41 research outputs found
A Perception of the Practice of Software Security and Performance Verification
Security and performance are critical nonfunctional requirements for software systems. Thus, it is crucial to include verification activities during software development to identify defects related to such requirements, avoiding their occurrence after release. Software verification, including testing and reviews, encompasses a set of activities that have a purpose of analyzing the software searching for defects. Security and performance verification are activities that look at defects related to these specific quality attributes. Few empirical studies have been focused on how is the state of the practice in security and performance verification. This paper presents the results of a case study performed in the context of Brazilian organizations aiming to characterize security and performance verification practices. Additionally, it provides a set of conjectures indicating recommendations to improve security and performance verification activities.acceptedVersio
Experimental Evaluation of a Checklist-Based Inspection Technique to Verify the Compliance of Software Systems with the Brazilian General Data Protection Law
Recent laws to ensure the security and protection of personal data establish
new software requirements. Consequently, new technologies are needed to
guarantee software quality under the perception of privacy and protection of
personal data. Therefore, we created a checklist-based inspection technique
(LGPDCheck) to support the identification of defects in software artifacts
based on the principles established by the Brazilian General Data Protection
Law (LGPD). Objective/Aim: To evaluate the effectiveness and efficiency of
LGPDCheck for verifying privacy and data protection (PDP) in software artifacts
compared to ad-hoc techniques. Method: To assess LGPDCheck and ad-hoc
techniques experimentally through a quasi-experiment (two factors, five
treatments). The data will be collected from IoT-based health software systems
built by software engineering students from the Federal University of Rio de
Janeiro. The data analyses will compare results from ad-hoc and LGPDCheck
inspections, the participant's effectiveness and efficiency in each trial,
defects' variance and standard deviation, and time spent with the reviews. The
data will be screened for outliers, and normality and homoscedasticity will be
verified using the Shapiro-Wilk and Levene tests. Nonparametric or parametric
tests, such as the Wilcoxon or Student's t-tests, will be applied as
appropriate.Comment: Registered Report accepted for presentation at 17th ACM/IEEE
International Symposium on Empirical Software Engineering and Measurement.
New Orleans, Louisiana, United State
A integração de conhecimento em um amblente de desenvolvimento de software
A medida que o processo de desenvolvimento de software toma-se mais complexo, passa a ser imprescindÃvel que os Ambientes de Desenvolvimento de Software (ADSs) ofereçam suporte inteligente para a execução das atividades do processo. Entretanto, a maioria dos ADSs com suporte baseado em, conhecimento nao trata o conhecimento de maneÃra integrada, mas sim isoladanumte em cada urna de suas ferramentas. Este texto apresenta a abordagem preliminar utilizada na Estação TABA, um ADS desenvolvido segundo o paradigma de objetos, para a integração de conhecimento descrito na forma de regras.As the software development process becomes more complcex, Software Engineering Environments (SEEs) needs to offer intelligent support lo the execution of the process activities. Nevertheless, most SEEs with knowledgebased support do not consider the knowledge as a internal integrated componertt but as a internal part of each environment's too1. This paper describes the initial approach to the knowledge integration, using rules, in the TABA's Workstation, a SEE developed with the object oriented paradigm.Eje: Inteligencia artificialRed de Universidades con Carreras en Informática (RedUNCI
A integração de conhecimento em um amblente de desenvolvimento de software
A medida que o processo de desenvolvimento de software toma-se mais complexo, passa a ser imprescindÃvel que os Ambientes de Desenvolvimento de Software (ADSs) ofereçam suporte inteligente para a execução das atividades do processo. Entretanto, a maioria dos ADSs com suporte baseado em, conhecimento nao trata o conhecimento de maneÃra integrada, mas sim isoladanumte em cada urna de suas ferramentas. Este texto apresenta a abordagem preliminar utilizada na Estação TABA, um ADS desenvolvido segundo o paradigma de objetos, para a integração de conhecimento descrito na forma de regras.As the software development process becomes more complcex, Software Engineering Environments (SEEs) needs to offer intelligent support lo the execution of the process activities. Nevertheless, most SEEs with knowledgebased support do not consider the knowledge as a internal integrated componertt but as a internal part of each environment's too1. This paper describes the initial approach to the knowledge integration, using rules, in the TABA's Workstation, a SEE developed with the object oriented paradigm.Eje: Inteligencia artificialRed de Universidades con Carreras en Informática (RedUNCI
Alternatives for testing of context-aware software systems in non-academic settings:results from a <i>Rapid Review</i>
Context: Context-awareness challenges the engineering of contemporary software systems and jeopardizes their
testing. The variation of context represents a relevant behavior that deepens the limitations of available software
testing practices and technologies. However, such software systems are mainstream. Therefore, researchers in
non-academic settings also face challenges when developing and testing contemporary software systems.
Objective: To understand how researchers deal with the variation of context when testing context-aware software
systems developed in non-academic settings.
Method: To undertake a secondary study (Rapid Review) to uncover the necessary evidence from primary sources
describing the testing of context-aware software systems outside academia.
Results: The current testing initiatives in non-academic settings aim to generate or improve test suites that can
deal with the context variation and the sheer volume of test input possibilities. They mostly rely on modeling the
systems’ dynamic behavior and increasing computing resources to generate test inputs to achieve this. We found
no evidence of test results aiming at managing context variation through the testing lifecycle process.
Conclusions: So far, the identified testing initiatives and strategies are not ready for mainstream adoption. They
are all domain-specific, and while the ideas and approaches can be reproduced in distinct settings, the technologies are to be re-engineered and tailored to the context-awareness of contemporary software systems in
different problem domains. Further and joint investigations in academia and experiences in non-academic set-
tings can evolve the body of knowledge regarding the testing of contemporary software systems in the field
Estimativa de esforço em teste de software: modelos: fatores e incertezas
Estimar esforço é uma atividade crÃtica em Teste de Software. Diversos modelos têm sido propostos na literatura técnica para apoiar tal atividade. Diante deste cenário, este trabalho apresenta os resultados de um estudo secundário que identificou fatores de influência do esforço do teste de software e modelos de estimativa de esforço que fazem uso destes fatores. Os modelos e fatores identificados não se mostram genericamente adequados devido a variabilidade dos projetos. Além disso, as evidências sobre a falta de consenso sobre o que é teste de software e o que é esforço de teste tornam a escolha de qualquer um destes modelos de estimativa uma tarefa arriscada e propensa a erro.XI Workshop de IngenierÃa de SoftwareRed de Universidades con Carreras de Informática (RedUNCI