Binary classifiers are commonly used in software engineering research to estimate several software qualities, e.g., defectiveness or vulnerability. Thus, it is important to adequately evaluate how well binary classifiers perform, before they are used in practice. The Area Under the Curve (AUC) of Receiver Operating Characteristic curves has often been used to this end. However, AUC has been the target of some criticisms, so it is necessary to evaluate under what conditions and to what extent AUC can be a reliable performance metric. We analyze AUC in relation to ϕ (also known as Matthews Correlation Coefficient), often considered a more reliable performance metric, by building the lines in the ROC space with constant value of ϕ, for several values of ϕ, and computing the corresponding values of AUC. By their very definitions, AUC and ϕ depend on the prevalence ρ of a dataset, which is the proportion of its positive instances (e.g., the defective software modules). Hence, so does the relationship between AUC and ϕ. It turns out that AUC and ϕ are very well correlated, and therefore provide concordant indications, for balanced datasets (those with ρ ≃ 0.5). Instead, AUC tends to become quite large, and hence provide over-optimistic indications, for very imbalanced datasets (those with ρ ≃ 0 or ρ ≃ 1). We use examples from the software engineering literature to illustrate the analytical relationship linking AUC, ϕ, and ρ. We show that, for some values of ρ, the evaluation of performance based exclusively on AUC can be deceiving. In conclusion, this paper provides some guidelines for an informed usage and interpretation of AUC.
{"title":"On the Reliability of the Area Under the ROC Curve in Empirical Software Engineering","authors":"L. Lavazza, S. Morasca, Gabriele Rotoloni","doi":"10.1145/3593434.3593456","DOIUrl":"https://doi.org/10.1145/3593434.3593456","url":null,"abstract":"Binary classifiers are commonly used in software engineering research to estimate several software qualities, e.g., defectiveness or vulnerability. Thus, it is important to adequately evaluate how well binary classifiers perform, before they are used in practice. The Area Under the Curve (AUC) of Receiver Operating Characteristic curves has often been used to this end. However, AUC has been the target of some criticisms, so it is necessary to evaluate under what conditions and to what extent AUC can be a reliable performance metric. We analyze AUC in relation to ϕ (also known as Matthews Correlation Coefficient), often considered a more reliable performance metric, by building the lines in the ROC space with constant value of ϕ, for several values of ϕ, and computing the corresponding values of AUC. By their very definitions, AUC and ϕ depend on the prevalence ρ of a dataset, which is the proportion of its positive instances (e.g., the defective software modules). Hence, so does the relationship between AUC and ϕ. It turns out that AUC and ϕ are very well correlated, and therefore provide concordant indications, for balanced datasets (those with ρ ≃ 0.5). Instead, AUC tends to become quite large, and hence provide over-optimistic indications, for very imbalanced datasets (those with ρ ≃ 0 or ρ ≃ 1). We use examples from the software engineering literature to illustrate the analytical relationship linking AUC, ϕ, and ρ. We show that, for some values of ρ, the evaluation of performance based exclusively on AUC can be deceiving. In conclusion, this paper provides some guidelines for an informed usage and interpretation of AUC.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129957524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Thu T. H. Doan, P. Nguyen, Juri Di Rocco, Davide Di Ruscio
The ability to allow developers to share their source code and collaborate on software projects has made GitHub a widely used open source platform. Each repository in GitHub is generally equipped with a README.MD file to exhibit an overview of the main functionalities. Nevertheless, while offering useful information, README.MD is usually lengthy, requiring time and effort to read and comprehend. Thus, besides README.MD, GitHub also allows its users to add a short description called “About,” giving a brief but informative summary about the repository. This enables visitors to quickly grasp the main content and decide whether to continue reading. Unfortunately, due to various reasons–not excluding laziness–oftentimes this field is left blank by developers. This paper proposes GitSum as a novel approach to the summarization of README.MD. GitSum is built on top of BART and T5, two cutting-edge deep learning techniques, learning from existing data to perform recommendations for repositories with a missing description. We test its performance using two datasets collected from GitHub. The evaluation shows that GitSum can generate relevant predictions, outperforming a well-established baseline.
