A Perception of the Practice of Software Security and Performance Verification

Security and performance are critical nonfunctional requirements for software systems. Thus, it is crucial to include verification activities during software development to identify defects related to such requirements, avoiding their occurrence after release. Software verification, including testing and reviews, encompasses a set of activities that have a purpose of analyzing the software searching for defects. Security and performance verification are activities that look at defects related to these specific quality attributes. Few empirical studies have been focused on how is the state of the practice in security and performance verification. This paper presents the results of a case study performed in the context of Brazilian organizations aiming to characterize security and performance verification practices. Additionally, it provides a set of conjectures indicating recommendations to improve security and performance verification activities.acceptedVersio

Experimental Evaluation of a Checklist-Based Inspection Technique to Verify the Compliance of Software Systems with the Brazilian General Data Protection Law

Recent laws to ensure the security and protection of personal data establish new software requirements. Consequently, new technologies are needed to guarantee software quality under the perception of privacy and protection of personal data. Therefore, we created a checklist-based inspection technique (LGPDCheck) to support the identification of defects in software artifacts based on the principles established by the Brazilian General Data Protection Law (LGPD). Objective/Aim: To evaluate the effectiveness and efficiency of LGPDCheck for verifying privacy and data protection (PDP) in software artifacts compared to ad-hoc techniques. Method: To assess LGPDCheck and ad-hoc techniques experimentally through a quasi-experiment (two factors, five treatments). The data will be collected from IoT-based health software systems built by software engineering students from the Federal University of Rio de Janeiro. The data analyses will compare results from ad-hoc and LGPDCheck inspections, the participant's effectiveness and efficiency in each trial, defects' variance and standard deviation, and time spent with the reviews. The data will be screened for outliers, and normality and homoscedasticity will be verified using the Shapiro-Wilk and Levene tests. Nonparametric or parametric tests, such as the Wilcoxon or Student's t-tests, will be applied as appropriate.Comment: Registered Report accepted for presentation at 17th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement. New Orleans, Louisiana, United State

A integração de conhecimento em um amblente de desenvolvimento de software

A medida que o processo de desenvolvimento de software toma-se mais complexo, passa a ser imprescindível que os Ambientes de Desenvolvimento de Software (ADSs) ofereçam suporte inteligente para a execução das atividades do processo. Entretanto, a maioria dos ADSs com suporte baseado em, conhecimento nao trata o conhecimento de maneíra integrada, mas sim isoladanumte em cada urna de suas ferramentas. Este texto apresenta a abordagem preliminar utilizada na Estação TABA, um ADS desenvolvido segundo o paradigma de objetos, para a integração de conhecimento descrito na forma de regras.As the software development process becomes more complcex, Software Engineering Environments (SEEs) needs to offer intelligent support lo the execution of the process activities. Nevertheless, most SEEs with knowledgebased support do not consider the knowledge as a internal integrated componertt but as a internal part of each environment's too1. This paper describes the initial approach to the knowledge integration, using rules, in the TABA's Workstation, a SEE developed with the object oriented paradigm.Eje: Inteligencia artificialRed de Universidades con Carreras en Informática (RedUNCI

A integração de conhecimento em um amblente de desenvolvimento de software

A medida que o processo de desenvolvimento de software toma-se mais complexo, passa a ser imprescindível que os Ambientes de Desenvolvimento de Software (ADSs) ofereçam suporte inteligente para a execução das atividades do processo. Entretanto, a maioria dos ADSs com suporte baseado em, conhecimento nao trata o conhecimento de maneíra integrada, mas sim isoladanumte em cada urna de suas ferramentas. Este texto apresenta a abordagem preliminar utilizada na Estação TABA, um ADS desenvolvido segundo o paradigma de objetos, para a integração de conhecimento descrito na forma de regras.As the software development process becomes more complcex, Software Engineering Environments (SEEs) needs to offer intelligent support lo the execution of the process activities. Nevertheless, most SEEs with knowledgebased support do not consider the knowledge as a internal integrated componertt but as a internal part of each environment's too1. This paper describes the initial approach to the knowledge integration, using rules, in the TABA's Workstation, a SEE developed with the object oriented paradigm.Eje: Inteligencia artificialRed de Universidades con Carreras en Informática (RedUNCI

Alternatives for testing of context-aware software systems in non-academic settings:results from a <i>Rapid Review</i>

Context: Context-awareness challenges the engineering of contemporary software systems and jeopardizes their testing. The variation of context represents a relevant behavior that deepens the limitations of available software testing practices and technologies. However, such software systems are mainstream. Therefore, researchers in non-academic settings also face challenges when developing and testing contemporary software systems. Objective: To understand how researchers deal with the variation of context when testing context-aware software systems developed in non-academic settings. Method: To undertake a secondary study (Rapid Review) to uncover the necessary evidence from primary sources describing the testing of context-aware software systems outside academia. Results: The current testing initiatives in non-academic settings aim to generate or improve test suites that can deal with the context variation and the sheer volume of test input possibilities. They mostly rely on modeling the systems’ dynamic behavior and increasing computing resources to generate test inputs to achieve this. We found no evidence of test results aiming at managing context variation through the testing lifecycle process. Conclusions: So far, the identified testing initiatives and strategies are not ready for mainstream adoption. They are all domain-specific, and while the ideas and approaches can be reproduced in distinct settings, the technologies are to be re-engineered and tailored to the context-awareness of contemporary software systems in different problem domains. Further and joint investigations in academia and experiences in non-academic set- tings can evolve the body of knowledge regarding the testing of contemporary software systems in the field

Estimativa de esforço em teste de software: modelos: fatores e incertezas

Estimar esforço é uma atividade crítica em Teste de Software. Diversos modelos têm sido propostos na literatura técnica para apoiar tal atividade. Diante deste cenário, este trabalho apresenta os resultados de um estudo secundário que identificou fatores de influência do esforço do teste de software e modelos de estimativa de esforço que fazem uso destes fatores. Os modelos e fatores identificados não se mostram genericamente adequados devido a variabilidade dos projetos. Além disso, as evidências sobre a falta de consenso sobre o que é teste de software e o que é esforço de teste tornam a escolha de qualquer um destes modelos de estimativa uma tarefa arriscada e propensa a erro.XI Workshop de Ingeniería de SoftwareRed de Universidades con Carreras de Informática (RedUNCI