The fast distribution and deployment of security patches are important to protect users against cyberattacks. These fixes can be detected automatically by patch management triage systems. However, previous work has shown that automating the task is not easy, in some cases, because of poor documentation or lack of information in security fixes. For many years, standard practices in the security community have steered engineers to provide cryptic commit messages (i.e., patch software vulnerabilities silently) to avoid potential attacks and reputation damage. However, not providing enough documentation on vulnerability fixes can hinder trust between vendors and users. Current efforts in the security community aim to increase the level of transparency during patch and disclosing times to help build trust in the development community and make patch management processes faster. In this paper, we evaluate how informative security commit messages (i.e., messages attached to security fixes) are and how different levels of information can affect different tasks in automated patch triage systems. We observed that security engineers, in general, do not provide enough detail to enable the three automated triage systems at the same time. In addition, results show that security commit messages need to be more informative—56.7% of the messages analyzed were documented poorly. Best practices to write informative and well-structured security commit messages (such as SECOM) should become a standard practice in the security community.
{"title":"Are security commit messages informative? Not enough!","authors":"Sofia Reis, Rui Abreu, C. Pasareanu","doi":"10.1145/3593434.3593481","DOIUrl":"https://doi.org/10.1145/3593434.3593481","url":null,"abstract":"The fast distribution and deployment of security patches are important to protect users against cyberattacks. These fixes can be detected automatically by patch management triage systems. However, previous work has shown that automating the task is not easy, in some cases, because of poor documentation or lack of information in security fixes. For many years, standard practices in the security community have steered engineers to provide cryptic commit messages (i.e., patch software vulnerabilities silently) to avoid potential attacks and reputation damage. However, not providing enough documentation on vulnerability fixes can hinder trust between vendors and users. Current efforts in the security community aim to increase the level of transparency during patch and disclosing times to help build trust in the development community and make patch management processes faster. In this paper, we evaluate how informative security commit messages (i.e., messages attached to security fixes) are and how different levels of information can affect different tasks in automated patch triage systems. We observed that security engineers, in general, do not provide enough detail to enable the three automated triage systems at the same time. In addition, results show that security commit messages need to be more informative—56.7% of the messages analyzed were documented poorly. Best practices to write informative and well-structured security commit messages (such as SECOM) should become a standard practice in the security community.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128410340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is the time of trust and transformation in software. We want explainable AI to assist us in dialogue, write our programs, test our software, and improve how we communicate. It is the time of digitalization, but we must ask ourselves - on what data in what format, when do we collect it, and what is the source? Does “data” make sense? Every action can be automated, should eventually be automated, and as such should be traceable and explainable. The transformation of software – and how we can now train, and feedback in a fast way, enable us to not only utilize existing technologies, but also aids us in faster embracing new technologies. This transformation is much to slow even if things change at a lightning speed. Change is the only thing we can be sure will happen. Evaluating and assessing quality of software sounds easy but is only as good as you design it to be. We, often simplify the problem so we can move forward, but it is the complications that is the real issue – our context, our combination of tools, languages, hardware, history, and way of working. We simply need the labeling, the meta-data, the context – and this data in a form with “many” perspectives to draw the more “accurate” scientific picture. Having a multi-facetted perspective is important when analyzing complex contexts. In software, listening skills and asking the right questions to the right people is often invaluable to complement blunt data. On the other side - much information is probably missing as you are too easily getting “only” what you asked for. So, we cannot judge what we cannot observe – and analyzing this data, is another issue all together. We need to know what is right – because if we cannot trust the source – or double check the outcome, how would we know it is not just a “fake” data? What does the outlier really mean? Is it a sign of a new trend is it the first time we capture this odd event? Therefore, it is easy to lose perspective in a fast-changing world. Despite drowning in tools, we still miss a lot of them. The threshold of using a tool is high, as we cannot trust them, and we cannot be sure that the data these tools collect does represent what we want to investigate. Therefore, the role of the scientist is more important than ever. Trusting the scientific process, utilizing multiple methods, and combining them is the receipt! Another goal is doing our best to select topics and collaborators – as building better software (quality) for humanity. It starts with you and me. I hope I will in this context be able to touch upon areas like security, testing, automation, AI/ML, ethics and “human in the loop”, analysis, tools, and technical debt, with a focus on evaluations and assessments.
