Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00020
V. Mosin, M. Staron, Darko Durisic, F. D. O. Neto, Sushant Kumar Pandey, Ashok Chaitanya Koppisetty
Deep learning (DL) systems are becoming an essential part of software systems, so it is necessary to test them thoroughly. This is a challenging task since the test sets can grow over time as the new data is being acquired, and it becomes time-consuming. Input prioritization is necessary to reduce the testing time since prioritized test inputs are more likely to reveal the erroneous behavior of a DL system earlier during test execution. Input prioritization approaches have been rudimentary analyzed against each other, this study compares different input prioritization techniques regarding their effectiveness and efficiency. This work considers surprise adequacy, autoencoder-based, and similarity-based input prioritization approaches in the example of testing a DL image classification algorithms applied on MNIST, Fashion-MNIST, CIFAR-10, and STL-10 datasets. To measure effectiveness and efficiency, we use a modified APFD (Average Percentage of Fault Detected), and set up & execution time, respectively. We observe that the surprise adequacy is the most effective (0.785 to 0.914 APFD). The autoencoder-based and similarity-based techniques are less effective, with the performance from 0.532 to 0.744 APFD and 0.579 to 0.709 APFD, respectively. In contrast, the similarity-based and surprise adequacy-based approaches are the most and least efficient, respectively. The findings in this work demonstrate the trade-off between the considered input prioritization techniques to understanding their practical applicability for testing DL algorithms.
{"title":"Comparing Input Prioritization Techniques for Testing Deep Learning Algorithms","authors":"V. Mosin, M. Staron, Darko Durisic, F. D. O. Neto, Sushant Kumar Pandey, Ashok Chaitanya Koppisetty","doi":"10.1109/SEAA56994.2022.00020","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00020","url":null,"abstract":"Deep learning (DL) systems are becoming an essential part of software systems, so it is necessary to test them thoroughly. This is a challenging task since the test sets can grow over time as the new data is being acquired, and it becomes time-consuming. Input prioritization is necessary to reduce the testing time since prioritized test inputs are more likely to reveal the erroneous behavior of a DL system earlier during test execution. Input prioritization approaches have been rudimentary analyzed against each other, this study compares different input prioritization techniques regarding their effectiveness and efficiency. This work considers surprise adequacy, autoencoder-based, and similarity-based input prioritization approaches in the example of testing a DL image classification algorithms applied on MNIST, Fashion-MNIST, CIFAR-10, and STL-10 datasets. To measure effectiveness and efficiency, we use a modified APFD (Average Percentage of Fault Detected), and set up & execution time, respectively. We observe that the surprise adequacy is the most effective (0.785 to 0.914 APFD). The autoencoder-based and similarity-based techniques are less effective, with the performance from 0.532 to 0.744 APFD and 0.579 to 0.709 APFD, respectively. In contrast, the similarity-based and surprise adequacy-based approaches are the most and least efficient, respectively. The findings in this work demonstrate the trade-off between the considered input prioritization techniques to understanding their practical applicability for testing DL algorithms.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121071610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00028
F. Altiero, Giovanni Colella, A. Corazza, S. Martino, A. Peron, L. L. L. Starace
Regression testing is a practice aimed at providing confidence that, within software maintenance, the changes in the code base have introduced no faults in previously validated functionalities. With the software industry shifting towards iterative and incremental development with shorter release cycles, the straightforward approach of re-executing the entire test suite on each new version of the software is often unfeasible due to time and resource constraints. In such scenarios, Test Case Prioritization (TCP) strategies aim at providing an effective ordering of the test suite, so that the tests that are more likely to expose faults are executed earlier and fault detection is maximised even when test execution needs to be abruptly terminated due to external constraints. In this work, we propose Genetic-Diff, a TCP strategy based on a genetic algorithm featuring a specifically-designed crossover operator and a novel objective function that combines code coverage metrics with an analysis of changes in the code base. We empirically evaluate the proposed algorithm on several releases of three heterogeneous real-world, open source Java projects, in which we artificially injected faults, and compare the results with other state-of-the-art TCP techniques using fault-detection rate metrics. Findings show that the proposed technique performs generally better than the baselines, especially when there is a limited amount of code changes, which is a common scenario in modern development practices.