{"title":"Too long; didn’t read: Automatic summarization of GitHub README.MD with Transformers","authors":"Thu T. H. Doan, P. Nguyen, Juri Di Rocco, Davide Di Ruscio","doi":"10.1145/3593434.3593448","DOIUrl":"https://doi.org/10.1145/3593434.3593448","url":null,"abstract":"The ability to allow developers to share their source code and collaborate on software projects has made GitHub a widely used open source platform. Each repository in GitHub is generally equipped with a README.MD file to exhibit an overview of the main functionalities. Nevertheless, while offering useful information, README.MD is usually lengthy, requiring time and effort to read and comprehend. Thus, besides README.MD, GitHub also allows its users to add a short description called “About,” giving a brief but informative summary about the repository. This enables visitors to quickly grasp the main content and decide whether to continue reading. Unfortunately, due to various reasons–not excluding laziness–oftentimes this field is left blank by developers. This paper proposes GitSum as a novel approach to the summarization of README.MD. GitSum is built on top of BART and T5, two cutting-edge deep learning techniques, learning from existing data to perform recommendations for repositories with a missing description. We test its performance using two datasets collected from GitHub. The evaluation shows that GitSum can generate relevant predictions, outperforming a well-established baseline.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130921833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software deployment is the last stage of the software development life cycle (SDLC). It includes the execution of software in a customer environment. Nowadays, security has been integrated with the SDLC stages to produce secure software, improve software quality, and increase customer satisfaction. However, the software has become complex in recent execution environments, putting more pressure on securely deploying the software in these environments. This work extends our previous study published in [11], in which we have identified a list of best practices to address the secure software deployment challenges. In our previous study, we categorized secure software deployment challenges into five levels of importance; critical, high, medium, low, and very low level. In this study, we provided best practices to overcome critical, high, and medium level challenges. Initially, a traditional literature review was conducted to identify best practices to overcome the challenges of secure software deployment. After that, data was collected via a questionnaire from 10 software deployment professionals to identify best practices that can be used to address the identified challenges. The outcome of this research assists software organizations in overcoming the challenges of secure software deployment. In addition, this study guides software organizations toward the secure deployment of software products.
{"title":"Toward Successful Secure Software Deployment: An Empirical Study","authors":"Azzah Alghamdi, M. Niazi","doi":"10.1145/3593434.3593966","DOIUrl":"https://doi.org/10.1145/3593434.3593966","url":null,"abstract":"Software deployment is the last stage of the software development life cycle (SDLC). It includes the execution of software in a customer environment. Nowadays, security has been integrated with the SDLC stages to produce secure software, improve software quality, and increase customer satisfaction. However, the software has become complex in recent execution environments, putting more pressure on securely deploying the software in these environments. This work extends our previous study published in [11], in which we have identified a list of best practices to address the secure software deployment challenges. In our previous study, we categorized secure software deployment challenges into five levels of importance; critical, high, medium, low, and very low level. In this study, we provided best practices to overcome critical, high, and medium level challenges. Initially, a traditional literature review was conducted to identify best practices to overcome the challenges of secure software deployment. After that, data was collected via a questionnaire from 10 software deployment professionals to identify best practices that can be used to address the identified challenges. The outcome of this research assists software organizations in overcoming the challenges of secure software deployment. In addition, this study guides software organizations toward the secure deployment of software products.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116011979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dorieh M. Alomari, Fatima M. Anis, Maryam Alabdullatif, Hamoud Aljamaan
Botnets can be a major risk to computer networks, as they attack in dangerous and diverse ways. They are becoming increasingly challenging due to the massive amount of network devices and the obfuscation of communication protocols. This paper provides a critical review and analysis of the recent Machine Learning based models for detecting botnet attacks. It explains the used methodologies, datasets, validation methods, and detection metrics. This paper also identifies the current gaps and limitations to provide recommendations for future research directions in this field. This survey can be used as a guide for new researchers to enhance this research area.
