111,863 research outputs found
Legacy Software Restructuring: Analyzing a Concrete Case
Software re-modularization is an old preoccupation of reverse engineering
research. The advantages of a well structured or modularized system are well
known. Yet after so much time and efforts, the field seems unable to come up
with solutions that make a clear difference in practice. Recently, some
researchers started to question whether some basic assumptions of the field
were not overrated. The main one consists in evaluating the
high-cohesion/low-coupling dogma with metrics of unknown relevance. In this
paper, we study a real structuring case (on the Eclipse platform) to try to
better understand if (some) existing metrics would have helped the software
engineers in the task. Results show that the cohesion and coupling metrics used
in the experiment did not behave as expected and would probably not have helped
the maintainers reach there goal. We also measured another possible
restructuring which is to decrease the number of cyclic dependencies between
modules. Again, the results did not meet expectations
Analysis of Network Clustering Algorithms and Cluster Quality Metrics at Scale
Notions of community quality underlie network clustering. While studies
surrounding network clustering are increasingly common, a precise understanding
of the realtionship between different cluster quality metrics is unknown. In
this paper, we examine the relationship between stand-alone cluster quality
metrics and information recovery metrics through a rigorous analysis of four
widely-used network clustering algorithms -- Louvain, Infomap, label
propagation, and smart local moving. We consider the stand-alone quality
metrics of modularity, conductance, and coverage, and we consider the
information recovery metrics of adjusted Rand score, normalized mutual
information, and a variant of normalized mutual information used in previous
work. Our study includes both synthetic graphs and empirical data sets of sizes
varying from 1,000 to 1,000,000 nodes.
We find significant differences among the results of the different cluster
quality metrics. For example, clustering algorithms can return a value of 0.4
out of 1 on modularity but score 0 out of 1 on information recovery. We find
conductance, though imperfect, to be the stand-alone quality metric that best
indicates performance on information recovery metrics. Our study shows that the
variant of normalized mutual information used in previous work cannot be
assumed to differ only slightly from traditional normalized mutual information.
Smart local moving is the best performing algorithm in our study, but
discrepancies between cluster evaluation metrics prevent us from declaring it
absolutely superior. Louvain performed better than Infomap in nearly all the
tests in our study, contradicting the results of previous work in which Infomap
was superior to Louvain. We find that although label propagation performs
poorly when clusters are less clearly defined, it scales efficiently and
accurately to large graphs with well-defined clusters
Ethical Issues in Empirical Studies of Software Engineering
The popularity of empirical methods in software engineering research is on the rise. Surveys,
experiments, metrics, case studies, and field studies are examples of empirical methods used to
investigate both software engineering processes and products. The increased application of
empirical methods has also brought about an increase in discussions about adapting these
methods to the peculiarities of software engineering. In contrast, the ethical issues raised by
empirical methods have received little, if any, attention in the software engineering literature. This
article is intended to introduce the ethical issues raised by empirical research to the software
engineering research community, and to stimulate discussion of how best to deal with these ethical
issues. Through a review of the ethical codes of several fields that commonly employ humans and
artifacts as research subjects, we have identified major ethical issues relevant to empirical studies
of software engineering. These issues are illustrated with real empirical studies of software
engineering
The Effect of Security Education and Expertise on Security Assessments: the Case of Software Vulnerabilities
In spite of the growing importance of software security and the industry
demand for more cyber security expertise in the workforce, the effect of
security education and experience on the ability to assess complex software
security problems has only been recently investigated. As proxy for the full
range of software security skills, we considered the problem of assessing the
severity of software vulnerabilities by means of a structured analysis
methodology widely used in industry (i.e. the Common Vulnerability Scoring
System (\CVSS) v3), and designed a study to compare how accurately individuals
with background in information technology but different professional experience
and education in cyber security are able to assess the severity of software
vulnerabilities. Our results provide some structural insights into the complex
relationship between education or experience of assessors and the quality of
their assessments. In particular we find that individual characteristics matter
more than professional experience or formal education; apparently it is the
\emph{combination} of skills that one owns (including the actual knowledge of
the system under study), rather than the specialization or the years of
experience, to influence more the assessment quality. Similarly, we find that
the overall advantage given by professional expertise significantly depends on
the composition of the individual security skills as well as on the available
information.Comment: Presented at the Workshop on the Economics of Information Security
(WEIS 2018), Innsbruck, Austria, June 201
- …