FindYourHelp: an expert finder module on Virtual Learning Environments

Este artigo discute a criação de um módulo adicional para o ambiente Moodle, que permita a identificação automática de especialistas que contribuam em seus fóruns de discussão. O diferencial da solução desenvolvida consiste em aplicar técnicas de mineração de textos como forma complementar à análise de participação dos estudantes já existente no ambiente. Um estudo de viabilidade da solução foi desenvolvido e evidenciou a aplicabilidade da ferramenta em relação a seus objetivos iniciais

A Perception of the Practice of Software Security and Performance Verification

Security and performance are critical nonfunctional requirements for software systems. Thus, it is crucial to include verification activities during software development to identify defects related to such requirements, avoiding their occurrence after release. Software verification, including testing and reviews, encompasses a set of activities that have a purpose of analyzing the software searching for defects. Security and performance verification are activities that look at defects related to these specific quality attributes. Few empirical studies have been focused on how is the state of the practice in security and performance verification. This paper presents the results of a case study performed in the context of Brazilian organizations aiming to characterize security and performance verification practices. Additionally, it provides a set of conjectures indicating recommendations to improve security and performance verification activities.acceptedVersio

Influencing the security prioritisation of an agile software development project

Software security is a complex topic, and for development projects it can be challenging to assess what security is necessary and cost-effective. Agile Software Development (ASD) values self-management. Thus, teams and their Product Owners are expected to also manage software security prioritisation. In this paper we build on the notion that security experts who want to influence the priority given to security in ASD need to do this through interactions and support for teams rather than prescribing certain activities or priorities. But to do this effectively, there is a need to understand what hinders and supports teams in prioritising security. Based on a longitudinal case study, this article offers insight into the strategy used by one security professional in an SME to influence the priority of security in software development projects in the company. The main result is a model of influences on security prioritisation that can assist in understanding what supports or hinders the prioritisation of security in ASD, thus providing recommendations for security professionals. Two alternative strategies are outlined for software security in ASD – prescribed and emerging – where we hypothesise that an emerging approach can be more relevant for SMEs doing ASD, and that this can impact how such companies should consider software security maturity.publishedVersio

Evaluating Digital Creativity Support for Children: A Systematic Literature Review

Creativity, the process of creating something new and valuable, benefits children by improving their skills and development, encouraging interaction and engagement, and enabling the generation and expression of novel ideas. In recent years, interactive digital tools have emerged to support the user’s creativity in the open-ended creation of new artifacts. However, the question of evaluating the creativity happening in the interplay between children, digital tools, and products is still open. This systematic literature review investigated the evaluations of digital creativity support tools for children and identified 81 peer-reviewed relevant articles from the last 10 years. This research contributes to practitioners and researchers by providing an overview of the evaluations in a framework based on 10 factors (value, novelty, fluency, enjoyment, user feeling, collaboration, expressiveness, immersion, flexibility, and interaction), nine product areas, three approaches, and five methods. The review demonstrated that the evaluations differ widely, and the area lacks a standard evaluation framework. We propose the dimensions of our analysis as an initial framework for situating the evaluation of digital creativity support tools for children that the child–computer interaction community can further refine

Accountability Requirements in the Cloud Provider Chain

In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability challenges, with many stakeholders involved. Symmetry is very important in any requirements’ elicitation activity, since input from diverse stakeholders needs to be balanced. This article ventures to answer the question “How can one create an accountable cloud service?” by examining requirements which must be fulfilled to achieve an accountability-based approach, based on interaction with over 300 stakeholders.publishedVersio

Visualização de informações para suporte ao teste e depuração de programas

Orientador: Mario JinoDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Eletrica e de ComputaçãoResumo: A depuração é uma atividade do desenvolvimento de software que tem como objetivo encontrar os defeitos de um programa, detectados durante o teste. Poucas ferramentas atualmente exploram as informações que são fornecidas pelo teste para auxiliar a depuração. Esta dissertação tem como motivação principal acoplar informações geradas durante o teste à atividade de depuração, de forma a auxiliar na formulação de hipóteses sobre as localizações de defeitos. Este trabalho envolveu também o estudo das atividades de teste e depuração no intuito de determinar as informações que os programadores e testadores buscam em cada etapa. Estas informações foram utilizadas para aprimorar duas ferramentas já existentes, a Poke-Tool e a ViewGraph, fornecendo suporte à geração e a visualização das informações requeridas para auxilio à depuração e teste de programas, através de uma nova ferramenta, denominada View. ...Observação: O resumo, na íntegra, poderá ser visualizado no texto completo da tese digitalAbstract: Debugging is the activity of the software development that has the goal of locating defects of a program, detected through failures occurring during software testing. Few tools currently take advantage of information supplied by testing to assist in debugging tasks. This thesis has as main motivation the use of information generated from testing in debugging activities, to help in providing hypotheses about defects location. This work also involved the study of tasks of testing and debugging to determine the information programmersand testers seek in each stage.This informationhas been used to improve two existing tools, Poke-Tool and ViewGraph, providing support to the generation and visualization of information required to assist debugging and testing of programs through a new tool, called View. ...Note: The complete abstract is available with the full electronic digital thesis or dissertationsMestradoAutomaçãoMestre em Engenharia Elétric

Secundary analysis of experimental software engineering

Orientadores: Mario Jino, Manoel Gomes de Mendonça Neto, Victor Robert basiliTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Eletrica e de ComputaçãoResumo: Enquanto é claro que existem muitas fontes de variação de um contexto de desenvolvimento de software para outro, não é claro, a priori, quais variáveis específicas influenciarão a eficácia de um processo, de uma técnica ou de um método em um determinado contexto. Por esta razão, o conhecimento sobre a engenharia de software deve ser construído a partir de muitos estudos, executados tanto em contextos similares como em contextos diferentes entre si. Trabalhos precedentes discutiram como projetar estudos relacionados documentando tão precisamente quanto possível os valores de variáveis do contexto para assim poder comparálos com os valores observados em novos estudos. Esta abordagem é importante, porém argumentamos neste trabalho que uma abordagem oportunística também é prática. A abordagem de análise secundária de estudos discutida neste trabalho (SecESE) visa combinar resultados de múltiplos estudos individuais realizados independentemente, permitindo a expansão do conhecimento experimental em engenharia de software. Usamos uma abordagem baseada na codificação da informação extraída dos artigos e dos dados experimentais em uma base estruturada. Esta base pode então ser minerada para extrair novos conhecimentos de maneira simples e flexívelAbstract: While it is clear that there are many sources of variation from one software development context to another, it is not clear a priori, what specific variables will influence the effectiveness of a process, technique, or method in a given context. For this reason, we argue that knowledge about software engineering must be built from many studies, in which related studies are run within similar contexts as well as very different ones. Previous works have discussed how to design related studies so as to document as precisely as possible the values of context variables and be able to compare with those observed in new studies. While such a planned approach is important, we argue that an opportunistic approach is also practical. This approach would combine results from multiple individual studies after the fact, enabling the expansion of empirical software engineering knowledge from large evidence bases. In this dissertation, we describe a process to build empirical knowledge about software engineering. It uses an approach based on encoding the information extracted from papers and experimental data into a structured base. This base can then be mined to extract new knowledge from it in a simple and flexible wayDoutoradoEngenharia de ComputaçãoDoutor em Engenharia Elétric

Threats to Validity in Empirical Software Security Research

acceptedVersio