{"title":"A Survey on Botnets Attack Detection Utilizing Machine and Deep Learning Models","authors":"Dorieh M. Alomari, Fatima M. Anis, Maryam Alabdullatif, Hamoud Aljamaan","doi":"10.1145/3593434.3593967","DOIUrl":"https://doi.org/10.1145/3593434.3593967","url":null,"abstract":"Botnets can be a major risk to computer networks, as they attack in dangerous and diverse ways. They are becoming increasingly challenging due to the massive amount of network devices and the obfuscation of communication protocols. This paper provides a critical review and analysis of the recent Machine Learning based models for detecting botnet attacks. It explains the used methodologies, datasets, validation methods, and detection metrics. This paper also identifies the current gaps and limitations to provide recommendations for future research directions in this field. This survey can be used as a guide for new researchers to enhance this research area.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128326734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Linus Wagner, Maximilian Mayer, Andrea Marino, Alireza Soldani Nezhad, Hugo Zwaan, I. Malavolta
Context. WebAssembly (WASM) is a low-level bytecode format that is gaining traction among Internet of Things (IoT) devices. Because of IoT devices’ resources limitations, using WASM is becoming a popular technique for virtualization on IoT devices. However, it is unclear if the promises of WASM regarding its efficient use of energy and performance gains hold true. Goal. This study aims to determine how different source programming languages and runtime environments affect the energy consumption and performance of WASM binaries. Method. We perform a controlled experiment where we compile three benchmarking algorithms from four different programming languages (i.e., C, Rust, Go, and JavaScript) to WASM and run them using two different WASM runtimes on a Raspberry Pi 3B. Results. The source programming language significantly influences the performance and energy consumption of WASM binaries. We did not find evidence of the impact of the runtime environment. However, certain combinations of source programming language and runtime environment leads to a significant improvement of its energy consumption and performance. Conclusions. IoT developers should choose the source programming language wisely to benefit from better performance and a reduction in energy consumption. Specifically, Javy-compiled JavaScript should be avoided, while C and Rust are better options. We found no conclusive results for the choice of the WASM runtime.
{"title":"On the Energy Consumption and Performance of WebAssembly Binaries across Programming Languages and Runtimes in IoT","authors":"Linus Wagner, Maximilian Mayer, Andrea Marino, Alireza Soldani Nezhad, Hugo Zwaan, I. Malavolta","doi":"10.1145/3593434.3593454","DOIUrl":"https://doi.org/10.1145/3593434.3593454","url":null,"abstract":"Context. WebAssembly (WASM) is a low-level bytecode format that is gaining traction among Internet of Things (IoT) devices. Because of IoT devices’ resources limitations, using WASM is becoming a popular technique for virtualization on IoT devices. However, it is unclear if the promises of WASM regarding its efficient use of energy and performance gains hold true. Goal. This study aims to determine how different source programming languages and runtime environments affect the energy consumption and performance of WASM binaries. Method. We perform a controlled experiment where we compile three benchmarking algorithms from four different programming languages (i.e., C, Rust, Go, and JavaScript) to WASM and run them using two different WASM runtimes on a Raspberry Pi 3B. Results. The source programming language significantly influences the performance and energy consumption of WASM binaries. We did not find evidence of the impact of the runtime environment. However, certain combinations of source programming language and runtime environment leads to a significant improvement of its energy consumption and performance. Conclusions. IoT developers should choose the source programming language wisely to benefit from better performance and a reduction in energy consumption. Specifically, Javy-compiled JavaScript should be avoided, while C and Rust are better options. We found no conclusive results for the choice of the WASM runtime.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122097421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Changes to a software project are inevitable as the software requires continuous adaptations, improvements, and corrections throughout maintenance. Identifying the purpose and impact of changes made to the codebase is critical in software engineering. However, manually identifying and characterizing software changes can be a time-consuming and tedious process that adds to the workload of software engineers. To address this challenge, several attempts have been made to automatically identify and demystify intents of software changes based on software artifacts such as commit change logs, issue reports, change messages, source code files, and software documentation. However, these existing approaches have their limitations. These include a lack of data, limited performance, and an inability to evaluate compound changes. This paper presents a doctoral research proposal that aims to automate the process of identifying commit-level changes in software projects using software repository mining and code representation learning models. The research background, state-of-the-art, research objectives, research agenda, and threats to validity are discussed.
