Business process quality measurement using advances in static code analysis

Business process models play an important role in the life of a company. Resemblances between software programs and business processes inspired several researchers to adapt software metrics from the field of static code analysis to help designers to build more effective and understandable processes. This paper aims to add recent advances in software quality measurement such as benchmarking and ISO/IEC 25010 standard based quality models to business process quality measurement. These techniques were proved to be very useful in software engineering both for managers and developers; moreover, they can be easily adopted to business process workflows. We focused on a specific type of flowchart called event-driven process chain (EPC), because in an EPC the activities are very often managed by software systems and our assumption is that the quality of these software systems affects the quality of the EPC itself. The presented business process quality model also uses the quality and test coverage metrics of these software systems besides business process metrics

On Combining Diverse Static Analysis Tools for Web Security: An Empirical Study

Developers frequently rely on free static analysis tools to automatically detect vulnerabilities in the source code of their applications, but it is well-known that the performance of such tools is limited and varies from one software development scenario to another, both in terms of coverage and false positives. Diversity is an obvious direction to take to improve coverage, as different tools usually report distinct vulnerabilities, but this may come with an increase in the number of false alarms. In this paper,we study the problem of combining diverse static analysis tools to detect web vulnerabilities, considering four software development scenarios with different goals and constraints, ranging from low budget to high-end (e.g., business critical) applications. We conducted an experimental campaign with five free static analysis tools to detect vulnerabilities in a workload composed by 134 WordPress plugins. Results clearly show that the best solution depends on the development scenario. Furthermore, in some cases, a single tool performs better than the best combination of tools

Characteristics of the Audit Processes for Distributed Informatics Systems

The paper contains issues regarding: main characteristics and examples of the distributed informatics systems and main difference categories among them, concepts, principles, techniques and fields for auditing the distributed informatics systems, concepts and classes of the standard term, characteristics of this one, examples of standards, guidelines, procedures and controls for auditing the distributed informatics systems. The distributed informatics systems are characterized by the following issues: development process, resources, implemented functionalities, architectures, system classes, particularities. The audit framework has two sides: the audit process and auditors. The audit process must be led in accordance with the standard specifications in the IT&C field. The auditors must meet the ethical principles and they must have a high-level of professional skills and competence in IT&C field.informatics audit, characteristic, distributed informatics system, standard

Collecting Service-Based Maintainability Metrics from RESTful API Descriptions: Static Analysis and Threshold Derivation

While many maintainability metrics have been explicitly designed for service-based systems, tool-supported approaches to automatically collect these metrics are lacking. Especially in the context of microservices, decentralization and technological heterogeneity may pose challenges for static analysis. We therefore propose the modular and extensible RAMA approach (RESTful API Metric Analyzer) to calculate such metrics from machine-readable interface descriptions of RESTful services. We also provide prototypical tool support, the RAMA CLI, which currently parses the formats OpenAPI, RAML, and WADL and calculates 10 structural service-based metrics proposed in scientific literature. To make RAMA measurement results more actionable, we additionally designed a repeatable benchmark for quartile-based threshold ranges (green, yellow, orange, red). In an exemplary run, we derived thresholds for all RAMA CLI metrics from the interface descriptions of 1,737 publicly available RESTful APIs. Researchers and practitioners can use RAMA to evaluate the maintainability of RESTful services or to support the empirical evaluation of new service interface metrics.Comment: Accepted at CSE/QUDOS workshop (collocated with ECSA 2020

Evaluating Ethereum development environments

Abstract. Blockchain technology has been one of the hottest buzzwords in the early 2020s and one of the main reasons for that is the interest towards decentralized applications, which use the smart contracts located in the blockchain to serve the application’s business logic. Ethereum is the biggest platform for decentralized applications, and this study focuses on exploring what kind of support developers need for developing Ethereum based products. This is done by first examining the state of the art by conducting a semi-systematic literature review, followed by using a customized DESMET evaluation method, in which the requirements are mapped as features along with the evaluation criteria, to see how well the currently popular Ethereum development environments provide support for the developers. A total of three development environments by the names of Hardhat, Truffle, and Brownie are evaluated, and the achieved results are analysed to find the differences in the level of support they offer for the developers. At the end the findings of the study are summarized, the experiences from the customized DESMET evaluation method are reported, the validity towards the achieved results are inspected, and the possible directions to continue the work is discussed

Towards FAIR principles for research software

The FAIR Guiding Principles, published in 2016, aim to improve the findability, accessibility, interoperability and reusability of digital research objects for both humans and machines. Until now the FAIR principles have been mostly applied to research data. The ideas behind these principles are, however, also directly relevant to research software. Hence there is a distinct need to explore how the FAIR principles can be applied to software. In this work, we aim to summarize the current status of the debate around FAIR and software, as basis for the development of community-agreed principles for FAIR research software in the future. We discuss what makes software different from data with regard to the application of the FAIR principles, and which desired characteristics of research software go beyond FAIR. Then we present an analysis of where the existing principles can directly be applied to software, where they need to be adapted or reinterpreted, and where the definition of additional principles is required. Here interoperability has proven to be the most challenging principle, calling for particular attention in future discussions. Finally, we outline next steps on the way towards definite FAIR principles for research software