Do internal software quality tools measure validated metrics?

Internal software quality determines the maintainability of the software product and influences the quality in use. There is a plethora of metrics which purport to measure the internal quality of software, and these metrics are offered by static software analysis tools. To date, a number of reports have assessed the validity of these metrics. No data are available, however, on whether metrics offered by the tools are somehow validated in scientific studies. The current study covers this gap by providing data on which tools and how many validated metrics are provided. The results show that a range of metrics that the tools provided do not seem to be validated in the literature and that only a small percentage of metrics are validated in the provided tools

SOFTWARE QUALITY: DUAL EXPERTS OPINION AND CONDITIONAL BASED AGGREGATION METHOD

The software reliability is the significant factor to find out software failures in software development Life Cycle. The one more factor considered is the quality of software measurement process. These two factors are mostly considered for the possibility of execution of the software without failures in a software development life cycle. The software reliability and software quality cannot be predicted accurately because of its unsuccessful detection of failures in certain scenarios. This paper mainly focuses on improving the software engineering metrics using an expert opinion and in order to resolve the software failures. On choosing the software engineering measures there are different types of problem that are been occurred in that in this paper we have taken two main issues. The first issue is number of measures that are utilized in estimating software quality and these software measures are chosen with the help of expert opinion. However, the experts are humans so they may have less adequate knowledge about different software evaluations. The Problem is resolved by taking consideration with first level and second level of experts ’ opinion for selecting the best measures for software quality. The second issue is of data aggregation function which is not suitable for large number of data aggregations, here in this paper we select a prioritized opinion for data aggregation. The prioritization is based on number of experts involved in each life-cycle phase of software development with time duration to give the opinion. Finally the experiments results are shown for the software quality improvisation by the proposed framework

Collaborative Application Security Testing for DevSecOps: An Empirical Analysis of Challenges, Best Practices and Tool Support

DevSecOps is a software development paradigm that places a high emphasis on the culture of collaboration between developers (Dev), security (Sec) and operations (Ops) teams to deliver secure software continuously and rapidly. Adopting this paradigm effectively, therefore, requires an understanding of the challenges, best practices and available solutions for collaboration among these functional teams. However, collaborative aspects related to these teams have received very little empirical attention in the DevSecOps literature. Hence, we present a study focusing on a key security activity, Application Security Testing (AST), in which practitioners face difficulties performing collaborative work in a DevSecOps environment. Our study made novel use of 48 systematically selected webinars, technical talks and panel discussions as a data source to qualitatively analyse software practitioner discussions on the most recent trends and emerging solutions in this highly evolving field. We find that the lack of features that facilitate collaboration built into the AST tools themselves is a key tool-related challenge in DevSecOps. In addition, the lack of clarity related to role definitions, shared goals, and ownership also hinders Collaborative AST (CoAST). We also captured a range of best practices for collaboration (e.g., Shift-left security), emerging communication methods (e.g., ChatOps), and new team structures (e.g., hybrid teams) for CoAST. Finally, our study identified several requirements for new tool features and specific gap areas for future research to provide better support for CoAST in DevSecOps.Comment: Submitted to the Empirical Software Engineering journal_v

Detecting Dissimilar Classes of Source Code Defects

Software maintenance accounts for the most part of the software development cost and efforts, with its major activities focused on the detection, location, analysis and removal of defects present in the software. Although software defects can be originated, and be present, at any phase of the software development life-cycle, implementation (i.e., source code) contains more than three-fourths of the total defects. Due to the diverse nature of the defects, their detection and analysis activities have to be carried out by equally diverse tools, often necessitating the application of multiple tools for reasonable defect coverage that directly increases maintenance overhead. Unified detection tools are known to combine different specialized techniques into a single and massive core, resulting in operational difficulty and maintenance cost increment. The objective of this research was to search for a technique that can detect dissimilar defects using a simplified model and a single methodology, both of which should contribute in creating an easy-to-acquire solution. Following this goal, a ‘Supervised Automation Framework’ named FlexTax was developed for semi-automatic defect mapping and taxonomy generation, which was then applied on a large-scale real-world defect dataset to generate a comprehensive Defect Taxonomy that was verified using machine learning classifiers and manual verification. This Taxonomy, along with an extensive literature survey, was used for comprehension of the properties of different classes of defects, and for developing Defect Similarity Metrics. The Taxonomy, and the Similarity Metrics were then used to develop a defect detection model and associated techniques, collectively named Symbolic Range Tuple Analysis, or SRTA. SRTA relies on Symbolic Analysis, Path Summarization and Range Propagation to detect dissimilar classes of defects using a simplified set of operations. To verify the effectiveness of the technique, SRTA was evaluated by processing multiple real-world open-source systems, by direct comparison with three state-of-the-art tools, by a controlled experiment, by using an established Benchmark, by comparison with other tools through secondary data, and by a large-scale fault-injection experiment conducted using a Mutation-Injection Framework, which relied on the taxonomy developed earlier for the definition of mutation rules. Experimental results confirmed SRTA’s practicality, generality, scalability and accuracy, and proved SRTA’s applicability as a new Defect Detection Technique