{"title":"Automatic Data-Driven Software Change Identification via Code Representation Learning","authors":"Tjaša Heričko","doi":"10.1145/3593434.3593505","DOIUrl":"https://doi.org/10.1145/3593434.3593505","url":null,"abstract":"Changes to a software project are inevitable as the software requires continuous adaptations, improvements, and corrections throughout maintenance. Identifying the purpose and impact of changes made to the codebase is critical in software engineering. However, manually identifying and characterizing software changes can be a time-consuming and tedious process that adds to the workload of software engineers. To address this challenge, several attempts have been made to automatically identify and demystify intents of software changes based on software artifacts such as commit change logs, issue reports, change messages, source code files, and software documentation. However, these existing approaches have their limitations. These include a lack of data, limited performance, and an inability to evaluate compound changes. This paper presents a doctoral research proposal that aims to automate the process of identifying commit-level changes in software projects using software repository mining and code representation learning models. The research background, state-of-the-art, research objectives, research agenda, and threats to validity are discussed.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132273963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Blockchain systems have received increased interest over the past few years, and several new fields of use, such as supply chain systems, are being investigated. Since blockchain is still a new technology, various papers have explored how to apply it to support use cases outside the limited scope of digital currencies. Systems require solid technological implementation and perceived trust among users to ensure their interests and successful usage in practice. This study aimed to understand what graphic user interface (GUI) elements of a blockchain-based system make users trust that their best interests, such as security and privacy, are maintained in the systems. As a case study, we developed a few blockchain-based supply chain GUI mockups with different elements that reflect the security and privacy features of the system. We then conducted 30 interviews in Norway and China to collect the users’ opinions on whether the information presented in the GUIs helps them trust the system. The results show that users want access to as much information and data as the system can provide. The users’ trust in the system increases if the GUI features give users the impression that the inner workings of the blockchain-based system are transparent. However, users prefer the information presented as more conceptual than technical in the first place. However, users appreciate the possibility of clicking on the conceptual explanation and getting more in-depth blockchain-related technical information if needed.
{"title":"Perceived Trust in Blockchain Systems: An Interview-based Survey","authors":"Huikun Liu, Yanze Wang, Zhaowei Jiang, He Zhang, Jingyue Li, Sigurd Eileras, Haakon Pelsholen Busterud","doi":"10.1145/3593434.3593521","DOIUrl":"https://doi.org/10.1145/3593434.3593521","url":null,"abstract":"Blockchain systems have received increased interest over the past few years, and several new fields of use, such as supply chain systems, are being investigated. Since blockchain is still a new technology, various papers have explored how to apply it to support use cases outside the limited scope of digital currencies. Systems require solid technological implementation and perceived trust among users to ensure their interests and successful usage in practice. This study aimed to understand what graphic user interface (GUI) elements of a blockchain-based system make users trust that their best interests, such as security and privacy, are maintained in the systems. As a case study, we developed a few blockchain-based supply chain GUI mockups with different elements that reflect the security and privacy features of the system. We then conducted 30 interviews in Norway and China to collect the users’ opinions on whether the information presented in the GUIs helps them trust the system. The results show that users want access to as much information and data as the system can provide. The users’ trust in the system increases if the GUI features give users the impression that the inner workings of the blockchain-based system are transparent. However, users prefer the information presented as more conceptual than technical in the first place. However, users appreciate the possibility of clicking on the conceptual explanation and getting more in-depth blockchain-related technical information if needed.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132357883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software engineering artifacts are central to DevOps, enabling the collaboration of teams involved with integrating the development and operations domains. However, collaboration around DevOps artifacts has yet to receive detailed research attention. We apply the sociological concept of Boundary Objects to describe and evaluate the specific software engineering artifacts that enable a cross-disciplinary understanding. Using this focus, we investigate how different DevOps stakeholders can collaborate efficiently using common artifacts. We performed a multiple case study and conducted twelve semi-structured interviews with DevOps practitioners in nine companies. We elicited participants’ collaboration practices, focusing on the coordination of stakeholders and the use of engineering artifacts as a means of translation. This paper presents a consolidated overview of four categories of DevOps Boundary Objects and eleven stakeholder groups relevant to DevOps. To help practitioners assess cross-disciplinary knowledge management strategies, we detail how DevOps Boundary Objects contribute to four areas of DevOps knowledge and propose derived dimensions to evaluate their use.
