Understanding the Impact of Release Processes and Practices on Software Quality

L’ingénierie de production (release engineering) englobe toutes les activités visant à «construire un pipeline qui transforme le code source en un produit intégré, compilé, empaqueté, testé et signé prêt à être publier». La stratégie des production et les pratiques de publication peuvent avoir un impact sur la qualité d’un produit logiciel. Bien que cet impact ait été longuement discuté et étudié dans la communauté du génie logiciel, il reste encore plusieurs problèmes à résoudre. Cette thèse s’attaque à quelque-uns de ces problèmes non résoulus de l’ingénierie de production en vue de proposer des solutions. En particulier, nous investigons : 1) pourquoi les activités de révision de code (code review) peuvent rater des erreurs de code susceptibles de causer des plantages (crashs); (2) comment prévenir les bogues lors de l’approbation et l’intégration des patches urgents; 3) dans un écosystème logiciel, comment atténuer le risque de bogues dus à des injections de DLL. Nous avons choisi d’étudier ces problèmes car ils correspondent à trois phases importantes des processus de production de logiciels, c’est-à-dire la révision de code, les patches urgents, et la publication de logiciels dans un écosystème. Les solutions à ces problèmes peuvent aider les entreprises de logiciels à améliorer leur stratégie de production et de publication. Ce qui augmentera leur productivité de développement et la qualité générale de leurs produits logiciels.----------ABSTRACT: Release engineering encompasses all the activities aimed at “building a pipeline that transforms source code into an integrated, compiled, packaged, tested, and signed product that is ready for release”. The strategy of the release processes and practices can impact the quality of a software artefact. Although such impact has been extensively discussed and studied in the software engineering community, there are still many pending issues to resolve. The goal of this thesis is to study and solve some of these pending issues. More specifically, we examine 1) why code review practices can miss crash-prone code; 2) how urgent patches (also called patch uplift) are approved to release and how to prevent regressions due to urgent patches; 3) in a software ecosystem, how to mitigate the risk of defects due to DLL injections. We chose to study these problems because they correspond to three important phases of software release processes, i.e., code review, patch uplift, and releasing software in an ecosystem. The solutions of these problems can help software organizations improve their release strategy; increasing their development productivity and the overall user-perceived quality of their products

Improving software engineering processes using machine learning and data mining techniques

The availability of large amounts of data from software development has created an area of research called mining software repositories. Researchers mine data from software repositories both to improve understanding of software development and evolution, and to empirically validate novel ideas and techniques. The large amount of data collected from software processes can then be leveraged for machine learning applications. Indeed, machine learning can have a large impact in software engineering, just like it has had in other fields, supporting developers, and other actors involved in the software development process, in automating or improving parts of their work. The automation can not only make some phases of the development process less tedious or cheaper, but also more efficient and less prone to errors. Moreover, employing machine learning can reduce the complexity of difficult problems, enabling engineers to focus on more interesting problems rather than the basics of development. The aim of this dissertation is to show how the development and the use of machine learning and data mining techniques can support several software engineering phases, ranging from crash handling, to code review, to patch uplifting, to software ecosystem management. To validate our thesis we conducted several studies tackling different problems in an industrial open-source context, focusing on the case of Mozilla

Augmenting Zero Trust Architecture to endpoints using Distributed Ledger Technologies and Blockchain

With the increasing adoption of cloud computing and remote working, traditional perimeter-based security models are no longer sufficient to protect organizations' digital assets. The need for a more robust security framework led to the emergence of Zero Trust Architecture (ZTA), which challenges the notion of inherent trust and emphasizes the importance of verifying endpoints, users, and applications. However, within ZTA, the already authenticated and authorized communication channel on an endpoint poses a critical vulnerability, making it the Achilles' heel of the architecture [1]. Once compromised, even with valid credentials and authorized access, an endpoint can become a gateway for attackers to move laterally and access sensitive resources. Addressing the vulnerability of endpoints within ZTA is crucial to bolster overall security. By mitigating the risks associated with compromised endpoints, organizations can prevent unauthorized access, privilege escalation, and potential data breaches. Traditional security measures, such as firewalls, antivirus technologies, and Intrusion Detection and Prevention Systems (IDS/IPS), have become less effective in the face of evolving threats and complex network infrastructures. Perimeter-based security models are gradually being replaced by ZTA, which focuses on identity-based perimeters and continuous verification. To enhance endpoint security within ZTA, this research introduces the Blockchain-enabled Intrusion Detection and Prevention System (BIDPS). By integrating blockchain technology, the BIDPS aims to detect and prevent attacker techniques at an early stage before lateral movement occurs. Furthermore, the BIDPS shifts the trust from compromised endpoints to the immutable and transparent nature of the blockchain, creating an explicit system of trust. Through a systematic design and development methodology, a prototype of the BIDPS was created. Extensive testing against various Advanced Persistent Threat (APT) attacks demonstrated the system's high success rate in defending against such attacks. Additionally, novel strategies and performance-enhancing mechanisms were implemented to improve the effectiveness and efficiency of the BIDPS [2]. The BIDPS was evaluated through a combination of observational analysis and A/B testing methodologies. The evaluation confirmed the BIDPS's effectiveness in detecting and preventing malicious activities, as well as its improved performance compared to traditional security measures. The research outcomes validate the viability of the BIDPS as a solution to enhance endpoint security within ZTA. Conclusively, the integration of blockchain technology into ZTA, as exemplified by the BIDPS, offers a promising approach to mitigate the vulnerability of endpoints and reinforce the security of modern IT environments