Impact assessment for vulnerabilities in open-source software libraries

Software applications integrate more and more open-source software (OSS) to benefit from code reuse. As a drawback, each vulnerability discovered in bundled OSS potentially affects the application. Upon the disclosure of every new vulnerability, the application vendor has to decide whether it is exploitable in his particular usage context, hence, whether users require an urgent application patch containing a non-vulnerable version of the OSS. Current decision making is mostly based on high-level vulnerability descriptions and expert knowledge, thus, effort intense and error prone. This paper proposes a pragmatic approach to facilitate the impact assessment, describes a proof-of-concept for Java, and examines one example vulnerability as case study. The approach is independent from specific kinds of vulnerabilities or programming languages and can deliver immediate results

Detection of microservice smells through static analysis

A arquitetura de microsserviços é um modelo arquitetural promissor na área de software, atraindo desenvolvedores e empresas para os seus princípios convincentes. As suas vantagens residem no potencial para melhorar a escalabilidade, a flexibilidade e a agilidade, alinhando se com as exigências em constante evolução da era digital. No entanto, navegar entre as complexidades dos microsserviços pode ser uma tarefa desafiante, especialmente à medida que este campo continua a evoluir. Um dos principais desafios advém da complexidade inerente aos microsserviços, em que o seu grande número e interdependências podem introduzir novas camadas de complexidade. Além disso, a rápida expansão dos microsserviços, juntamente com a necessidade de aproveitar as suas vantagens de forma eficaz, exige uma compreensão mais profunda das potenciais ameaças e problemas que podem surgir. Para tirar verdadeiramente partido das vantagens dos microsserviços, é essencial enfrentar estes desafios e garantir que o desenvolvimento e a adoção de microsserviços sejam bem-sucedidos. O presente documento pretende explorar a área dos smells da arquitetura de microsserviços que desempenham um papel tão importante na dívida técnica dirigida à área dos microsserviços. Embarca numa exploração de investigação abrangente, explorando o domínio dos smells de microsserviços. Esta investigação serve como base para melhorar um catálogo de smells de microsserviços. Esta investigação abrangente obtém dados de duas fontes primárias: systematic mapping study e um questionário a profissionais da área. Este último envolveu 31 profissionais experientes com uma experiência substancial no domínio dos microsserviços. Além disso, são descritos o desenvolvimento e o aperfeiçoamento de uma ferramenta especificamente concebida para identificar e resolver problemas relacionados com os microsserviços. Esta ferramenta destina-se a melhorar o desempenho dos programadores durante o desenvolvimento e a implementação da arquitetura de microsserviços. Por último, o documento inclui uma avaliação do desempenho da ferramenta. Trata-se de uma análise comparativa efetuada antes e depois das melhorias introduzidas na ferramenta. A eficácia da ferramenta será avaliada utilizando o mesmo benchmarking de microsserviços utilizado anteriormente, para além de outro benchmarking para garantir uma avaliação abrangente.The microservices architecture stands as a beacon of promise in the software landscape, drawing developers and companies towards its compelling principles. Its appeal lies in the potential for improved scalability, flexibility, and agility, aligning with the ever-evolving demands of the digital age. However, navigating the intricacies of microservices can be a challenging task, especially as this field continues to evolve. A key challenge arises from the inherent complexity of microservices, where their sheer number and interdependencies can introduce new layers of intricacy. Furthermore, the rapid expansion of microservices, coupled with the need to harness their advantages effectively, demands a deeper understanding of the potential pitfalls and issues that may emerge. To truly unlock the benefits of microservices, it is essential to address these challenges head-on and ensure a successful journey in the world of microservices development and adoption. The present document intends to explore the area of microservice architecture smells that play such an important role in the technical debt directed to the area of microservices. It embarks on a comprehensive research exploration, delving into the realm of microservice smells. This research serves as the cornerstone for enhancing a microservice smell catalogue. This comprehensive research draws data from two primary sources: a systematic mapping research and an industry survey. The latter involves 31 seasoned professionals with substantial experience in the field of microservices. Moreover, the development and enhancement of a tool specifically designed to identify and address issues related to microservices is described. This tool is aimed at improving developers' performance throughout the development and implementation of microservices architecture. Finally, the document includes an evaluation of the tool's performance. This involves a comparative analysis conducted before and after the tool's enhancements. The tool's effectiveness will be assessed using the same microservice benchmarking as previously employed, in addition to another benchmark to ensure a comprehensive evaluation

An introduction to Docker for reproducible research, with examples from the R environment

