13 research outputs found
Technical Debt Decision-Making Framework
Software development companies strive to produce high-quality software. In commercial software development environments, due to resource and time constraints, software is often developed hastily which gives rise to technical debt. Technical debt refers to the consequences of taking shortcuts when developing software. These consequences include making the system difficult to maintain and defect prone. Technical debt can have financial consequences and impede feature enhancements. Identifying technical debt and deciding which debt to address is challenging given resource constraints. Project managers must decide which debt has the highest priority and is most critical to the project. This decision-making process is not standardized and sometimes differs from project to project. My research goal is to develop a framework that project managers can use in their decision-making process to prioritize technical debt based on its potential impact. To achieve this goal, we survey software practitioners, conduct literature reviews, and mine software repositories for historical data to build a framework to model the technical debt decision-making process and inform practitioners of the most critical debt items
Technical Debt Decision-Making Framework
Software development companies strive to produce high-quality software. In commercial software development environments, due to resource and time constraints, software is often developed hastily which gives rise to technical debt. Technical debt refers to the consequences of taking shortcuts when developing software. These consequences include making the system difficult to maintain and defect prone. Technical debt can have financial consequences and impede feature enhancements. Identifying technical debt and deciding which debt to address is challenging given resource constraints. Project managers must decide which debt has the highest priority and is most critical to the project. This decision-making process is not standardized and sometimes differs from project to project. My research goal is to develop a framework that project managers can use in their decision-making process to prioritize technical debt based on its potential impact. To achieve this goal, we survey software practitioners, conduct literature reviews, and mine software repositories for historical data to build a framework to model the technical debt decision-making process and inform practitioners of the most critical debt items
Profiling Developers Through the Lens of Technical Debt
Context: Technical Debt needs to be managed to avoid disastrous consequences,
and investigating developers' habits concerning technical debt management is
invaluable information in software development. Objective: This study aims to
characterize how developers manage technical debt based on the code smells they
induce and the refactorings they apply. Method: We mined a publicly-available
Technical Debt dataset for Git commit information, code smells, coding
violations, and refactoring activities for each developer of a selected
project. Results: By combining this information, we profile developers to
recognize prolific coders, highlight activities that discriminate among
developer roles (reviewer, lead, architect), and estimate coding maturity and
technical debt tolerance
Exploring Technical Debt in Security Questions on Stack Overflow
Background: Software security is crucial to ensure that the users are
protected from undesirable consequences such as malware attacks which can
result in loss of data and, subsequently, financial loss. Technical Debt (TD)
is a metaphor incurred by suboptimal decisions resulting in long-term
consequences such as increased defects and vulnerabilities if not managed.
Although previous studies have studied the relationship between security and
TD, examining their intersection in developers' discussion on Stack Overflow
(SO) is still unexplored. Aims: This study investigates the characteristics of
security-related TD questions on SO. More specifically, we explore the
prevalence of TD in security-related queries, identify the security tags most
prone to TD, and investigate which user groups are more aware of TD. Method: We
mined 117,233 security-related questions on SO and used a deep-learning
approach to identify 45,078 security-related TD questions. Subsequently, we
conducted quantitative and qualitative analyses of the collected
security-related TD questions, including sentiment analysis. Results: Our
analysis revealed that 38% of the security questions on SO are security-related
TD questions. The most recurrent tags among the security-related TD questions
emerged as "security" and "encryption." The latter typically have a neutral
sentiment, are lengthier, and are posed by users with higher reputation scores.