{"title":"Change-Aware Regression Test Prioritization using Genetic Algorithms","authors":"F. Altiero, Giovanni Colella, A. Corazza, S. Martino, A. Peron, L. L. L. Starace","doi":"10.1109/SEAA56994.2022.00028","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00028","url":null,"abstract":"Regression testing is a practice aimed at providing confidence that, within software maintenance, the changes in the code base have introduced no faults in previously validated functionalities. With the software industry shifting towards iterative and incremental development with shorter release cycles, the straightforward approach of re-executing the entire test suite on each new version of the software is often unfeasible due to time and resource constraints. In such scenarios, Test Case Prioritization (TCP) strategies aim at providing an effective ordering of the test suite, so that the tests that are more likely to expose faults are executed earlier and fault detection is maximised even when test execution needs to be abruptly terminated due to external constraints. In this work, we propose Genetic-Diff, a TCP strategy based on a genetic algorithm featuring a specifically-designed crossover operator and a novel objective function that combines code coverage metrics with an analysis of changes in the code base. We empirically evaluate the proposed algorithm on several releases of three heterogeneous real-world, open source Java projects, in which we artificially injected faults, and compare the results with other state-of-the-art TCP techniques using fault-detection rate metrics. Findings show that the proposed technique performs generally better than the baselines, especially when there is a limited amount of code changes, which is a common scenario in modern development practices.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116329214","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00075
J. A. Carruthers, J. A. D. Pace, E. Irrazábal
Context: Software projects are common inputs in Empirical Software Engineering (ESE) studies, although they are often selected with ad-hoc strategies that reduce the generalizability of the results. An alternative is the usage of available datasets of software projects, which should be current and follow explicit rules for ensuring their validity over time. Goal: In this context, it is important to assess the general state of software datasets in terms of purpose, last update, project characterization, source code metrics, and tools to extract source-code-related artifacts. Method: We conducted a systematic mapping study retrieving software datasets used in ESE studies published from January 2013 to December 2021. Results: We selected 74 datasets created mainly for software defects, software estimation, and software maintainability studies. The majority of these datasets (64%) explicitly stated the characteristics to select the projects, and the most common programming languages were Java and C. Conclusions: Our study identified scarce efforts to keep datasets updated over time and also provides recommendations to support their construction and consumption for ESE studies.
{"title":"How are software datasets constructed in Empirical Software Engineering studies? A systematic mapping study","authors":"J. A. Carruthers, J. A. D. Pace, E. Irrazábal","doi":"10.1109/SEAA56994.2022.00075","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00075","url":null,"abstract":"Context: Software projects are common inputs in Empirical Software Engineering (ESE) studies, although they are often selected with ad-hoc strategies that reduce the generalizability of the results. An alternative is the usage of available datasets of software projects, which should be current and follow explicit rules for ensuring their validity over time. Goal: In this context, it is important to assess the general state of software datasets in terms of purpose, last update, project characterization, source code metrics, and tools to extract source-code-related artifacts. Method: We conducted a systematic mapping study retrieving software datasets used in ESE studies published from January 2013 to December 2021. Results: We selected 74 datasets created mainly for software defects, software estimation, and software maintainability studies. The majority of these datasets (64%) explicitly stated the characteristics to select the projects, and the most common programming languages were Java and C. Conclusions: Our study identified scarce efforts to keep datasets updated over time and also provides recommendations to support their construction and consumption for ESE studies.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114592910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00012
M. Jureček, Olha Jurecková
Machine learning algorithms are widely used in the area of malware detection. With the growth of sample amounts, training of classification algorithms becomes more and more expensive. In addition, training data sets may contain redundant or noisy instances. The problem to be solved is how to select representative instances from large training data sets without reducing the accuracy. This work presents a new parallel instance selection algorithm called Parallel Instance Filtering (PIF). The main idea of the algorithm is to split the data set into non-overlapping subsets of instances covering the whole data set and apply a filtering process for each subset. Each subset consists of instances that have the same nearest enemy. As a result, the PIF algorithm is fast since subsets are processed independently of each other using parallel computation. We compare the PIF algorithm with several state-of-the-art instance selection algorithms on a large data set of 500,000 malicious and benign samples. The feature set was extracted using static analysis, and it includes metadata from the portable executable file format. Our experimental results demonstrate that the proposed instance selection algorithm reduces the size of a training data set significantly with the only slightly decreased accuracy. The PIF algorithm outperforms existing instance selection methods used in the experiments in terms of the ratio between average classification accuracy and storage percentage.