Una propuesta basada en el paradigma dirigido por modelos para la integración del ciclo de vida de la medición al ciclo de vida del proceso

Context: Measurement enables organizations to gain knowledge about its processes and projects, also to reach predictable performance and high capability processes, which places organizations in better positions to make appropriate decisions. Measuring the software development process supports organizations in its endeavor to understand, evaluate, manage, and improve its development processes and projects. In the last decades, the software development process has evolved to meet the market needs and to keep abreast of modern technologies and infrastructures that have influenced the product development and its use. These changes in the development processes have increased the importance of the measurement and caused changes in the measurement process and the used measures. Objective: This thesis aims to contribute to the software process measurement domain in two main aspects; first, propose a novel solution to support the identification and the operational definition of the measurement concepts and objectives. The second is defining a measurement lifecycle and integrate it into the process lifecycle. Method: We have carried out a survey and mapping study to understand the current state of the art, and to identify existing gaps. After that, we have proposed a theoretical solution to support the software process measurement, and finally, we have developed this solution to allow its practical use in real environments, enabling its application and evaluation in a real project. Results: The proposed solution consists of three main components: (i) Measurement lifecycle; which define the measurement activities throughout the process lifecycle, (ii) Measurement metamodels; these metamodels support the measurement lifecycle and its integration into the process lifecycle, (iii) Transformation process; which allow the derivation of the necessary measurement models, artifacts, and activities throughout the process lifecycle. Conclusion: The solution presented in this dissertation allows organizations to manage and improve their processes and projects; the proposed information model supports the unification of the measurement concepts vocabulary, coherently connects them, and ensures the traceability between these concepts. The defined measurement process lifecycle provides a clear and comprehensive guide for the organizations to establish the measurement objectives and carry out the necessary activities to achieve them. The proposed measurement definition metamodel support and guide the engineers to define the measurement concepts and their relationships completely and operationally. Moreover, the proposed transformations use this metamodel to support the measurement process and to derive the necessary measurement artifacts and activities throughout the process lifecycle.Contexto: la medición permite a las organizaciones obtener conocimiento sobre sus procesos y proyectos, también alcanzar un rendimiento predecible y procesos de alta capacidad, lo que pone las organizaciones en mejores posiciones para tomar decisiones apropiadas. La medición del proceso de desarrollo de software apoya a las organizaciones en su esfuerzo para comprender, evaluar, gestionar y mejorar sus procesos y proyectos de desarrollo. Objetivo: Esta disertación propone una solución novedosa para respaldar la identificación y la definición de los conceptos y objetivos de medición en una forma operativa. Además, busca definir un ciclo de vida de la medición e integrarlo en el ciclo de vida del proceso. Método: Hemos llevado a cabo una encuesta y estudios de mapeo para comprender el estado del arte e identificar brechas existentes. Posteriormente, hemos propuesto una solución teórica para respaldar la medición del proceso del software y, finalmente, hemos desarrollado esta solución para permitir su uso práctico en entornos reales, permitiendo su aplicación y evaluación en un proyecto real. Resultados: La solución propuesta consta de tres componentes principales: (i) Ciclo de vida de la medición; que define las actividades de medición a lo largo del ciclo de vida del proceso, (ii) Metamodelos de medición; estos metamodelos apoyan el ciclo de vida de la medición y su integración en el ciclo de vida del proceso, (iii) Proceso de transformación; que permite la derivación de los modelos de medición, artefactos y actividades necesarios a lo largo del ciclo de vida del proceso. Conclusión: la solución presentada en este trabajo permite a las organizaciones gestionar y mejorar sus procesos y proyectos; El modelo de información propuesto apoya la unificación del vocabulario de los conceptos de medición, los conecta de forma coherente y garantiza la trazabilidad entre estos conceptos. El ciclo de vida del proceso de medición proporciona una guía clara y completa para que las organizaciones establezcan los objetivos de medición y realicen las actividades necesarias para lograrlos. El metamodelo de definición de la medición apoya y guía a los ingenieros para definir los conceptos de medición y sus relaciones de manera completa y operativa; además, las transformaciones propuestas utilizan este metamodelo para respaldar el proceso de medición y derivar los artefactos y las actividades de medición necesarios durante el ciclo de vida del proceso