3,043 research outputs found
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Passwords are still a mainstay of various security systems, as well as the
cause of many usability issues. For end-users, many of these issues have been
studied extensively, highlighting problems and informing design decisions for
better policies and motivating research into alternatives. However, end-users
are not the only ones who have usability problems with passwords! Developers
who are tasked with writing the code by which passwords are stored must do so
securely. Yet history has shown that this complex task often fails due to human
error with catastrophic results. While an end-user who selects a bad password
can have dire consequences, the consequences of a developer who forgets to hash
and salt a password database can lead to far larger problems. In this paper we
present a first qualitative usability study with 20 computer science students
to discover how developers deal with password storage and to inform research
into aiding developers in the creation of secure password systems
Recommended from our members
A systematic mapping study of API usability evaluation methods
An Application Programming Interface (API) provides a programmatic interface to a software component that is often offered publicly and may be used by programmers who are not the API’s original designers. APIs play a key role in software reuse. By reusing high quality components and services, developers can increase their productivity and avoid costly defects. The usability of an API is a qualitative characteristic that evaluates how easy it is to use an API. Recent years have seen a considerable increase in research efforts aiming at evaluating the usability of APIs. An API usability evaluation can identify problem areas and provide recommendations for improving the API. In this systematic mapping study, we focus on 47 primary studies to identify the aim and the method of the API usability studies. We investigate which API usability factors are evaluated, at which phases of API development is the usability of API evaluated and what are the current limitations and open issues in API usability evaluation. We believe that the results of this literature review would be useful for both researchers and industry practitioners interested in investigating the usability of API and new API usability evaluation methods
EUD-MARS: End-User Development of Model-Driven Adaptive Robotics Software Systems
Empowering end-users to program robots is becoming more significant. Introducing software engineering principles into end-user programming could improve the quality of the developed software applications. For example, model-driven development improves technology independence and adaptive systems act upon changes in their context of use. However, end-users need to apply such principles in a non-daunting manner and without incurring a steep learning curve. This paper presents EUD-MARS that aims to provide end-users with a simple approach for developing model-driven adaptive robotics software. End-users include people like hobbyists and students who are not professional programmers but are interested in programming robots. EUD-MARS supports robots like hobby drones and educational humanoids that are available for end-users. It offers a tool for software developers and another one for end-users. We evaluated EUD-MARS from three perspectives. First, we used EUD-MARS to program different types of robots and assessed its visual programming language against existing design principles. Second, we asked software developers to use EUD-MARS to configure robots and obtained their feedback on strengths and points for improvement. Third, we observed how end-users explain and develop EUD-MARS programs, and obtained their feedback mainly on understandability, ease of programming, and desirability. These evaluations yielded positive indications of EUD-MARS
Abmash: Mashing Up Legacy Web Applications by Automated Imitation of Human Actions
Many business web-based applications do not offer applications programming
interfaces (APIs) to enable other applications to access their data and
functions in a programmatic manner. This makes their composition difficult (for
instance to synchronize data between two applications). To address this
challenge, this paper presents Abmash, an approach to facilitate the
integration of such legacy web applications by automatically imitating human
interactions with them. By automatically interacting with the graphical user
interface (GUI) of web applications, the system supports all forms of
integrations including bi-directional interactions and is able to interact with
AJAX-based applications. Furthermore, the integration programs are easy to
write since they deal with end-user, visual user-interface elements. The
integration code is simple enough to be called a "mashup".Comment: Software: Practice and Experience (2013)
ASSESSING THE QUALITY OF SOFTWARE DEVELOPMENT TUTORIALS AVAILABLE ON THE WEB
Both expert and novice software developers frequently access software development resources available on the Web in order to lookup or learn new APIs, tools and techniques. Software quality is affected negatively when developers fail to find high-quality information relevant to their problem. While there is a substantial amount of freely available resources that can be accessed online, some of the available resources contain information that suffers from error proneness, copyright infringement, security concerns, and incompatible versions. Use of such toxic information can have a strong negative effect on developer’s efficacy. This dissertation focuses specifically on software tutorials, aiming to automatically evaluate the quality of such documents available on the Web. In order to achieve this goal, we present two contributions: 1) scalable detection of duplicated code snippets; 2) automatic identification of valid version ranges.
Software tutorials consist of a combination of source code snippets and natural language text. The code snippets in a tutorial can originate from different sources, perhaps carrying stringent licensing requirements or known security vulnerabilities. Developers, typically unaware of this, can reuse these code snippets in their project. First, in this thesis, we present our work on a Web-scale code clone search technique that is able to detect duplicate code snippets between large scale document and source code corpora in order to trace toxic code snippets.
As software libraries and APIs evolve over time, existing software development tutorials can become outdated. It is difficult for software developers and especially novices to determine the expected version of the software implicit in a specific tutorial in order to decide whether the tutorial is applicable to their software development environment. To overcome this challenge, in this thesis we present a novel technique for automatic identification of the valid version range of software development tutorials on the Web
Quality Engineering for Agile and DevOps on the Cloud and Edge
Today's software projects include enhancements, fixes, and patches need to be
delivered almost on a daily basis to clients. Weekly and daily releases are
pretty much the norm and sit alongside larger feature upgrades and quarterly
releases. Software delivery has to be more agile now than ever before.
Companies that were, in the past, experimenting with agile based delivery
models, are now looking to scale it to enterprise grade. This shifts the need
from the ability to build and execute tests rapidly, to using different means,
technologies and procedures to provide rapid and insightful validation
sequences and tests to establish quality withing the manufacturing cycle. This
book addresses the need of effectively embedding quality engineering throughout
the agile development cycle thus addressing the need for enterprise scale high
quality agile development
Boosting API Recommendation with Implicit Feedback
Developers often need to use appropriate APIs to program efficiently, but it
is usually a difficult task to identify the exact one they need from a vast of
candidates. To ease the burden, a multitude of API recommendation approaches
have been proposed. However, most of the currently available API recommenders
do not support the effective integration of users' feedback into the
recommendation loop. In this paper, we propose a framework, BRAID (Boosting
RecommendAtion with Implicit FeeDback), which leverages learning-to-rank and
active learning techniques to boost recommendation performance. By exploiting
users' feedback information, we train a learning-to-rank model to re-rank the
recommendation results. In addition, we speed up the feedback learning process
with active learning. Existing query-based API recommendation approaches can be
plugged into BRAID. We select three state-of-the-art API recommendation
approaches as baselines to demonstrate the performance enhancement of BRAID
measured by Hit@k (Top-k), MAP, and MRR. Empirical experiments show that, with
acceptable overheads, the recommendation performance improves steadily and
substantially with the increasing percentage of feedback data, comparing with
the baselines.Comment: 15 pages, 4 figure
Are Code Examples on an Online Q&A Forum Reliable?
Programmers often consult an online Q&A forum such as Stack Overflow to learn new APIs. This paper presents an empirical study on the prevalence and severity of API misuse on Stack Overflow. To reduce manual assessment effort, we design ExampleCheck, an API usage mining framework that extracts patterns from over 380K Java repositories on GitHub and subsequently reports potential API usage violations in Stack Overflow posts. We analyze 217,818 Stack Overflow posts using ExampleCheck and find that 31% may have potential API usage violations that could produce unexpected behavior such as program crashes and resource leaks. Such API misuse is caused by three main reasons---missing control constructs, missing or incorrect order of API calls, and incorrect guard conditions. Even the posts that are accepted as correct answers or upvoted by other programmers are not necessarily more reliable than other posts in terms of API misuse. This study result calls for a new approach to augment Stack Overflow with alternative API usage details that are not typically shown in curated examples
- …