{"title":"Parallel Instance Filtering for Malware Detection","authors":"M. Jureček, Olha Jurecková","doi":"10.1109/SEAA56994.2022.00012","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00012","url":null,"abstract":"Machine learning algorithms are widely used in the area of malware detection. With the growth of sample amounts, training of classification algorithms becomes more and more expensive. In addition, training data sets may contain redundant or noisy instances. The problem to be solved is how to select representative instances from large training data sets without reducing the accuracy. This work presents a new parallel instance selection algorithm called Parallel Instance Filtering (PIF). The main idea of the algorithm is to split the data set into non-overlapping subsets of instances covering the whole data set and apply a filtering process for each subset. Each subset consists of instances that have the same nearest enemy. As a result, the PIF algorithm is fast since subsets are processed independently of each other using parallel computation. We compare the PIF algorithm with several state-of-the-art instance selection algorithms on a large data set of 500,000 malicious and benign samples. The feature set was extracted using static analysis, and it includes metadata from the portable executable file format. Our experimental results demonstrate that the proposed instance selection algorithm reduces the size of a training data set significantly with the only slightly decreased accuracy. The PIF algorithm outperforms existing instance selection methods used in the experiments in terms of the ratio between average classification accuracy and storage percentage.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127380520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00072
Sven Smolka, Jan Laufer, Z. Mann, K. Pohl
Edge computing enables the processing of data - frequently personal data - at the edge of the network. For personal data, legislation such as the European General Data Protection Regulation requires data protection by design. Hence, data protection has to be accounted for in the design of edge computing systems whenever personal data is involved. This leads to specific requirements for modeling the architecture of edge computing systems, e.g., representation of data and network properties. To the best of our knowledge, no existing modeling language fulfils all these requirements. In our previous work we showed that the commonly used UML profile UMLsec fulfils some of these requirements, and can thus serve as a starting point. The aim of this paper is to create a modeling language which meets all requirements concerning the design of the architecture of edge computing systems accounting for data protection. Thus, we extend UMLsec to satisfy all requirements. We call the resulting UML profile UMLsec4Edge. We follow a systematic approach to develop UMLsec4Edge. We app UMLsec4Edge to real-world use cases from different domains, and create appropriate deployment diagrams and class diagrams. These diagrams show UMLsec4Edge is capable of meeting the requirements.