{"title":"Investigating Software Engineering Artifacts in DevOps Through the Lens of Boundary Objects","authors":"Christoph Matthies, R. Heinrich, Rebekka Wohlrab","doi":"10.1145/3593434.3593441","DOIUrl":"https://doi.org/10.1145/3593434.3593441","url":null,"abstract":"Software engineering artifacts are central to DevOps, enabling the collaboration of teams involved with integrating the development and operations domains. However, collaboration around DevOps artifacts has yet to receive detailed research attention. We apply the sociological concept of Boundary Objects to describe and evaluate the specific software engineering artifacts that enable a cross-disciplinary understanding. Using this focus, we investigate how different DevOps stakeholders can collaborate efficiently using common artifacts. We performed a multiple case study and conducted twelve semi-structured interviews with DevOps practitioners in nine companies. We elicited participants’ collaboration practices, focusing on the coordination of stakeholders and the use of engineering artifacts as a means of translation. This paper presents a consolidated overview of four categories of DevOps Boundary Objects and eleven stakeholder groups relevant to DevOps. To help practitioners assess cross-disciplinary knowledge management strategies, we detail how DevOps Boundary Objects contribute to four areas of DevOps knowledge and propose derived dimensions to evaluate their use.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133426166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Background: InnerSource consists of the use of open source development techniques within the corporation. It helps improve software reuse through increased transparency and inter-team collaboration. Companies need to understand their context and specific needs before deciding to adopt any specific InnerSource practices since they cannot apply all InnerSource practices at once. Aim: This study aims to support the case company in assessing its readiness for adopting InnerSource practices to improve its internal reuse, identify and prioritize the improvement areas, and identify suitable solutions. Method: We performed a case study using a questionnaire and a workshop to check the current and desired status of adopting InnerSource practices and collect potential solutions. Results: The study participants identified that the company needs to prioritize the improvements related to the discoverability, communication channels, and ownership of the reusable assets. In addition, they identified certain InnerSource practices as solutions for the prioritized improvement areas, such as better structured repositories for storing and searching the reusable assets and standardized documentation of the reusable assets. Conclusion: The questionnaire instrument aids the case company in identifying the improvement areas related to InnerSource and reuse practices. InnerSource practices could improve the development and maintenance of reusable assets. Keywords: InnerSource, software reuse, readiness
{"title":"Using InnerSource for Improving Internal Reuse: An Industrial Case Study","authors":"Xingru Chen, M. Usman, Deepika Badampudi","doi":"10.1145/3593434.3593466","DOIUrl":"https://doi.org/10.1145/3593434.3593466","url":null,"abstract":"Background: InnerSource consists of the use of open source development techniques within the corporation. It helps improve software reuse through increased transparency and inter-team collaboration. Companies need to understand their context and specific needs before deciding to adopt any specific InnerSource practices since they cannot apply all InnerSource practices at once. Aim: This study aims to support the case company in assessing its readiness for adopting InnerSource practices to improve its internal reuse, identify and prioritize the improvement areas, and identify suitable solutions. Method: We performed a case study using a questionnaire and a workshop to check the current and desired status of adopting InnerSource practices and collect potential solutions. Results: The study participants identified that the company needs to prioritize the improvements related to the discoverability, communication channels, and ownership of the reusable assets. In addition, they identified certain InnerSource practices as solutions for the prioritized improvement areas, such as better structured repositories for storing and searching the reusable assets and standardized documentation of the reusable assets. Conclusion: The questionnaire instrument aids the case company in identifying the improvement areas related to InnerSource and reuse practices. InnerSource practices could improve the development and maintenance of reusable assets. Keywords: InnerSource, software reuse, readiness","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123592138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Blockchain has been recognised as a technological breakthrough with the ability to support new decentralised security-based solutions in sectors such as information technology and finance. Blockchain allows different communities to create Decentralised Autonomous Organisations (DAOs), which are self-organised democratic organisations controlled by smart contracts. This paper presents a new DAO model for the procurement of services by public organisations, such as government agencies. To demonstrate the advantages of this solution, this work looks specifically at current public procurement systems that resort to third-party contractors that manage these negotiations. Third parties lack the transparency, security, and democratic representation that a DAO can provide. We present the implementation of a DAO as a set of smart contracts executed on Ethereum-compatible permissionless blockchains, supported by a consensus algorithm, replacing third-party contractors.
{"title":"Decentralised Autonomous Organisations for Public Procurement","authors":"Felix Monteiro, Miguel Correia","doi":"10.1145/3593434.3593519","DOIUrl":"https://doi.org/10.1145/3593434.3593519","url":null,"abstract":"Blockchain has been recognised as a technological breakthrough with the ability to support new decentralised security-based solutions in sectors such as information technology and finance. Blockchain allows different communities to create Decentralised Autonomous Organisations (DAOs), which are self-organised democratic organisations controlled by smart contracts. This paper presents a new DAO model for the procurement of services by public organisations, such as government agencies. To demonstrate the advantages of this solution, this work looks specifically at current public procurement systems that resort to third-party contractors that manage these negotiations. Third parties lack the transparency, security, and democratic representation that a DAO can provide. We present the implementation of a DAO as a set of smart contracts executed on Ethereum-compatible permissionless blockchains, supported by a consensus algorithm, replacing third-party contractors.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114569799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: