19,906 research outputs found
Investigating Effective Inspection of Object-Oriented Code
Since the development of software inspection over twenty-five years ago it has become established as an effective means of detecting defects. Inspections were originally developed at a time when the procedural paradigm was dominant but, with the Object- Oriented (OO) paradigm growing in influence and use, there now exists a lack of guidance on how to apply inspections to OO systems. Object-oriented and procedural languages differ not only in their syntax but also in a number of more profound ways - the encapsulation of data and associated functionality, the common use of inheritance, and the concepts of polymorphism and dynamic binding. These factors influence the way that modules (classes) are created in OO systems, which in turn influences the way that OO systems are structured and execute. Failure to take this into account may hinder the application of inspections to OO code. This thesis shows that the way in which the objectoriented paradigm distributes related functionality can have a serious impact on code inspection and, to address this problem, it develops and empirically evaluates three code reading techniques
Improving Quality Assurance in Multidisciplinary Engineering Environments with Semantic Technologies
In multidisciplinary engineering (MDE) projects, for example, automation systems or manufacturing systems, stakeholders from various disciplines, for example, electrics, mechanics and software, have to collaborate. In industry practice, engineers apply individual and highly specialized tools with strong limitation regarding defect detection in early engineering phases. Experts typically execute reviews with limited tool support which make engineering projects defective and risky. Semantic Web Technologies (SWTs) can help to bridge the gap between heterogeneous sources as foundation for efficient and effective defect detection. Main questions focus on (a) how to bridge gaps between loosely coupled tools and incompatible data models and (b) how SWTs can help to support efficient and effective defect detection in context of engineering process improvement. This chapter describes success-critical requirements for defect detection in MDE and shows how SWTs can provide the foundation for early and efficient defect detection with an adapted review approach. The proposed defect detection framework (DDF) suggests different levels of SWT contributions as a roadmap for engineering process improvement. Two selected industry-related real-life cases show different levels of SWT involvement. Although SWTs have been successfully applied in real-life use cases, SWT applications can be risky if applied without good understanding of success factors and limitations
An Efficient Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications
Defects in requirements specifications can have severe consequences during
the software development lifecycle. Some of them may result in poor product
quality and/or time and budget overruns due to incorrect or missing quality
characteristics, such as security. This characteristic requires special
attention in web applications because they have become a target for
manipulating sensible data. Several concerns make security difficult to deal
with. For instance, security requirements are often misunderstood and
improperly specified due to lack of security expertise and emphasis on security
during early stages of software development. This often leads to unspecified or
ill-defined security-related aspects. These concerns become even more
challenging in agile contexts, where lightweight documentation is typically
produced. To tackle this problem, we designed an approach for reviewing
security-related aspects in agile requirements specifications of web
applications. Our proposal considers user stories and security specifications
as inputs and relates those user stories to security properties via Natural
Language Processing. Based on the related security properties, our approach
identifies high-level security requirements from the Open Web Application
Security Project (OWASP) to be verified, and generates a reading technique to
support reviewers in detecting defects. We evaluate our approach via three
experiment trials conducted with 56 novice software engineers, measuring
effectiveness, efficiency, usefulness, and ease of use. We compare our approach
against using: (1) the OWASP high-level security requirements, and (2) a
perspective-based approach as proposed in contemporary state of the art. The
results strengthen our confidence that using our approach has a positive impact
(with large effect size) on the performance of inspectors in terms of
effectiveness and efficiency.Comment: Preprint accepted for publication at the Requirements Engineering
journal. arXiv admin note: text overlap with arXiv:1906.1143
Toward a document evaluation methodology: What does research tell us about the validity and reliability of evaluation methods?
Although the usefulness of evaluating documents has become generally accepted among communication professionals, the supporting research that puts evaluation practices empirically to the test is only beginning to emerge. This article presents an overview of the available research on troubleshooting evaluation methods. Four lines of research are distinguished concerning the validity of evaluation methods, sample composition, sample size, and the implementation of evaluation results during revisio
Experimental Evaluation of a Checklist-Based Inspection Technique to Verify the Compliance of Software Systems with the Brazilian General Data Protection Law
Recent laws to ensure the security and protection of personal data establish
new software requirements. Consequently, new technologies are needed to
guarantee software quality under the perception of privacy and protection of
personal data. Therefore, we created a checklist-based inspection technique
(LGPDCheck) to support the identification of defects in software artifacts
based on the principles established by the Brazilian General Data Protection
Law (LGPD). Objective/Aim: To evaluate the effectiveness and efficiency of
LGPDCheck for verifying privacy and data protection (PDP) in software artifacts
compared to ad-hoc techniques. Method: To assess LGPDCheck and ad-hoc
techniques experimentally through a quasi-experiment (two factors, five
treatments). The data will be collected from IoT-based health software systems
built by software engineering students from the Federal University of Rio de
Janeiro. The data analyses will compare results from ad-hoc and LGPDCheck
inspections, the participant's effectiveness and efficiency in each trial,
defects' variance and standard deviation, and time spent with the reviews. The
data will be screened for outliers, and normality and homoscedasticity will be
verified using the Shapiro-Wilk and Levene tests. Nonparametric or parametric
tests, such as the Wilcoxon or Student's t-tests, will be applied as
appropriate.Comment: Registered Report accepted for presentation at 17th ACM/IEEE
International Symposium on Empirical Software Engineering and Measurement.
New Orleans, Louisiana, United State
Task Specific Uncertainty in Coordinate Measurement
Task specific uncertainty is the measurement uncertainty associated with the measurement of a specific feature using a specific measurement plan. This paper surveys techniques developed to model and estimate task specific uncertainty for coordinate measuring systems, primarily coordinate measuring machines using contacting probes. Sources of uncertainty are also reviewed
- …