{"title":"UMLsec4Edge: Extending UMLsec to model data-protection-compliant edge computing systems","authors":"Sven Smolka, Jan Laufer, Z. Mann, K. Pohl","doi":"10.1109/SEAA56994.2022.00072","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00072","url":null,"abstract":"Edge computing enables the processing of data - frequently personal data - at the edge of the network. For personal data, legislation such as the European General Data Protection Regulation requires data protection by design. Hence, data protection has to be accounted for in the design of edge computing systems whenever personal data is involved. This leads to specific requirements for modeling the architecture of edge computing systems, e.g., representation of data and network properties. To the best of our knowledge, no existing modeling language fulfils all these requirements. In our previous work we showed that the commonly used UML profile UMLsec fulfils some of these requirements, and can thus serve as a starting point. The aim of this paper is to create a modeling language which meets all requirements concerning the design of the architecture of edge computing systems accounting for data protection. Thus, we extend UMLsec to satisfy all requirements. We call the resulting UML profile UMLsec4Edge. We follow a systematic approach to develop UMLsec4Edge. We app UMLsec4Edge to real-world use cases from different domains, and create appropriate deployment diagrams and class diagrams. These diagrams show UMLsec4Edge is capable of meeting the requirements.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122018716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00036
Tobias Lorey, Stefan Mohacsi, Armin Beer, M. Felderer
Recruiting and onboarding software testing professionals are complex and cost intensive activities. Whether onboarding is successful and sustainable depends on both the employee as well as the organization and is influenced by a number of often highly individual factors. Therefore, we propose the Software Testing Onboarding Model (STORM) for sustainably onboarding software testing professionals based on existing frameworks and models taking into account onboarding processes, sustainability, and test processes. In addition, we provide detailed instructions on how to apply the model to real-world onboarding processes.
{"title":"STORM: A Software Testing Onboarding Model","authors":"Tobias Lorey, Stefan Mohacsi, Armin Beer, M. Felderer","doi":"10.1109/SEAA56994.2022.00036","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00036","url":null,"abstract":"Recruiting and onboarding software testing professionals are complex and cost intensive activities. Whether onboarding is successful and sustainable depends on both the employee as well as the organization and is influenced by a number of often highly individual factors. Therefore, we propose the Software Testing Onboarding Model (STORM) for sustainably onboarding software testing professionals based on existing frameworks and models taking into account onboarding processes, sustainability, and test processes. In addition, we provide detailed instructions on how to apply the model to real-world onboarding processes.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123412759","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00074
Stefan Trieflinger, Dimitri Petrik, G. Herzwurm, Jürgen Münch
Providing a digital infrastructure, platform technologies foster interfirm collaboration between loosely coupled companies, enabling the formation of ecosystems and building the organizational structure for value co-creation. Despite the known potential, the development of platform ecosystems creates new sources of complexity and uncertainty due to the involvement of various independent actors. For a platform ecosystem to succeed, it is essential that the platform ecosystem participants are aligned, coordinated, and given a common direction. Traditionally, product roadmaps have served these purposes during product development. A systematic mapping study was conducted to better understand how product roadmapping could be used in the dynamic environment of platform ecosystems. One result of the study is that there are hardly any concrete approaches for product roadmapping in platform ecosystems so far. However, many challenges on the topic are described in the literature from different perspectives. Based on the results of the systematic mapping study, a research agenda for product roadmapping in platform ecosystems is derived and presented.
