Investigating Effective Inspection of Object-Oriented Code

Since the development of software inspection over twenty-five years ago it has become established as an effective means of detecting defects. Inspections were originally developed at a time when the procedural paradigm was dominant but, with the Object- Oriented (OO) paradigm growing in influence and use, there now exists a lack of guidance on how to apply inspections to OO systems. Object-oriented and procedural languages differ not only in their syntax but also in a number of more profound ways - the encapsulation of data and associated functionality, the common use of inheritance, and the concepts of polymorphism and dynamic binding. These factors influence the way that modules (classes) are created in OO systems, which in turn influences the way that OO systems are structured and execute. Failure to take this into account may hinder the application of inspections to OO code. This thesis shows that the way in which the objectoriented paradigm distributes related functionality can have a serious impact on code inspection and, to address this problem, it develops and empirically evaluates three code reading techniques

Improving Quality Assurance in Multidisciplinary Engineering Environments with Semantic Technologies

In multidisciplinary engineering (MDE) projects, for example, automation systems or manufacturing systems, stakeholders from various disciplines, for example, electrics, mechanics and software, have to collaborate. In industry practice, engineers apply individual and highly specialized tools with strong limitation regarding defect detection in early engineering phases. Experts typically execute reviews with limited tool support which make engineering projects defective and risky. Semantic Web Technologies (SWTs) can help to bridge the gap between heterogeneous sources as foundation for efficient and effective defect detection. Main questions focus on (a) how to bridge gaps between loosely coupled tools and incompatible data models and (b) how SWTs can help to support efficient and effective defect detection in context of engineering process improvement. This chapter describes success-critical requirements for defect detection in MDE and shows how SWTs can provide the foundation for early and efficient defect detection with an adapted review approach. The proposed defect detection framework (DDF) suggests different levels of SWT contributions as a roadmap for engineering process improvement. Two selected industry-related real-life cases show different levels of SWT involvement. Although SWTs have been successfully applied in real-life use cases, SWT applications can be risky if applied without good understanding of success factors and limitations

An Efficient Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them may result in poor product quality and/or time and budget overruns due to incorrect or missing quality characteristics, such as security. This characteristic requires special attention in web applications because they have become a target for manipulating sensible data. Several concerns make security difficult to deal with. For instance, security requirements are often misunderstood and improperly specified due to lack of security expertise and emphasis on security during early stages of software development. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically produced. To tackle this problem, we designed an approach for reviewing security-related aspects in agile requirements specifications of web applications. Our proposal considers user stories and security specifications as inputs and relates those user stories to security properties via Natural Language Processing. Based on the related security properties, our approach identifies high-level security requirements from the Open Web Application Security Project (OWASP) to be verified, and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via three experiment trials conducted with 56 novice software engineers, measuring effectiveness, efficiency, usefulness, and ease of use. We compare our approach against using: (1) the OWASP high-level security requirements, and (2) a perspective-based approach as proposed in contemporary state of the art. The results strengthen our confidence that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency.Comment: Preprint accepted for publication at the Requirements Engineering journal. arXiv admin note: text overlap with arXiv:1906.1143

Toward a document evaluation methodology: What does research tell us about the validity and reliability of evaluation methods?

Although the usefulness of evaluating documents has become generally accepted among communication professionals, the supporting research that puts evaluation practices empirically to the test is only beginning to emerge. This article presents an overview of the available research on troubleshooting evaluation methods. Four lines of research are distinguished concerning the validity of evaluation methods, sample composition, sample size, and the implementation of evaluation results during revisio

Experimental Evaluation of a Checklist-Based Inspection Technique to Verify the Compliance of Software Systems with the Brazilian General Data Protection Law

Recent laws to ensure the security and protection of personal data establish new software requirements. Consequently, new technologies are needed to guarantee software quality under the perception of privacy and protection of personal data. Therefore, we created a checklist-based inspection technique (LGPDCheck) to support the identification of defects in software artifacts based on the principles established by the Brazilian General Data Protection Law (LGPD). Objective/Aim: To evaluate the effectiveness and efficiency of LGPDCheck for verifying privacy and data protection (PDP) in software artifacts compared to ad-hoc techniques. Method: To assess LGPDCheck and ad-hoc techniques experimentally through a quasi-experiment (two factors, five treatments). The data will be collected from IoT-based health software systems built by software engineering students from the Federal University of Rio de Janeiro. The data analyses will compare results from ad-hoc and LGPDCheck inspections, the participant's effectiveness and efficiency in each trial, defects' variance and standard deviation, and time spent with the reviews. The data will be screened for outliers, and normality and homoscedasticity will be verified using the Shapiro-Wilk and Levene tests. Nonparametric or parametric tests, such as the Wilcoxon or Student's t-tests, will be applied as appropriate.Comment: Registered Report accepted for presentation at 17th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement. New Orleans, Louisiana, United State

Task Specific Uncertainty in Coordinate Measurement

Task specific uncertainty is the measurement uncertainty associated with the measurement of a specific feature using a specific measurement plan. This paper surveys techniques developed to model and estimate task specific uncertainty for coordinate measuring systems, primarily coordinate measuring machines using contacting probes. Sources of uncertainty are also reviewed