Journal of Software-Evolution and Process最新文献

Autonomous vehicles play a crucial role in alleviating traffic congestion and eliminating traffic accidents. To ensure the safety and reliability of autonomous driving systems, comprehensive testing must be conducted before their deployment on public roads. Currently, testing methods primarily focus on simple scenarios involving safety violations, generating test cases based on traffic accident and traffic regulation violation scenarios. However, under complex traffic environments and driving conditions, the automatic generation of traffic regulation violation test cases to identify regulatory violations by autonomous vehicles remains insufficiently explored. In response, we propose a method for testing violations by autonomous vehicles—PathCovAVTest—which generates violation scenarios through traffic regulation scenario models to evaluate both safety violations and traffic regulation violations of the autonomous driving system. First, we design a fitness function for a genetic algorithm based on a Petri net–based traffic regulation scenario model. This function considers the safety of collisions between autonomous vehicles and other traffic participants, as well as the similarity between vehicle trajectory paths and path state sequences. The evolutionary process then produces test cases that represent traffic regulations, aimed at uncovering violations by autonomous vehicles. Simulation experiments conducted on Baidu Apollo, an industrial-grade platform, demonstrate that PathCovAVTest can effectively identify 16 types of violations committed by autonomous vehicles. Furthermore, compared with baseline methods, PathCovAVTest detects more traffic regulation violations by autonomous driving systems and improves the efficiency of generating unique violation scenarios.

Human factors significantly influence software engineering (SE), where assigning unsuitable personnel to tasks is a leading cause of project failures. This challenge worsens under time pressure (TP), resulting in decreased performance and delays. Past studies have primarily focused on technical aspects, often neglecting the humanistic side, such as personality types and gender differences, in coping with TP. This study investigates the impact of personality types, gender, knowledge, and task complexity on developers' performance under TP and proposes the i-SYNERGY model. The research provides actionable insights for project planning under time-constrained conditions. Empirical data were collected through controlled experiments with SE students and generalized using industrial case studies. Myers–Briggs type indicator (MBTI) measured personality types, while the NASA task load index (TLX) assessed TP levels. Logistic regression outperformed four other models (artificial neural network [ANN], support vector machine [SVM], decision tree, and K-nearest neighbor [KNN]) with the highest prediction accuracy and was used to develop the model. Gender-specific results revealed ESTJ and ENTJ as effective under TP for males and ISFJ and ISFP for females. The i-SYNERGY model demonstrates that TP significantly reduces developer performance, but personality type, gender, knowledge and task complexity shape resilience. These results highlight the importance of aligning task assignments with individual traits to optimize performance. The proposed i-SYNERGY model offers a validated, structured framework to enhance decision-making and improve project outcomes in time-constrained environments.

Cybersecurity is a critical component of digital transformation, as the two must be integrated to enable business modernization and the adoption of innovative technologies while ensuring system security. Modern technologies introduce increasingly complex threats as more data is stored, transmitted, and processed across systems. Threats include the violation or misuse of data, such as data corruption, data theft, or a privacy violation. Determining if an organization applies the best practices requires measurements using maturity models. Several maturity models with different goals and qualities have been developed. However, no cybersecurity maturity model is related to digitally enabled or transforming organizations. The objective of this study is to develop a model that measures cybersecurity maturity for digitally transformed organizations. The model aims to provide a customizable assessment method for organizations of different sizes and domains. Two multivocal literature reviews (MLRs) were conducted to identify the available maturity models and best practices from formal and grey literature. After analyzing 165 studies, seven cybersecurity categories, as the capability areas, and 22 practice areas, were identified. Moreover, an assessment tool that supports self-assessment was developed. Finally, the model was evaluated through five case studies and expert judgments. As a result, a cybersecurity maturity model for digitally transformed organizations is developed, along with its assessment methodology and automation tool. The model evaluation showed promising results in terms of the ability to identify the maturity level.

Although JavaScript dominates modern software development, research on its quality attributes remains scarce, despite the fundamental differences that distinguish it from other languages. This motivates dedicated research related to JavaScript quality attributes and metrics. This paper aims to identify (a) the quality attributes of the JavaScript language that are mainly studied and (b) the quality metrics that are used to quantify them. Additionally, the paper provides information on the tools that can be used to measure quality metrics. To achieve these goals, we have conducted a mapping study on seven journals and eight conferences of high quality. A total of 142 primary studies, published between 2002 and February 2025, have been selected and analyzed, to identify and classify software metrics to high-level quality attributes, as described in ISO/IEC 25010:2011. Maintainability, Security, Reliability, and Usability quality attributes are the most studied ones. Furthermore, 78 generic and 48 JavaScript-specific metrics were identified. A wide dispersion of metrics has been identified for assessing each quality attribute, based on different development tasks. Moreover, a variety of tools and benchmarks were identified. A clear research trend in JavaScript quality assessment related to issues that involve software reuse, code testing, and dynamic code analysis has been identified. Yet differences among primary studies in quality assessment and quantification, along with tool adoption indicate the need for further exploration of these recurring topics.