{"title":"From Data Analysis to Human Input: Navigating the Complexity of Software Evaluation and Assessment","authors":"Sigrid Eldh","doi":"10.1145/3593434.3596439","DOIUrl":"https://doi.org/10.1145/3593434.3596439","url":null,"abstract":"It is the time of trust and transformation in software. We want explainable AI to assist us in dialogue, write our programs, test our software, and improve how we communicate. It is the time of digitalization, but we must ask ourselves - on what data in what format, when do we collect it, and what is the source? Does “data” make sense? Every action can be automated, should eventually be automated, and as such should be traceable and explainable. The transformation of software – and how we can now train, and feedback in a fast way, enable us to not only utilize existing technologies, but also aids us in faster embracing new technologies. This transformation is much to slow even if things change at a lightning speed. Change is the only thing we can be sure will happen. Evaluating and assessing quality of software sounds easy but is only as good as you design it to be. We, often simplify the problem so we can move forward, but it is the complications that is the real issue – our context, our combination of tools, languages, hardware, history, and way of working. We simply need the labeling, the meta-data, the context – and this data in a form with “many” perspectives to draw the more “accurate” scientific picture. Having a multi-facetted perspective is important when analyzing complex contexts. In software, listening skills and asking the right questions to the right people is often invaluable to complement blunt data. On the other side - much information is probably missing as you are too easily getting “only” what you asked for. So, we cannot judge what we cannot observe – and analyzing this data, is another issue all together. We need to know what is right – because if we cannot trust the source – or double check the outcome, how would we know it is not just a “fake” data? What does the outlier really mean? Is it a sign of a new trend is it the first time we capture this odd event? Therefore, it is easy to lose perspective in a fast-changing world. Despite drowning in tools, we still miss a lot of them. The threshold of using a tool is high, as we cannot trust them, and we cannot be sure that the data these tools collect does represent what we want to investigate. Therefore, the role of the scientist is more important than ever. Trusting the scientific process, utilizing multiple methods, and combining them is the receipt! Another goal is doing our best to select topics and collaborators – as building better software (quality) for humanity. It starts with you and me. I hope I will in this context be able to touch upon areas like security, testing, automation, AI/ML, ethics and “human in the loop”, analysis, tools, and technical debt, with a focus on evaluations and assessments.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130995749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Muhammad Mustafa Qureshi, M. Riaz, S. Waseem, M. A. Khan, S. Riaz
Continuous placement of cellular networks keeps on revealing because of the inbuilt limitations of the network. To overcome these flaws, there is the next generation 6G concept which could properly assimilate important rate-hungry applications such as stretched reality, wireless brain-computer connections, independent automobiles, and others. 6G will also help in handling huge data transmission in rural areas. Many state-of-the-art trends and technologies are combined in it with the aim of providing higher data rates for ultra-reliable and low-dormancy communications. This article deals with the conceptualization of 6G cellular addressing system requirements, potential trends, technologies, services, applications, and research progress. This research includes a summary of open research issues and current research groups to benefit readers with the technology roadmap and for consideration of challenges in their research regarding 6G research. The fourth industrial revolution in the textile sector can greatly benefit from 5G and 6G technologies in automated processes of textiles such as in spinning, weaving, and especially in garments manufacturing to meet competitive advantages, excellent communication, and for better and more flexible production. 3D modeling, simulation of virtual clothes on avatars, automation of robotics, and data communication can be improved by the concept of 5G and 6G technologies.
{"title":"The Advancements in 6G Technology based on its Applications, Research Challenges and Problems: A Review","authors":"Muhammad Mustafa Qureshi, M. Riaz, S. Waseem, M. A. Khan, S. Riaz","doi":"10.1145/3593434.3593965","DOIUrl":"https://doi.org/10.1145/3593434.3593965","url":null,"abstract":"Continuous placement of cellular networks keeps on revealing because of the inbuilt limitations of the network. To overcome these flaws, there is the next generation 6G concept which could properly assimilate important rate-hungry applications such as stretched reality, wireless brain-computer connections, independent automobiles, and others. 6G will also help in handling huge data transmission in rural areas. Many state-of-the-art trends and technologies are combined in it with the aim of providing higher data rates for ultra-reliable and low-dormancy communications. This article deals with the conceptualization of 6G cellular addressing system requirements, potential trends, technologies, services, applications, and research progress. This research includes a summary of open research issues and current research groups to benefit readers with the technology roadmap and for consideration of challenges in their research regarding 6G research. The fourth industrial revolution in the textile sector can greatly benefit from 5G and 6G technologies in automated processes of textiles such as in spinning, weaving, and especially in garments manufacturing to meet competitive advantages, excellent communication, and for better and more flexible production. 3D modeling, simulation of virtual clothes on avatars, automation of robotics, and data communication can be improved by the concept of 5G and 6G technologies.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129392442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose a solution combining source code static analysis with searchable symmetric encryption to detect input validation vulnerabilities of web applications in encrypted PHP code, allowing developers to protect their codebase from malicious third parties while simultaneously discovering vulnerabilities in it. Results show that our solution is capable of identifying vulnerabilities with precision similar to traditional static code, non-privacy-preserving analysers and exhibits a maximum overhead increase of around 16,55%.
