Journal of Software-Evolution and Process最新文献

In the cloud era, cloud application programming interface (API), as the best carrier for service delivery, capability replication, and data output, has become the core element of service-oriented software development. The existing cloud API recommendation methods adhere to a common paradigm: leveraging perceived quality of service and keyword matching to generate high-quality, single-function results, while overlooking the objective needs for function-guided complementary cloud APIs in service-oriented software development. Function-guided complementary cloud API recommendation aims to generate cloud APIs that are frequently co-invoked in conjunction with those API having given function, thereby satisfying the joint interests of developers. To this end, we proposed a function-guided extended latent Dirichlet allocation (ELDA) model for complementary cloud API recommendation. Specifically, we first conduct an analysis of real-world data from the cloud API ecosystems to illustrate both the necessity for complementary cloud API recommendations and the objective existence of a head effect within these APIs. Then we conceptualize the complementary relationship between a function and cloud APIs by treating the function as a document, with the corresponding cloud APIs represented as words within that document. Furthermore, we extend the classic latent Dirichlet allocation model by introducing two additional factors: (1) cloud API popularity and (2) functional sensitivity. These factors are designed to capture head effects within complementary cloud APIs. Additionally, we train both a positive and a negative ELDA model using the respective positive and negative corpus sets obtained. Furthermore, complementary cloud APIs relevant to the targeted function are generated by integrating the results from both the positive and negative ELDA models. Finally, experiments were conducted on two real-world cloud API datasets. The results demonstrate that the performance of ELDA surpasses that of the comparative methods. Sensitivity analysis of hyperparameters and case study findings further validate the effectiveness and practicality of ELDA.

Cybersecurity risks are increasing in frequency and complexity, but many organizations struggle to plan and implement adequate protections at all stages of the software development life cycle (SDLC). Security is frequently added at the end of development (afterthought), and making effective use of safeguard space is difficult for IT leaders. The purpose of this study is to produce an all-encompassing framework to adopt and ensure security throughout each phase of the SDLC, from planning through maintenance. The aim is to minimize vulnerabilities and improve the resilience of software by making “security by design” a structure that not only adopts security elegantly as a living document but also is built to be part of the development process. This study adopted a mixed-methods approach. The initial stage of inquiry involved a systematic literature review (SLR) to identify common cybersecurity issues associated with each SDLC phase. The SLR was followed by an empirical survey of 71 software professionals from a variety of organizations. The survey was designed to gather perceived threats, current practices, and challenges associated with software development for survey participants' organizations. The data collected were analyzed and reviewed statistically, through chi-square tests and ANOVA, to profile the variance relative to the size of the organization, geographic region, and experience level of the practitioner. The results noted several high-risk challenges across the SDLC: underfunded security controls, imprecise requirements, insecure architecture, software bugs (i.e., injection vulnerabilities), inadequate testing, misconfigured production environments, and unreliable maintenance. The proposed framework provides cybersecurity mitigation techniques for each stage of the SDLC, such as leveraging security-oriented design patterns, secure coding policies (i.e., input validation and authentication protocols), robust testing (i.e., penetration testing and code review), and continuous monitoring after deployment. The implementation of these measures leads to a significant risk reduction in the overall organizational security posture. The framework is a formalized end-to-end approach to secure software development by embedding security throughout the cycle. Embedding security as a part of the process versus an afterthought at every stage of the cycle creates a risk reduction impact. This integrated approach also provides organizations with the opportunity to foresee and mitigate events earlier in the cycle, along with general compliance mandates (i.e., GDPR, HIPAA, and PCI-DSS), to provide more resilient, trustworthy software systems.

In software-based small- and medium-sized enterprises (SMEs), enhancing individual performance (IP) of employees, particularly software engineers, is essential for organizational growth. Rather than relying on general strategies, firms increasingly focus on specific personal and professional factors influencing productivity. Trait emotional intelligence (Trait EI), including key dimensions like motivation, stress tolerance, and optimism, has emerged as a significant predictor of IP. In parallel, digital competence (DComp) has become indispensable due to the rapid evolution of technological systems. Employees with higher digital skills are better equipped to manage digital tools and adapt to innovations, leading to improved efficiency. Additionally, social support (SS) within organizations from supervisors, peers, and team members has been shown to enhance job satisfaction, engagement, and overall output. Despite growing interest, current literature lacks empirical frameworks that integrate these constructs in the SME software sector. This study proposes and validates a conceptual model to investigate the influence of Trait EI on software engineers' IP, with DC and SS serving as mediating factors. The findings offer practical implications for developing emotional and DC within tech-driven SMEs to foster performance and growth.

Autonomous vehicles play a crucial role in alleviating traffic congestion and eliminating traffic accidents. To ensure the safety and reliability of autonomous driving systems, comprehensive testing must be conducted before their deployment on public roads. Currently, testing methods primarily focus on simple scenarios involving safety violations, generating test cases based on traffic accident and traffic regulation violation scenarios. However, under complex traffic environments and driving conditions, the automatic generation of traffic regulation violation test cases to identify regulatory violations by autonomous vehicles remains insufficiently explored. In response, we propose a method for testing violations by autonomous vehicles—PathCovAVTest—which generates violation scenarios through traffic regulation scenario models to evaluate both safety violations and traffic regulation violations of the autonomous driving system. First, we design a fitness function for a genetic algorithm based on a Petri net–based traffic regulation scenario model. This function considers the safety of collisions between autonomous vehicles and other traffic participants, as well as the similarity between vehicle trajectory paths and path state sequences. The evolutionary process then produces test cases that represent traffic regulations, aimed at uncovering violations by autonomous vehicles. Simulation experiments conducted on Baidu Apollo, an industrial-grade platform, demonstrate that PathCovAVTest can effectively identify 16 types of violations committed by autonomous vehicles. Furthermore, compared with baseline methods, PathCovAVTest detects more traffic regulation violations by autonomous driving systems and improves the efficiency of generating unique violation scenarios.

Human factors significantly influence software engineering (SE), where assigning unsuitable personnel to tasks is a leading cause of project failures. This challenge worsens under time pressure (TP), resulting in decreased performance and delays. Past studies have primarily focused on technical aspects, often neglecting the humanistic side, such as personality types and gender differences, in coping with TP. This study investigates the impact of personality types, gender, knowledge, and task complexity on developers' performance under TP and proposes the i-SYNERGY model. The research provides actionable insights for project planning under time-constrained conditions. Empirical data were collected through controlled experiments with SE students and generalized using industrial case studies. Myers–Briggs type indicator (MBTI) measured personality types, while the NASA task load index (TLX) assessed TP levels. Logistic regression outperformed four other models (artificial neural network [ANN], support vector machine [SVM], decision tree, and K-nearest neighbor [KNN]) with the highest prediction accuracy and was used to develop the model. Gender-specific results revealed ESTJ and ENTJ as effective under TP for males and ISFJ and ISFP for females. The i-SYNERGY model demonstrates that TP significantly reduces developer performance, but personality type, gender, knowledge and task complexity shape resilience. These results highlight the importance of aligning task assignments with individual traits to optimize performance. The proposed i-SYNERGY model offers a validated, structured framework to enhance decision-making and improve project outcomes in time-constrained environments.