Automotive SPICE for Cybersecurity incorporates the Cybersecurity Risk Management process (MAN.7), aligning with the Risk Assessment methods defined in ISO/SAE 21434:2021 (Clause 15). Both standards provide guidance on conducting Threat Analysis and Risk Assessments (TARA). However, they do not specify how to integrate the determination of attack feasibility when multiple TARAs emerge across different development phases. This paper explores how the concept of freedom from interference can facilitate a unified approach to determining attack feasibility in such scenarios.

Effective management of software assets in their whole lifespan is the main goal of software asset management (SAM) and is a contemporary organizational practice. It includes a range of tasks such as purchasing, implementing, and maintaining software inside a company. SAM seeks to minimize the risks and expenses related to software ownership while ensuring that software resources are used as efficiently as possible to support business activities. Recently, a great increase in the use of this technique has occurred, especially in large-scale enterprises where the complexity and diversity of software assets have faced major hurdles. The proposed study presents an overview of the analysis of the recent approaches and hurdles in the area of SAM. Because big software companies have access to a multitude of resources and experience, maximizing the reuse of software assets inside these organizations is a common topic of academic and industrial study. Through the integration of several important attributes from previous research endeavors, the current study seeks to determine the most common attributes for the research. The study aims to contribute to the area by integrating the Analytical Hierarchy Process (AHP) along with the Weighted Aggregated Sum Product Assessment (WASPAS) approaches to give a rigorous and systematic way to analyze and rate the prominent qualities for selection of the most appropriate choice among the available alternatives.

Modern software development faces a critical bottleneck in manually prioritizing the overwhelming volume of issues generated in platforms like Jira and GitHub. This labor-intensive process leads to delays, increased costs, inconsistent handling, and developer burnout, worsened by the lack of standardized priority labels. This paper investigates the potential of automated issue priority classification using state-of-the-art Transformer models to alleviate this burden. We evaluate the performance of models like BERT, DeBERTa, and ModernBERT, comparing them against general large language models (LLMs) such as GPT-3.5, Qwen2.5-3B and Llama-3.2-3B, using curated datasets derived from public Jira and GitHub repositories. Our research addresses the effectiveness of these models for their generalization capabilities on out-of-distribution projects, the impact of fine-tuning, and performs a detailed performance comparison across different priority levels and model types. Results demonstrate that Transformer models, particularly ModernBERT, achieve high classification performance (e.g., accuracy > 81%), significantly outperforming the evaluated general LLMs (accuracy $��\approx �$ 75%) for this specific task. We find that binary classification is more effective than multilabel approaches, models generalize well to unseen projects, and performance is further enhanced by fine-tuning. Key contributions include the provision of cleaned, labeled datasets and a comprehensive evaluation confirming the viability and benefits of using specialized Transformer models for automated issue priority suggestion, offering a path to improved efficiency and resource allocation in software development workflows.

Software development is a multifaceted endeavor, requiring a profound grasp of both social dynamics and technical intricacies. Poor collaboration often leads to the accumulation of social debt, manifesting as unforeseen project costs due to sub-optimal team interactions. Community smells have emerged as indicators of these socio-technical inefficiencies and potential social debt. While previous research has focused on automated detection of community smells through analyzing developer communication patterns, our study offers a complementary approach. We emphasize the critical role of project managers in assessing socio-technical dynamics and propose a novel, tool-supported catalog of symptoms. This catalog can be used for manual inspections to identify early signs of community smells at the individual level, allowing managers to address issues before they escalate. Using a mixed-method design that leveraged an existing literature review and a user survey, we cataloged symptoms related to four community smell types. Additionally, we developed TOAST, a tool that operationalizes this catalog, and assessed its usability and practical usefulness through an experiment involving project managers. The study showed that even participants unfamiliar with the term “community smells” were able to interpret the tool's output, reflect on team dynamics, and recognize problematic behavioral patterns when supported by structured symptom-based information. The paper concludes by shedding light on the potential impact of our work and its contribution to advancing the detection and analysis of community smells.