development methods (or agile mindfulness), this paper concludes that agile mindfulness, as a dynamic resource, can be helpful in identifying solutions to reduce the stress and burnout of team members via promoting problem-solving coping behaviours. From the practical perspective, this research helps organizations and agile teams with practical recommendations to leverage mindfulness, and introduces coping behaviors that help them manage and even prevent burnout in agile environments.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107852"},"PeriodicalIF":3.8,"publicationDate":"2025-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144704781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信