116,958 research outputs found
The Web Engineering Security (WES) methodology
The World Wide Web has had a significant impact on basic operational economical components in global information rich civilizations. This impact is forcing organizations to provide justification for security from a business case perspective and to focus on security from a web application development environment perspective. This increased focus on security was the basis of a business case discussion and led to the acquisition of empirical evidence gathered from a high level Web survey and more detailed industry surveys to analyse security in the Web application development environment. Along with this information, a collection of evidence from relevant literature was also gathered. Individual aspects of the data gathered in the previously mentioned activities contributed to the proposal of the Essential Elements (EE) and the Security Criteria for Web Application Development (SCWAD). The Essential Elements present the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. The Security Criteria for Web Application Development identifies criteria that need to be addressed by a secure Web Engineering process. Both the EE and SCWAD are presented in detail along with relevant justification of these two elements to Web Engineering. SCWAD is utilized as a framework to evaluate the security of a representative selection of recognized software engineering processes used in Web Engineering application development. The software engineering processes appraised by SCWAD include: the Waterfall Model, the Unified Software Development Process (USD), Dynamic Systems Development Method (DSDM) and eXtreme Programming (XP). SCWAD is also used to assess existing security methodologies which are comprised of the Orion Strategy; Survivable / Viable IS approaches; Comprehensive Lightweight Application Security Process (CLASP) and Microsoft’s Trust Worthy Computing Security Development Lifecycle. The synthesis of information provided by both the EE and SCWAD were used to develop the Web Engineering Security (WES) methodology. WES is a proactive, flexible, process neutral security methodology with customizable components that is based on empirical evidence and used to explicitly integrate security throughout an organization’s chosen application development process. In order to evaluate the practical application of the EE, SCWAD and the WES methodology, two case studies were conducted during the course of this research. The first case study describes the application of both the EE and SCWAD to the Hunterian Museum and Art Gallery’s Online Photo Library (HOPL) Internet application project. The second case study presents the commercial implementation of the WES methodology within a Global Fortune 500 financial service sector organization. The assessment of the WES methodology within the organization consisted of an initial survey establishing current security practices, a follow-up survey after changes were implemented and an overall analysis of the security conditions assigned to projects throughout the life of the case study
Automatic Software Repair: a Bibliography
This article presents a survey on automatic software repair. Automatic
software repair consists of automatically finding a solution to software bugs
without human intervention. This article considers all kinds of repairs. First,
it discusses behavioral repair where test suites, contracts, models, and
crashing inputs are taken as oracle. Second, it discusses state repair, also
known as runtime repair or runtime recovery, with techniques such as checkpoint
and restart, reconfiguration, and invariant restoration. The uniqueness of this
article is that it spans the research communities that contribute to this body
of knowledge: software engineering, dependability, operating systems,
programming languages, and security. It provides a novel and structured
overview of the diversity of bug oracles and repair operators used in the
literature
Synthesis of Attributed Feature Models From Product Descriptions: Foundations
Feature modeling is a widely used formalism to characterize a set of products
(also called configurations). As a manual elaboration is a long and arduous
task, numerous techniques have been proposed to reverse engineer feature models
from various kinds of artefacts. But none of them synthesize feature attributes
(or constraints over attributes) despite the practical relevance of attributes
for documenting the different values across a range of products. In this
report, we develop an algorithm for synthesizing attributed feature models
given a set of product descriptions. We present sound, complete, and
parametrizable techniques for computing all possible hierarchies, feature
groups, placements of feature attributes, domain values, and constraints. We
perform a complexity analysis w.r.t. number of features, attributes,
configurations, and domain size. We also evaluate the scalability of our
synthesis procedure using randomized configuration matrices. This report is a
first step that aims to describe the foundations for synthesizing attributed
feature models
Closing the gap between software engineering education and industrial needs
According to different reports, many recent software engineering graduates
often face difficulties when beginning their professional careers, due to
misalignment of the skills learnt in their university education with what is
needed in industry. To address that need, many studies have been conducted to
align software engineering education with industry needs. To synthesize that
body of knowledge, we present in this paper a systematic literature review
(SLR) which summarizes the findings of 33 studies in this area. By doing a
meta-analysis of all those studies and using data from 12 countries and over
4,000 data points, this study will enable educators and hiring managers to
adapt their education / hiring efforts to best prepare the software engineering
workforce
- …