{"title":"Code Privacy in Detection of Web Vulnerabilities","authors":"Jorge Martins, Ibéria Medeiros, Bernardo Ferreira","doi":"10.1145/3593434.3593483","DOIUrl":"https://doi.org/10.1145/3593434.3593483","url":null,"abstract":"We propose a solution combining source code static analysis with searchable symmetric encryption to detect input validation vulnerabilities of web applications in encrypted PHP code, allowing developers to protect their codebase from malicious third parties while simultaneously discovering vulnerabilities in it. Results show that our solution is capable of identifying vulnerabilities with precision similar to traditional static code, non-privacy-preserving analysers and exhibits a maximum overhead increase of around 16,55%.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"450 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122487528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Code smells is the term used to signal certain patterns or structures in software code that may contain a potential design or architecture problem, leading to maintainability or other software quality issues. Detecting code smells early in the software development process helps prevent these problems and improve the overall software quality. Existing research concentrates on the process of collecting and handling dataset, then exploring the potential of utilizing deep learning models to detect smells, while ignoring extensive feature engineering. Though these approaches obtained promising results, the following issues need to be tackled: (i) extracting both structural and semantic features from the software units; (ii) mitigating the effects of imbalanced data distribution on the performance.In this paper, we propose DeepSmells as a novel approach to code smells detection. To learn the complex hierarchical representations of the code fragment, we apply a deep convolutional neural network (CNN). Then, in order to improve the quality of the context encoding and preserve semantic information, long short-term memory networks (LSTM) is placed immediately after the CNN. The final classification is conducted by deep neural networks with weighted loss function to reduce the impact of skewed data distribution. We performed an empirical study using the existing code smell benchmark datasets to assess the performance of our proposed approach, and compare it with state-of-the-art baselines. The results demonstrate the effectiveness of our proposed method for all kinds of code smells with outperformed evaluation metrics in terms of F1 score and MCC.
{"title":"Fusion of deep convolutional and LSTM recurrent neural networks for automated detection of code smells","authors":"Anh Ho, Anh M. T. Bui, P. Nguyen, Amleto Di Salle","doi":"10.1145/3593434.3593476","DOIUrl":"https://doi.org/10.1145/3593434.3593476","url":null,"abstract":"Code smells is the term used to signal certain patterns or structures in software code that may contain a potential design or architecture problem, leading to maintainability or other software quality issues. Detecting code smells early in the software development process helps prevent these problems and improve the overall software quality. Existing research concentrates on the process of collecting and handling dataset, then exploring the potential of utilizing deep learning models to detect smells, while ignoring extensive feature engineering. Though these approaches obtained promising results, the following issues need to be tackled: (i) extracting both structural and semantic features from the software units; (ii) mitigating the effects of imbalanced data distribution on the performance.In this paper, we propose DeepSmells as a novel approach to code smells detection. To learn the complex hierarchical representations of the code fragment, we apply a deep convolutional neural network (CNN). Then, in order to improve the quality of the context encoding and preserve semantic information, long short-term memory networks (LSTM) is placed immediately after the CNN. The final classification is conducted by deep neural networks with weighted loss function to reduce the impact of skewed data distribution. We performed an empirical study using the existing code smell benchmark datasets to assess the performance of our proposed approach, and compare it with state-of-the-art baselines. The results demonstrate the effectiveness of our proposed method for all kinds of code smells with outperformed evaluation metrics in terms of F1 score and MCC.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127124907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sébastien Bertrand, Silvia Ciappelloni, Pierre-Alexandre Favier, J. André
As a part of a research project concerning software maintainability assessment in collaboration with the development team, we wanted to explore dissensions between developers and the confounding effect of size. To this end, this study replicated and extended a recent study from Schnappinger et al. with the public part of its dataset and the metrics extracted from the graph-based tool Javanalyser. The entire processing pipeline was automated, from metrics extraction to the training of machine learning models. The study was extended by predicting the continuous maintainability to take account of dissensions. Then, all experimental shots were duplicated to evaluate the overall influence of the class size. In the end, the original study was successfully replicated. Moreover, good performance was achieved on the continuous maintainability prediction. Finally, the class size was not sufficient for fine-grained maintainability prediction. This study shows the necessity to explore the nature of what is measured by code metrics, and is also the first step in the construction of a maintainability model.