As computational work becomes more and more integral to many aspects of scientific research, computational reproducibility has become an issue of increasing importance to computer systems researchers and domain scientists alike. Though computational reproducibility seems more straight forward than replicating physical experiments, the complex and rapidly changing nature of computer environments makes being able to reproduce and extend such work a serious challenge. In this paper, I explore common reasons that code developed for one research project cannot be successfully executed or extended by subsequent researchers. I review current approaches to these issues, including virtual machines and workflow systems, and their limitations. I then examine how the popular emerging technology Docker combines several areas from systems research - such as operating system virtualization, cross-platform portability, modular re-usable elements, versioning, and a `DevOps' philosophy, to address these challenges. I illustrate this with several examples of Docker use with a focus on the R statistical environment

Microservice API Evolution in Practice: A Study on Strategies and Challenges

Nowadays, many companies design and develop their software systems as a set of loosely coupled microservices that communicate via their Application Programming Interfaces (APIs). While the loose coupling improves maintainability, scalability, and fault tolerance, it poses new challenges to the API evolution process. Related works identified communication and integration as major API evolution challenges but did not provide the underlying reasons and research directions to mitigate them. In this paper, we aim to identify microservice API evolution strategies and challenges in practice and gain a broader perspective of their relationships. We conducted 17 semi-structured interviews with developers, architects, and managers in 11 companies and analyzed the interviews with open coding used in grounded theory. In total, we identified six strategies and six challenges for REpresentational State Transfer (REST) and event-driven communication via message brokers. The strategies mainly focus on API backward compatibility, versioning, and close collaboration between teams. The challenges include change impact analysis efforts, ineffective communication of changes, and consumer reliance on outdated versions, leading to API design degradation. We defined two important problems in microservice API evolution resulting from the challenges and their coping strategies: tight organizational coupling and consumer lock-in. To mitigate these two problems, we propose automating the change impact analysis and investigating effective communication of changes as open research directions

Development of a Machine Learning Platform

Adoption of machine learning is becoming widespread, thus, it is natural to see a more comprehensive adoption of this technology by companies to, not only to enhance their products and services, but also to offer greater market competitiveness. Having said that, and attending to this new paradigm, the present dissertation is focused on the implementation of a platform to optimize and enhance the development of projects in the area of machine learning. This challenge arises from a proposal put forward by company GMV, which aims to make the machine learning process more accessible and intuitive for its workers and, in parallel, to ensure high levels of consistency and productivity in the development of its projects. Based on all these assumptions, a first approach is made in this dissertation, laying both on how a machine learning project is organized as well as on the problems that arise throughout its development. First, a study was made of the functioning of some platforms already present in the market, in order to understand which problems they intend to solve and which solution or solutions have been developed to address them. Then, the characteristics to be integrated in the platform were identified. The study and comparison of some technologies present in the market allowed us to select and implement the most promising ones regarding the characteristics previously identified. Finally, the proposed solution is presented, explaining both the functioning of the platform and the options taken throughout its development.Numa altura em que se preconiza a adoção, cada vez mais generalizada, da aprendi- zagem automática, é com naturalidade que se assiste a uma adesão mais abrangente por parte das empresas a esta tecnologia. Não só para potenciar os seus produtos e serviços, mas também porque oferece uma maior competitividade no mercado. Posto isto, e aten- dendo a todo este novo paradigma, surge a presente dissertação, que tem como foco o desenvolvimento de uma plataforma que permita otimizar e potenciar o desenvolvimento de projetos na área de inteligência artificial. Este desafio surgiu de uma proposta apre- sentada pela empresa GMV, que pretende tornar o processo de aprendizagem automática mais acessível e intuitivo para os seus trabalhadores e, paralelamente, assegurar níveis elevados de consistência e produtividade no desenvolvimento dos seus projetos. Partindo de todos estes pressupostos, nesta dissertação foi feita uma primeira aborda- gem, quer sobre como é organizado um projeto de aprendizagem automática, quer aos problemas que existem ao longo do seu desenvolvimento. Posteriormente, foi feito um estudo do funcionamento de algumas plataformas já presentes no mercado, por forma a compreender quais os problemas que pretendem resolver e qual a solução ou soluções desenvolvidas para os colmatar. Feita esta análise, prosseguiu-se com a identificação das características a integrar na plataforma. Após este passo, seguiu-se o estudo e comparação de algumas tecnologias presentes no mercado tendo em vista a implementação das mais promissoras e que contemplassem as características identificadas previamente. Por fim, é apresentada a solução proposta, com a explicação quer do funcionamento da plataforma, quer das opções tomadas ao longo do seu desenvolvimento