Feature Set Selection for Improved Classification of Static Analysis Alerts

With the extreme growth in third party cloud applications, increased exposure of applications to the internet, and the impact of successful breaches, improving the security of software being produced is imperative. Static analysis tools can alert to quality and security vulnerabilities of an application; however, they present developers and analysts with a high rate of false positives and unactionable alerts. This problem may lead to the loss of confidence in the scanning tools, possibly resulting in the tools not being used. The discontinued use of these tools may increase the likelihood of insecure software being released into production. Insecure software can be successfully attacked resulting in the compromise of one or several information security principles such as confidentiality, availability, and integrity. Feature selection methods have the potential to improve the classification of static analysis alerts and thereby reduce the false positive rates. Thus, the goal of this research effort was to improve the classification of static analysis alerts by proposing and testing a novel method leveraging feature selection. The proposed model was developed and subsequently tested on three open source PHP applications spanning several years. The results were compared to a classification model utilizing all features to gauge the classification improvement of the feature selection model. The model presented did result in the improved classification accuracy and reduction of the false positive rate on a reduced feature set. This work contributes a real-world static analysis dataset based upon three open source PHP applications. It also enhanced an existing data set generation framework to include additional predictive software features. However, the main contribution is a feature selection methodology that may be used to discover optimal feature sets that increase the classification accuracy of static analysis alerts

A modified Delphi study to identify the features of high quality measurement plans for healthcare improvement projects

Funder: The Health FoundationFunder: National Institute for Health ResearchAbstract: Background: The design and execution of measurement in quality improvement (QI) initiatives is often poor. Better guidance on “what good looks like” might help to mitigate some of the problems. We report a consensus-building process that sought to identify which features are important to include in QI measurement plans. Methods: We conducted a three-stage consensus-building approach: (1) identifying the list of features of measurement plans that were potential candidates for inclusion based on literature review and the study team’s experience; (2) a two-round modified Delphi exercise with a panel of experts to establish consensus on the importance of these features; and (3) a small in-person consensus group meeting to finalise the list of features. Results: A list of 104 candidate questions was generated. A panel of 19 experts in the Delphi reviewed these questions and produced consensus on retaining 46 questions in the first round and on a further 22 in the second round. Thematic analysis of open text responses from the panellists suggested a number of areas of debate that were explicitly considered by the consensus group. The exercise yielded 74 questions (71% of 104) on which there was consensus in five categories of measurement relating to: design, data collection and management, analysis, action, and embedding. Conclusions: This study offers a consensus-based view on the features of a good measurement plan for a QI project in healthcare. The results may be of use to QI teams, funders and evaluators, but are likely to require further development and testing to ensure feasibility and usefulness

A modified Delphi study to identify the features of high quality measurement plans for healthcare improvement projects

Funder: The Health FoundationFunder: National Institute for Health ResearchAbstract: Background: The design and execution of measurement in quality improvement (QI) initiatives is often poor. Better guidance on “what good looks like” might help to mitigate some of the problems. We report a consensus-building process that sought to identify which features are important to include in QI measurement plans. Methods: We conducted a three-stage consensus-building approach: (1) identifying the list of features of measurement plans that were potential candidates for inclusion based on literature review and the study team’s experience; (2) a two-round modified Delphi exercise with a panel of experts to establish consensus on the importance of these features; and (3) a small in-person consensus group meeting to finalise the list of features. Results: A list of 104 candidate questions was generated. A panel of 19 experts in the Delphi reviewed these questions and produced consensus on retaining 46 questions in the first round and on a further 22 in the second round. Thematic analysis of open text responses from the panellists suggested a number of areas of debate that were explicitly considered by the consensus group. The exercise yielded 74 questions (71% of 104) on which there was consensus in five categories of measurement relating to: design, data collection and management, analysis, action, and embedding. Conclusions: This study offers a consensus-based view on the features of a good measurement plan for a QI project in healthcare. The results may be of use to QI teams, funders and evaluators, but are likely to require further development and testing to ensure feasibility and usefulness

Effective board governance of safe care: a (theoretically underpinned) cross-sectioned examination of the breadth and depth of relationships through national quantitative surveys and in-depth qualitative case studies