{"title":"Replication and Extension of Schnappinger’s Study on Human-level Ordinal Maintainability Prediction Based on Static Code Metrics","authors":"Sébastien Bertrand, Silvia Ciappelloni, Pierre-Alexandre Favier, J. André","doi":"10.1145/3593434.3593488","DOIUrl":"https://doi.org/10.1145/3593434.3593488","url":null,"abstract":"As a part of a research project concerning software maintainability assessment in collaboration with the development team, we wanted to explore dissensions between developers and the confounding effect of size. To this end, this study replicated and extended a recent study from Schnappinger et al. with the public part of its dataset and the metrics extracted from the graph-based tool Javanalyser. The entire processing pipeline was automated, from metrics extraction to the training of machine learning models. The study was extended by predicting the continuous maintainability to take account of dissensions. Then, all experimental shots were duplicated to evaluate the overall influence of the class size. In the end, the original study was successfully replicated. Moreover, good performance was achieved on the continuous maintainability prediction. Finally, the class size was not sufficient for fine-grained maintainability prediction. This study shows the necessity to explore the nature of what is measured by code metrics, and is also the first step in the construction of a maintainability model.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131338468","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Agbese, Rahul Mohanani, A. Khan, P. Abrahamsson
ACM Reference Format: Mamia Agbese, Rahul Mohanani, Arif Ali Khan, and Pekka Abrahamsson. 2023. Ethical Requirements Stack: A framework for implementing ethical requirements of AI in software engineering practices. In Proceedings of the International Conference on Evaluation and Assessment in Software Engineering (EASE ’23), June 14–16, 2023, Oulu, Finland. ACM, New York, NY, USA, 3 pages. https://doi.org/10.1145/3593434.3593489
ACM参考格式:Mamia Agbese, Rahul Mohanani, Arif Ali Khan和Pekka Abrahamsson。2023。伦理需求堆栈:在软件工程实践中实现人工智能伦理需求的框架。软件工程评估与评估国际会议论文集(EASE’23),2023年6月14-16日,芬兰奥卢。ACM,纽约,美国,3页。https://doi.org/10.1145/3593434.3593489
{"title":"Ethical Requirements Stack: A framework for implementing ethical requirements of AI in software engineering practices","authors":"M. Agbese, Rahul Mohanani, A. Khan, P. Abrahamsson","doi":"10.1145/3593434.3593489","DOIUrl":"https://doi.org/10.1145/3593434.3593489","url":null,"abstract":"ACM Reference Format: Mamia Agbese, Rahul Mohanani, Arif Ali Khan, and Pekka Abrahamsson. 2023. Ethical Requirements Stack: A framework for implementing ethical requirements of AI in software engineering practices. In Proceedings of the International Conference on Evaluation and Assessment in Software Engineering (EASE ’23), June 14–16, 2023, Oulu, Finland. ACM, New York, NY, USA, 3 pages. https://doi.org/10.1145/3593434.3593489","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127981168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This research explores the challenges in agile contract modeling for software innovation projects, particularly for outsourced projects. Literature has presented various methods and frameworks for agile contract management, but there is still a gap in effectively establishing the best contract approach for each project based on specific conditions. This work aims to contribute with a framework definition that effectively applies practical approaches for contract deployment suitable for software innovation projects, considering the best contractual practices related to projects specific context. The study will conduct an action research at CESAR, a prominent Brazilian Institute of Science and Technology (ICT) with 1200 employees and 26 years old, to establish effective agile contract models and its implementation that better support agile management and project success. The study hopes to contribute to understanding the relationship between the type of contract and project outcomes and to provide better agile contract implementation for software innovation projects developed by outsourced companies.