Conclusions: Our findings reveal that developers implicitly discuss TD,
suggesting developers have a potential knowledge gap regarding the TD metaphor
in the security domain. Moreover, we identified the most common security topics
mentioned in TD-related posts, providing valuable insights for developers and
researchers to assist developers in prioritizing security concerns in order to
minimize TD and enhance software security.Comment: The 17th ACM/IEEE International Symposium on Empirical Software
Engineering and Measurement (ESEM), 202
AES CCMP Algorithm with N-Way Interleaved Chiper Block Chaining
Nowadays, the increased use of battery-powered mobile appliances and the urge to access time-sensitive data anytime anywhere has fuelled a high demand for wireless networks. However, wireless networks are susceptible to intrusion and security problems. There is an inherent need to secure the wireless data communication to ensure the confidentiality, authenticity, integrity and non repudiation of the data being exchanged. On the other hand, the computation and the resultant energy consumption to achieve sufficient security can be high. Encryption algorithms are generally computationally intensive, and consume a significant amount of computing resources (such as CPU time, memory, and battery power). Considering the limited resources on wireless devices, it is crucial that security protocols be implemented efficiently. This manuscript focuses on how energy consumption is impacted by the use of unoptimised AES-CCMP algorithms and proposes an optimized AES CCMP algorithm using 2-way interleaving that does not compromise the security of wireless communication sessions. There is also analysis of the performance of AES (a.k.a. Rijndael) in its AES–CCMP implementation. The 2-way interleaving technique is an optimization of the CBC-MAC that is investigated using two performance metrics (namely encryption time and throughput).Keywords: IEEE 802.11i security, AES-CCMP, Optimization, Interleaved Cipher Block Chainin
The Relationship Between Traceable Code Patterns and Code Smells
Context: It is important to maintain software quality as a software system evolves. Managing code smells in source code contributes towards quality software. While metrics have been used to pinpoint code smells in source code, we present an empirical study on the correlation of code smells with class-level (micro pattern) and methodlevel (nano-pattern) traceable patterns of code. Objective: This study explores the relationship between code smells and class-level and method-level structural code constructs. Method: We extracted micro patterns at the class level and nano-patterns at the method level from three versions of Apache Tomcat and PersonalBlog and Roller from Standford SecuriBench and compared their distributions in code smell versus non-code smell classes and methods.Result: We found that DataManager, Record and Outline micro patterns are more frequent in classes having code smell compared to non-code smell classes in the applications we analyzed. localReader, localWriter, Switcher, and ArrReader nano-patterns are more frequent in code smell methods compared to the non-code smell methods. Conclusion: We conclude that code smells are correlated with both micro and nano-patterns
The Relationship Between Code Smells and Traceable Patterns - Are They Measuring the Same Thing?
It is important to maintain software quality as a software system evolves. Managing code smells in source code contributes towards quality software. While metrics have been used to pinpoint code smells in source code, we present an empirical study on the correlation of code smells with class-level (micro pattern) and method-level (nano-pattern) traceable code patterns. This study explores the relationship between code smells and class-level and method-level structural code constructs. We extracted micro patterns at the class level and nano-patterns at the method level from three versions of Apache Tomcat, three versions of Apache CXF and two J2EE web applications namely PersonalBlog and Roller from Stanford SecuriBench and then compared their distributions in code smell versus noncode smell classes and methods. We found that Immutable and Sink micro patterns are more frequent in classes having code smells compared to the noncode smell classes in the applications we analyzed. On the other hand, LocalReader and LocalWriter nano-patterns are more frequent in code smell methods compared to the noncode smell methods. We conclude that code smells are correlated with both micro and nano-patterns
On The Benefits of the Accelerate Metrics: An Industrial Survey at Vendasta
acceptedVersionPeer reviewe
Rubbing salt in the wound?:a large-scale investigation into the effects of refactoring on security
Abstract
Software refactoring is a behavior-preserving activity to improve the source code quality without changing its external behavior. Unfortunately, it is often a manual and error-prone task that may induce regressions in the source code. Researchers have provided initial compelling evidence of the relation between refactoring and defects, yet little is known about how much it may impact software security. This paper bridges this knowledge gap by presenting a large-scale empirical investigation into the effects of refactoring on the security profile of applications. We conduct a three-level mining software repository study to establish the impact of 14 refactoring types on (i) security-related metrics, (ii) security technical debt, and (iii) the introduction of known vulnerabilities. The study covers 39 projects and a total amount of 7,708 refactoring commits. The key results show that refactoring has a limited connection to security. However, Inline Method and Extract Interface statistically contribute to improving some security aspects connected to encapsulating security-critical code components. Extract Superclass and Pull Up Attribute refactoring are commonly found in commits violating specific security best practices for writing secure code. Finally, Extract Superclass and Extract & Move Method refactoring tend to occur more often in commits contributing to the introduction of vulnerabilities. We conclude by distilling lessons learned and recommendations for researchers and practitioners