{"title":"Aligning Platform Ecosystems Through Product Roadmapping: Systematic Mapping Study and Research Agenda","authors":"Stefan Trieflinger, Dimitri Petrik, G. Herzwurm, Jürgen Münch","doi":"10.1109/SEAA56994.2022.00074","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00074","url":null,"abstract":"Providing a digital infrastructure, platform technologies foster interfirm collaboration between loosely coupled companies, enabling the formation of ecosystems and building the organizational structure for value co-creation. Despite the known potential, the development of platform ecosystems creates new sources of complexity and uncertainty due to the involvement of various independent actors. For a platform ecosystem to succeed, it is essential that the platform ecosystem participants are aligned, coordinated, and given a common direction. Traditionally, product roadmaps have served these purposes during product development. A systematic mapping study was conducted to better understand how product roadmapping could be used in the dynamic environment of platform ecosystems. One result of the study is that there are hardly any concrete approaches for product roadmapping in platform ecosystems so far. However, many challenges on the topic are described in the literature from different perspectives. Based on the results of the systematic mapping study, a research agenda for product roadmapping in platform ecosystems is derived and presented.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131176880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00032
Petri Kettunen, Tomas Gustavsson, M. Laanti, Andreas Tjernsten, T. Mikkonen, T. Männistö
Agile companies are not uniform. Consequently, agile transformations are conceived broadly, ranging from adopting agile methods and practices in software development teams or functions to building all-encompassing enterprise agility. Moreover, the targeted effects of agility may vary, and the success of transformations and the attainment of agility are measured in various ways. In this paper, based on a recent industrial survey study, we scrutinize holistically why companies want to transform, what types of agility they are aiming at, and how they gauge transformations. The survey data was collected during the COVID-19 pandemic in 2020. Most of the respondents were in large or very large companies in Finland and Sweden in diverse industry domains. The main findings indicate that there are many reasons for companies to transform both to improve external outcomes (fore mostly responsiveness) and to develop internal capabilities (adaptability, organizational learning). Companies seemed to have aims and goals with respect to all types of agility, including business agility. As the nature of transformations and the companies’ aims and goals vary, the transformations follow various means and measures. As a conclusion, for the hybrid era, we advise companies to consider how agility has benefited during the pandemic era, how hybrid work possibly affects the goals for agile transformations and the different facets of agility, and how to sustain agility in hybrid work.
{"title":"Agile Enterprise Transformations: Surveying the Many Facets of Agility for the Hybrid Era","authors":"Petri Kettunen, Tomas Gustavsson, M. Laanti, Andreas Tjernsten, T. Mikkonen, T. Männistö","doi":"10.1109/SEAA56994.2022.00032","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00032","url":null,"abstract":"Agile companies are not uniform. Consequently, agile transformations are conceived broadly, ranging from adopting agile methods and practices in software development teams or functions to building all-encompassing enterprise agility. Moreover, the targeted effects of agility may vary, and the success of transformations and the attainment of agility are measured in various ways. In this paper, based on a recent industrial survey study, we scrutinize holistically why companies want to transform, what types of agility they are aiming at, and how they gauge transformations. The survey data was collected during the COVID-19 pandemic in 2020. Most of the respondents were in large or very large companies in Finland and Sweden in diverse industry domains. The main findings indicate that there are many reasons for companies to transform both to improve external outcomes (fore mostly responsiveness) and to develop internal capabilities (adaptability, organizational learning). Companies seemed to have aims and goals with respect to all types of agility, including business agility. As the nature of transformations and the companies’ aims and goals vary, the transformations follow various means and measures. As a conclusion, for the hybrid era, we advise companies to consider how agility has benefited during the pandemic era, how hybrid work possibly affects the goals for agile transformations and the different facets of agility, and how to sustain agility in hybrid work.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132754935","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00021
Gilberto Recupito, Fabiano Pecorelli, Gemma Catolino, Sergio Moreschini, D. D. Nucci, Fabio Palomba, D. Tamburri
DevOps has become increasingly widespread, with companies employing its methods in different fields. In this context, MLOps automates Machine Learning pipelines by applying DevOps practices. Considering the high number of tools available and the high interest of the practitioners to be supported by tools to automate the steps of Machine Learning pipelines, little is known concerning MLOps tools and their functionalities. To this aim, we conducted a Multivocal Literature Review (MLR) to (i) extract tools that allow for and support the creation of MLOps pipelines and (ii) analyze their main characteristics and features to provide a comprehensive overview of their value. Overall, we investigate the functionalities of 13 MLOps Tools. Our results show that most MLOps Tools support the same features but apply different approaches that can bring different advantages, depending on user requirements.
