A Novel Approach to Determine Software Security Level using Bayes Classifier via Static Code Metrics

Technological developments are increasing day by day and software products are growing in an uncontrolled way. This leads to the development of applications which do not comply with principles of design. Software which has not passed security testing may put the end user into danger. During the processes of error detection and verification of developed software, static and dynamic analysis may be used. Static code analysis provides analysis in different categories while coding without code compile. Source code metrics are also within these categories. Code metrics evaluate software quality, level of risk, and interchangeability by analysing software based on those metrics. In this study, we will describe our web-based application which is developed to determine the level of security in software. In this scope, software's metric calculation method will be explained. The scoring system we used to determine the security level calculation will be explained, taking into account metric thresholds that are acceptable in the literature. Bayes Classifier Method, distinguishing risks in the project files with the analysis of uploaded sample software files, will be described. Finally, objectives of this analysis method and planned activities will be explained

An Analysis of Measurement and Metrics Tools: A Systematic Literature Review

Measurement is an important field in Software Engineering, since it allows for organizations to obtain trustworthy estimates regarding deadlines, cost, and quality for the development of their software projects. Many tools are available for the calculation and storage of metrics and therefore, choosing the best tool can be a hard task. Faced with such a problem, this study carries out an analysis of the measurement tools presented in literature. The methodology chosen for the task was the systematic literature review. The results of the systematic review present the metric tools chosen in literature, their functionalities, and the main metrics used by these tools. The primary contribution of this article is a list with the metrics used by each of these tools, and their respective classification, according to their use in academia as well as in the software industry

Construção de uma ferramenta flexível de base histórica de medição

Trabalho de Conclusão de Curso (graduação)—Universidade de Brasília, Faculdade UnB Gama, 2018.A medição é uma área importante na engenharia de software, uma vez que ela permite que as organizações consigam fazer estimativas confiáveis sobre prazo, custo e qualidade. Desenvolver um processo de medição bem definido, baseado nos objetivos de negócio, fornece uma fonte de informação confiável para tomada de decisões nos projetos. Problemas relacionados à criação e à manutenção de uma base histórica de medição são recorrentes nas organizações que trabalham com desenvolvimento de software, uma vez que não existem muitas ferramentas que mantém a base histórica das métricas e que existe falta de flexibilidade na criação e edição das métricas na maioria das ferramentas medição disponíveis. Diante deste problema, este trabalho tem como objetivo desenvolver uma ferramenta de base história de medição flexível. A metodologia de pesquisa utilizada foi a revisão sistemática de literatura. Além disso, a metodologia de desenvolvimento foi uma versão simplificada do Scrum. Os resultados da revisão sistemática apresentam as ferramentas de métricas listadas na literatura, quais são as suas funcionalidades, suas vantagens e também desvantagens. Foi obtido também, as principais métricas utilizadas por essas ferramentas. A ferramenta desenvolvida trabalhou boas práticas de programação, buscou utilizar das forças que as ferramentas estudadas mostraram e preencheu as lacunas que essas ferramentas apresentam. Além disso, a ferramenta foi validada por iterações de Interação Humano Computador e em ambiente real de desenvolvimento de software. Os resultados dessa validação foram aplicados em melhorias para o sistema. Assim, o objetivo do estudo foi atingido, uma vez que a ferramenta de base histórica de medições foi construída e validada utilizando boas técnicas de desenvolvimento de software.Measurement is an important area in software engineering once it enables organizations to do reliable estimates of time, cost, and quality. Developing a well-defined measurement process, based on business objectives, provides a reliable source of information for project decision-making. Problems related to the creation and maintenance of a historical measurement base are recurrent in organizations that work with software development since there are few tools that maintain the historical base of the metrics and that there is a lack of flexibility in the creation and edition of the metrics in the majority measuring tools available. Faced with this problem, this work aims to develop a flexible measurement historical base tool. The research methodology used was the systematic review of the literature. In addition, the development methodology was a simplified version of Scrum. The results of the systematic review present metrics tools listed in the literature, what are their functionalities, their advantages and also disadvantages. The main metrics used by these tools were also obtained. The tool developed used good programming practices, sought to use the forces that the tools studied showed and filled the gaps that these tools present. In addition, the tool was validated by Human Computer Interaction iterations and in real software development environment. The results of this validation were applied in improvements to the system. Thus, the objective of the study was reached, since the measurement historical base tool was constructed and validated using good software development techniques