Background: Recent high-profile reports into serious failings in the quality of hospital care in the NHS raise concerns over the ability of trust boards to discharge their duties effectively. Objectives: Our study aimed to generate theoretically grounded empirical evidence on the associations between board governance, patient safety processes and patient-centred outcomes. The specific aims were as follows: (1) to identify the types of governance activities undertaken by hospital trust boards in the English NHS with regard to ensuring safe care in their organisation; (2) in foundation trusts, to explore the role of boards and boards of governors with regards to the oversight of patient safety in their organisation; (3) to assess the association between particular hospital trust board oversight activities and patient safety processes and clinical outcomes; (4) to identify the facilitators and barriers to developing effective hospital trust board governance of safe care; and (5) to assess the impact of external commissioning arrangements and incentives on hospital trust board oversight of patient safety. Methods: The study comprised three distinct but interlocking strands: (1) a narrative systematic review in order to describe, interpret and synthesise key findings and debates concerning board oversight of patient safety; (2) in-depth mixed-methods case studies in four organisations to assess the impact of hospital board governance and external incentives on patient safety processes and outcomes; and (3) two national surveys exploring board management in NHS acute and specialist hospital trusts in England, and relating board characteristics to whole-organisation outcomes. Results: A very high proportion of trust boards reported the kinds of desirable characteristics and board-related processes that research says may be associated with higher performance. Our analysis of the symbolic aspects of board activities highlights the role and differences in local processes of organising the governance of patient safety. Most boards do allocate considerable amount of time to discussing patient safety and quality-related issues and were using a wide range of hard performance metrics and soft intelligence to monitor its organisation with regard to patient safety. Although the board of governors is generally perceived to be well-meaning, they were also considered to be being largely ineffective in helping to promote and deliver safer care for their organisations. We did not find any statistically significant relationship between board attributes (self-reported) and processes and any patient safety outcome measures. However, we did find a significant relationship between two dimensions of the Board Self-Assessment Questionnaire and two specific-and-related national staff survey organisational ‘process’ measures: (1) staff feeling safe to raise concerns about errors, near-misses and incidents and (2) staff feeling confident that their organisation would address their concerns, if raised. We also found that contracting and external financial incentives appeared to play only a relatively minor role in incentivising quality and safety improvement. Conclusions: Our research is the first large-scale mixed-methods study of hospital board activity and behaviour related to the oversight of patient safety in the English NHS and the key findings should be used to influence the design of future governance arrangements as well as the training and support of board. Funding: The National Institute for Health Research Health Services and Delivery Research programme

A realist analysis of hospital patient safety in Wales:Applied learning for alternative contexts from a multisite case study

Background: Hospital patient safety is a major social problem. In the UK, policy responses focus on the introduction of improvement programmes that seek to implement evidence-based clinical practices using the Model for Improvement, Plan-Do-Study-Act cycle. Empirical evidence that the outcomes of such programmes vary across hospitals demonstrates that the context of their implementation matters. However, the relationships between features of context and the implementation of safety programmes are both undertheorised and poorly understood in empirical terms. Objectives: This study is designed to address gaps in conceptual, methodological and empirical knowledge about the influence of context on the local implementation of patient safety programmes. Design: We used concepts from critical realism and institutional analysis to conduct a qualitative comparative-intensive case study involving 21 hospitals across all seven Welsh health boards. We focused on the local implementation of three focal interventions from the 1000 Lives+ patient safety programme: Improving Leadership for Quality Improvement, Reducing Surgical Complications and Reducing Health-care Associated Infection. Our main sources of data were 160 semistructured interviews, observation and 1700 health policy and organisational documents. These data were analysed using the realist approaches of abstraction, abduction and retroduction. Setting: Welsh Government and NHS Wales. Participants: Interviews were conducted with 160 participants including government policy leads, health managers and professionals, partner agencies with strategic oversight of patient safety, advocacy groups and academics with expertise in patient safety. Main outcome measures: Identification of the contextual factors pertinent to the local implementation of the 1000 Lives+ patient safety programme in Welsh NHS hospitals. Results: An innovative conceptual framework harnessing realist social theory and institutional theory was produced to address challenges identified within previous applications of realist inquiry in patient safety research. This involved the development and use of an explanatory intervention–context–mechanism–agency–outcome (I-CMAO) configuration to illustrate the processes behind implementation of a change programme. Our findings, illustrated by multiple nested I-CMAO configurations, show how local implementation of patient safety interventions are impacted and modified by particular aspects of context: specifically, isomorphism, by which an intervention becomes adapted to the environment in which it is implemented; institutional logics, the beliefs and values underpinning the intervention and its source, and their perceived legitimacy among different groups of health-care professionals; and the relational structure and power dynamics of the functional group, that is, those tasked with implementing the initiative. This dynamic interplay shapes and guides actions leading to the normalisation or the rejection of the patient safety programme. Conclusions: Heightened awareness of the influence of context on the local implementation of patient safety programmes is required to inform the design of such interventions and to ensure their effective implementation and operationalisation in the day-to-day practice of health-care teams. Future work is required to elaborate our conceptual model and findings in similar settings where different interventions are introduced, and in different settings where similar innovations are implemented. Funding: The National Institute for Health Research Health Services and Delivery Research programme