{"title":"Effective Agile Contracts Framework for Software Innovation Projects","authors":"Adriano Gomes","doi":"10.1145/3593434.3593473","DOIUrl":"https://doi.org/10.1145/3593434.3593473","url":null,"abstract":"This research explores the challenges in agile contract modeling for software innovation projects, particularly for outsourced projects. Literature has presented various methods and frameworks for agile contract management, but there is still a gap in effectively establishing the best contract approach for each project based on specific conditions. This work aims to contribute with a framework definition that effectively applies practical approaches for contract deployment suitable for software innovation projects, considering the best contractual practices related to projects specific context. The study will conduct an action research at CESAR, a prominent Brazilian Institute of Science and Technology (ICT) with 1200 employees and 26 years old, to establish effective agile contract models and its implementation that better support agile management and project success. The study hopes to contribute to understanding the relationship between the type of contract and project outcomes and to provide better agile contract implementation for software innovation projects developed by outsourced companies.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129079132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The use of social robots in public spaces is becoming increasingly popular due to their ability to provide personalized services to users. However, the convergence of different technologies and software applications has raised concerns regarding security requirements, standards, and regulations. Specifically, there are significant concerns about the evolving threat landscape for software applications in public settings, where social robots interact without supervision and are in direct contact with threat actors. During the development of social robots software, developers and practitioners need practical tools to continuously assess their products’ security profiles. This paper presents a preventive approach to the dynamic evolving security landscape of Social Robots in Public Spaces (SRPS) using design science research (DSR) methodology to develop a security framework. The study investigates security threats, vulnerabilities, and risks associated with SRPS software development and analyzes existing related frameworks to design a security framework for SRPS software developers. The research aims to provide insights into the security aspects of SRPS software application development processes and contribute to developing effective security frameworks to mitigate evolving risks and ensure secure operation and acceptance in public spaces.
{"title":"Towards a User-centred Security Framework for Social Robots in Public Spaces","authors":"S. O. Oruma","doi":"10.1145/3593434.3593446","DOIUrl":"https://doi.org/10.1145/3593434.3593446","url":null,"abstract":"The use of social robots in public spaces is becoming increasingly popular due to their ability to provide personalized services to users. However, the convergence of different technologies and software applications has raised concerns regarding security requirements, standards, and regulations. Specifically, there are significant concerns about the evolving threat landscape for software applications in public settings, where social robots interact without supervision and are in direct contact with threat actors. During the development of social robots software, developers and practitioners need practical tools to continuously assess their products’ security profiles. This paper presents a preventive approach to the dynamic evolving security landscape of Social Robots in Public Spaces (SRPS) using design science research (DSR) methodology to develop a security framework. The study investigates security threats, vulnerabilities, and risks associated with SRPS software development and analyzes existing related frameworks to design a security framework for SRPS software developers. The research aims to provide insights into the security aspects of SRPS software application development processes and contribute to developing effective security frameworks to mitigate evolving risks and ensure secure operation and acceptance in public spaces.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"417 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116705441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Giacomo Garaccione, Riccardo Coppola, Luca Ardito, Marco Torchiano
Business Process Modeling (BPM) is a skill considered fundamental for computer engineers, with Business Process Modeling Notation (BPMN) being one of the most commonly used notations for this discipline. BPMN modeling is present in different curricula in specific Master’s Degree courses related to software engineering, but, in practice, students often underperform on BPMN modeling exercises due to difficulties in learning good modeling practices. In recent years, more and more fields of computer science have employed gamification (the usage of game elements in non-recreational contexts to gain benefits in terms of interest, participation, motivation, and enjoyment) with positive results during both development and teaching processes. Thus, we have developed a platform for BPMN modeling that employs gamification mechanics to facilitate learning good modeling practices with mechanisms such as rewarding good modeling solutions and penalizing less correct ones, with a dedicated feedback mechanism that maps correctly modeled elements to the corresponding concept. A preliminary laboratory experiment has been conducted with students of an Information Systems course to evaluate how students receive the mechanics and if there may be benefits in using a gamified environment for teaching process modeling throughout an entire course.
{"title":"Gamification of Business Process Modeling Notation education: an experience report","authors":"Giacomo Garaccione, Riccardo Coppola, Luca Ardito, Marco Torchiano","doi":"10.1145/3593434.3593956","DOIUrl":"https://doi.org/10.1145/3593434.3593956","url":null,"abstract":"Business Process Modeling (BPM) is a skill considered fundamental for computer engineers, with Business Process Modeling Notation (BPMN) being one of the most commonly used notations for this discipline. BPMN modeling is present in different curricula in specific Master’s Degree courses related to software engineering, but, in practice, students often underperform on BPMN modeling exercises due to difficulties in learning good modeling practices. In recent years, more and more fields of computer science have employed gamification (the usage of game elements in non-recreational contexts to gain benefits in terms of interest, participation, motivation, and enjoyment) with positive results during both development and teaching processes. Thus, we have developed a platform for BPMN modeling that employs gamification mechanics to facilitate learning good modeling practices with mechanisms such as rewarding good modeling solutions and penalizing less correct ones, with a dedicated feedback mechanism that maps correctly modeled elements to the corresponding concept. A preliminary laboratory experiment has been conducted with students of an Information Systems course to evaluate how students receive the mechanics and if there may be benefits in using a gamified environment for teaching process modeling throughout an entire course.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116712919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: