Semantic Similarity-Based Clustering of Findings From Security Testing Tools

Over the last years, software development in domains with high security demands transitioned from traditional methodologies to uniting modern approaches from software development and operations (DevOps). Key principles of DevOps gained more importance and are now applied to security aspects of software development, resulting in the automation of security-enhancing activities. In particular, it is common practice to use automated security testing tools that generate reports after inspecting a software artifact from multiple perspectives. However, this raises the challenge of generating duplicate security findings. To identify these duplicate findings manually, a security expert has to invest resources like time, effort, and knowledge. A partial automation of this process could reduce the analysis effort, encourage DevOps principles, and diminish the chance of human error. In this study, we investigated the potential of applying Natural Language Processing for clustering semantically similar security findings to support the identification of problem-specific duplicate findings. Towards this goal, we developed a web application for annotating and assessing security testing tool reports and published a human-annotated corpus of clustered security findings. In addition, we performed a comparison of different semantic similarity techniques for automatically grouping security findings. Finally, we assess the resulting clusters using both quantitative and qualitative evaluation methods.Comment: Accepted to ICNLSP 202

Robust factor analysis in the presence of normality violations, missing data, and outliers: Empirical questions and possible solutions

Although a mainstay of psychometric methods, several reviews suggest factor analysis is often applied without testing whether data support it, and that decision-making process or guiding principles providing evidential support for FA techniques are seldom reported. Researchers often defer such decision-making to the default settings on widely-used software packages, and unaware of their limitations, might unwittingly misuse FA. This paper discusses robust analytical alternatives for answering nine important questions in exploratory factor analysis (EFA), and provides R commands for running complex analysis in the hope of encouraging and empowering substantive researchers on a journey of discovery towards more knowledgeable and judicious use of robust alternatives in FA. It aims to take solutions to problems like skewness, missing values, determining the number of factors to extract, and calculation of standard errors of loadings, and make them accessible to the general substantive researcher

An ontology of agile aspect oriented software development

Both agile methods and aspect oriented programming (AOP) have emerged in recent years as new paradigms in software development. Both promise to free the process of building software systems from some of the constraints of more traditional approaches. As a software engineering approach on the one hand, and a software development tool on the other, there is the potential for them to be used in conjunction. However, thus far, there has been little interplay between the two. Nevertheless, there is some evidence that there may be untapped synergies that may be exploited, if the appropriate approach is taken to integrating AOP with agile methods. This paper takes an ontological approach to supporting this integration, proposing ontology enabled development based on an analysis of existing ontologies of aspect oriented programming, a proposed ontology of agile methods, and a derived ontology of agile aspect oriented development

CoFeD: A visualisation framework for comparative quality evaluation

Evaluation for the purpose of selection can be a challenging task particularly when there is a plethora of choices available. Short-listing, comparisons and eventual choice(s) can be aided by visualisation techniques. In this paper we use Feature Analysis, Tabular and Tree Representations and Composite Features Diagrams (CFDs) for profiling user requirements and for top-down profiling and evaluation of items (methods, tools, techniques, processes and so on) under evaluation. The resulting framework CoFeD enables efficient visual comparison and initial short-listing. The second phase uses bottom-up quantitative evaluation which aids the elimination of the weakest items and hence the effective selection of the most appropriate item. The versatility of the framework is illustrated by a case study comparison and evaluation of two agile methodologies. The paper concludes with limitations and indications of further work

Software development methods and usability: Perspectives from a survey in the software industry in Norway

This paper investigates the relationship between traditional software development methodologies and usability. The point of departure is the assumption that two important disciplines in software development, one of software development methods (SDMs) and one of usability work, are not integrated in industrial software projects. Building on previous research we investigate two questions; (1) Will software companies generally acknowledge the importance of usability, but not prioritise it in industrial projects? and (2) To what degree are software development methods and usability perceived by practitioners as being integrated? To this end a survey in the Norwegian IT industry was conducted. From a sample of 259 companies we received responses from 78 companies. In response to our first research question, our findings show that although there is a positive bias towards usability, the importance of usability testing is perceived to be much less than that of usability requirements. Given the strong time and cost pressures associated with the software industry, we believe that these results highlight that there is a gap between intention and reality. Regarding our second research question our survey revealed that companies perceive usability and software development methods to be integrated. This is in contrast to earlier research, which, somewhat pessimistically, has argued for the existence of two different cultures, one of software development and one of usability. The findings give hope for the future, in particular because the general use of system development methods are pragmatic and adaptable

An Investigation into Mobile Based Approach for Healthcare Activities, Occupational Therapy System

This research is to design and optimize the high quality of mobile apps, especially for iOS. The objective of this research is to develop a mobile system for Occupational therapy specialists to access and retrieval information. The investigation identifies the key points of using mobile-D agile methodology in mobile application development. It considers current applications within a different platform. It achieves new apps (OTS) for the health care activities