{"title":"A Multivocal Literature Review of MLOps Tools and Features","authors":"Gilberto Recupito, Fabiano Pecorelli, Gemma Catolino, Sergio Moreschini, D. D. Nucci, Fabio Palomba, D. Tamburri","doi":"10.1109/SEAA56994.2022.00021","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00021","url":null,"abstract":"DevOps has become increasingly widespread, with companies employing its methods in different fields. In this context, MLOps automates Machine Learning pipelines by applying DevOps practices. Considering the high number of tools available and the high interest of the practitioners to be supported by tools to automate the steps of Machine Learning pipelines, little is known concerning MLOps tools and their functionalities. To this aim, we conducted a Multivocal Literature Review (MLR) to (i) extract tools that allow for and support the creation of MLOps pipelines and (ii) analyze their main characteristics and features to provide a comprehensive overview of their value. Overall, we investigate the functionalities of 13 MLOps Tools. Our results show that most MLOps Tools support the same features but apply different approaches that can bring different advantages, depending on user requirements.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133655486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-01DOI: 10.1109/SEAA56994.2022.00031
Abdulhamid A. Ardo, J. Bass, T. Gaber
Agile methods are a well-established paradigm in the software development field. Agile adoption has contributed to improving software quality. However, software products are vulnerable to security challenges and susceptible to cyberattacks. This study aims to improve security of software products when using an agile software development process. A multi-methods qualitative research approach was adopted in this study. First, we conducted semi-structured interviews with 23 agile practitioners having varied years of cybersecurity experiences. An approach informed by grounded theory methodology was adopted for data analysis. Second, we developed a novel practice-based agile software development process model derived from the results of the data analysis conducted. Third, we validated the model through a focus group comprising five senior agile cybersecurity professionals to evaluate its relevancy and novelty. The study has identified 26 security practices, organized into the six - software development life-cycle phases: planning, requirements, design, implementation, testing, and deployment. We have mapped the practices onto four swim lanes each representing an agile role. The self-organizing team is exclusively involved in three security practices, the security specialist in nine, penetration tester in one and the DevOps team collaborates on one with the security specialist. There are also seven practices that are collaboratively performed by the self-organizing team and the security specialist. Each of the practices in the model was examined during the validation phase of the study. There are two contributions in this study. First, the paper proposes a novel practice-based model comprising of 26 security practices mapped to agile roles. Second, we propose a new practice, in response to an observed lack of collaborative ceremonies, to disseminate awareness of and hence compliance with security standards.
{"title":"Towards Secure Agile Software Development Process: A Practice-Based Model","authors":"Abdulhamid A. Ardo, J. Bass, T. Gaber","doi":"10.1109/SEAA56994.2022.00031","DOIUrl":"https://doi.org/10.1109/SEAA56994.2022.00031","url":null,"abstract":"Agile methods are a well-established paradigm in the software development field. Agile adoption has contributed to improving software quality. However, software products are vulnerable to security challenges and susceptible to cyberattacks. This study aims to improve security of software products when using an agile software development process. A multi-methods qualitative research approach was adopted in this study. First, we conducted semi-structured interviews with 23 agile practitioners having varied years of cybersecurity experiences. An approach informed by grounded theory methodology was adopted for data analysis. Second, we developed a novel practice-based agile software development process model derived from the results of the data analysis conducted. Third, we validated the model through a focus group comprising five senior agile cybersecurity professionals to evaluate its relevancy and novelty. The study has identified 26 security practices, organized into the six - software development life-cycle phases: planning, requirements, design, implementation, testing, and deployment. We have mapped the practices onto four swim lanes each representing an agile role. The self-organizing team is exclusively involved in three security practices, the security specialist in nine, penetration tester in one and the DevOps team collaborates on one with the security specialist. There are also seven practices that are collaboratively performed by the self-organizing team and the security specialist. Each of the practices in the model was examined during the validation phase of the study. There are two contributions in this study. First, the paper proposes a novel practice-based model comprising of 26 security practices mapped to agile roles. Second, we propose a new practice, in response to an observed lack of collaborative ceremonies, to disseminate awareness of and hence compliance with security standards.","PeriodicalId":269970,"journal":{"name":"2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114694947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: