Putting the Semantics into Semantic Versioning

The long-standing aspiration for software reuse has made astonishing strides in the past few years. Many modern software development ecosystems now come with rich sets of publicly-available components contributed by the community. Downstream developers can leverage these upstream components, boosting their productivity. However, components evolve at their own pace. This imposes obligations on and yields benefits for downstream developers, especially since changes can be breaking, requiring additional downstream work to adapt to. Upgrading too late leaves downstream vulnerable to security issues and missing out on useful improvements; upgrading too early results in excess work. Semantic versioning has been proposed as an elegant mechanism to communicate levels of compatibility, enabling downstream developers to automate dependency upgrades. While it is questionable whether a version number can adequately characterize version compatibility in general, we argue that developers would greatly benefit from tools such as semantic version calculators to help them upgrade safely. The time is now for the research community to develop such tools: large component ecosystems exist and are accessible, component interactions have become observable through automated builds, and recent advances in program analysis make the development of relevant tools feasible. In particular, contracts (both traditional and lightweight) are a promising input to semantic versioning calculators, which can suggest whether an upgrade is likely to be safe.Comment: to be published as Onward! Essays 202

The Role of Scanning, Evaluation, and Mindfulness in the Assimilation of Information Technology: The Case of Enterprise Resource Planning (ERP) Systems

Enterprise Resource Planning Systems (ERPs) are commercial software packages that enable integration of information and business processes throughout the organization. Realizing the business value of information technology (IT) requires its successful assimilation by the firm. ERP assimilation refers to the effective application of this type of IT in supporting a firm's business strategies and value-chain activities. To succeed at this, the IS function must continuously manage the adaptation between the organization and the ERP system, even after initial deployment. For this purpose, the IS function must continuously scan both the firm's internal and external environment to identify new ERP adaptation opportunities that will allow the effective application of new ERP technologies to support the firm's objectives. Also, it is important for the IS function to engage in evaluation activities to analyze and select those ERP adaptation opportunities with the greatest potential for impact on ERP assimilation. It is posited here that ERP scanning will have a direct positive effect on the firm's level of ERP assimilation, and that this effect will be moderated by the extent of ERP evaluation activities. IS mindfulness, the degree of collective mindfulness present in the IS function, is also posited to moderate the relationship between ERP scanning and ERP assimilation. Collective mindfulness is an elevated state of alertness toward expectations, in the face of new and unprecedented situations or changes, with a nuanced appreciation of the specific context. IS mindfulness makes more likely the identification and realization of unexpected ERP adaptation opportunities leading to a higher level of ERP assimilation for the firm. A model is proposed to describe the relations among IS mindfulness, ERP scanning, ERP evaluation, and ERP assimilation. This model has been tested by collecting survey data from 113 firms. The results suggest that first, collective mindfulness is a construct with two dimensions: alertness/attention, a state of vigilant alertness, and change/situation, an awareness or knowledge of an unprecedented situation or change in the firm's environment; second, scanning of the internal environment (scanning of needs) has a main effect on ERP assimilation, and this effect is moderated by the presence of IS mindfulness ("alertness" dimension), as predicted by the model; and third, ERP evaluation has rather a direct effect on ERP assimilation and does not moderate the scanning-assimilation relationship as expected

Assessment of IT Infrastructures: A Model Driven Approach

Several approaches to evaluate IT infrastructure architectures have been proposed, mainly by supplier and consulting firms. However, they do not have a unified approach of these architectures where all stakeholders can cement the decision-making process, thus facilitating comparability as well as the verification of best practices adoption. The main goal of this dissertation is the proposal of a model-based approach to mitigate this problem. A metamodel named SDM (System Definition Model) and expressed with the UML (Unified Modeling Language) is used to represent structural and operational knowledge on the infrastructures. This metamodel is automatically instantiated through the capture of infrastructures configurations of existing distributed architectures, using a proprietary tool and a transformation tool that was built in the scope of this dissertation. The quantitative evaluation is performed using the M2DM (Meta-Model Driven Measurement) approach that uses OCL (Object Constraint Language) to formulate the required metrics. This proposal is expected to increase the understandability of IT infrastructures by all stakeholders (IT architects, application developers, testers, operators and maintenance teams) as well as to allow expressing their strategies of management and evolution. To illustrate the use of the proposed approach, we assess the complexity of some real cases in the diachronic and synchronic perspective

IoTsafe, Decoupling Security from Applications for a Safer IoT

The use of robust security solutions is a must for the Internet of Things (IoT) devices and their applications: regulators in different countries are creating frameworks for certifying those devices with an acceptable security level. However, even for already certified devices, security protocols have to be updated when a breach is found or a certain version becomes obsolete. Many approaches for securing IoT applications are nowadays based on the integration of a security layer [e.g., using transport layer security, (TLS)], but this may result in difficulties when upgrading the security algorithms, as the whole application has to be updated. This fact may shorten the life of IoT devices. As a way to overcome these difficulties, this paper presents IoTsafe, a novel approach relying on secure socket shell (SSH), a feasible alternative to secure communications in IoT applications based on hypertext transfer protocol (HTTP and HTTP/2). In order to illustrate its advantages, a comparison between the traditional approach (HTTP with TLS) and our scheme (HTTP with SSH) is performed over low-power wireless personal area networks (6loWPAN) through 802.15.4 interfaces. The results show that the proposed approach not only provides a more robust and easy-To-update solution, but it also brings an improvement to the overall performance in terms of goodput and energy consumption. Core server stress tests are also presented, and the server performance is also analyzed in terms of RAM consumption and escalation strategies

Automated, Systematic and Parallel Approaches to Software Testing in Bioinformatics

Software quality assurance becomes especially critical if bioinformatics tools are to be used in a translational medical setting, such as analysis and interpretation of biological data. We must ensure that only validated algorithms are used, and that they are implemented correctly in the analysis pipeline – and not disrupted by hardware or software failure. In this thesis, I review common quality assurance practice and guidelines for bioinformatics software testing. Furthermore, I present a novel cloud-based framework to enable automated testing of genetic sequence alignment programs. This framework performs testing based on gold standard simulation data sets, and metamorphic testing. I demonstrate the effectiveness of this cloudbased framework using two widely used sequence alignment programs, BWA and Bowtie, and some fault-seeded ‘mutant’ versions of BWA and Bowtie. This preliminary study demonstrates that this type of cloud-based software testing framework is an effective and promising way to implement quality assurance in bioinformatics software that is used in genomic medicine

System Qualities Ontology, Tradespace and Affordability (SQOTA) Project – Phase 4

This task was proposed and established as a result of a pair of 2012 workshops sponsored by the DoD Engineered Resilient Systems technology priority area and by the SERC. The workshops focused on how best to strengthen DoD’s capabilities in dealing with its systems’ non-functional requirements, often also called system qualities, properties, levels of service, and –ilities. The term –ilities was often used during the workshops, and became the title of the resulting SERC research task: “ilities Tradespace and Affordability Project (iTAP).” As the project progressed, the term “ilities” often became a source of confusion, as in “Do your results include considerations of safety, security, resilience, etc., which don’t have “ility” in their names?” Also, as our ontology, methods, processes, and tools became of interest across the DoD and across international and standards communities, we found that the term “System Qualities” was most often used. As a result, we are changing the name of the project to “System Qualities Ontology, Tradespace, and Affordability (SQOTA).” Some of this year’s university reports still refer to the project as “iTAP.”This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant of Defense for Research and Engineering (ASD(R&E)) under Contract HQ0034-13-D-0004.This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant of Defense for Research and Engineering (ASD(R&E)) under Contract HQ0034-13-D-0004