Journal of Software-Evolution and Process最新文献

Cybersecurity is a critical component of digital transformation, as the two must be integrated to enable business modernization and the adoption of innovative technologies while ensuring system security. Modern technologies introduce increasingly complex threats as more data is stored, transmitted, and processed across systems. Threats include the violation or misuse of data, such as data corruption, data theft, or a privacy violation. Determining if an organization applies the best practices requires measurements using maturity models. Several maturity models with different goals and qualities have been developed. However, no cybersecurity maturity model is related to digitally enabled or transforming organizations. The objective of this study is to develop a model that measures cybersecurity maturity for digitally transformed organizations. The model aims to provide a customizable assessment method for organizations of different sizes and domains. Two multivocal literature reviews (MLRs) were conducted to identify the available maturity models and best practices from formal and grey literature. After analyzing 165 studies, seven cybersecurity categories, as the capability areas, and 22 practice areas, were identified. Moreover, an assessment tool that supports self-assessment was developed. Finally, the model was evaluated through five case studies and expert judgments. As a result, a cybersecurity maturity model for digitally transformed organizations is developed, along with its assessment methodology and automation tool. The model evaluation showed promising results in terms of the ability to identify the maturity level.

Although JavaScript dominates modern software development, research on its quality attributes remains scarce, despite the fundamental differences that distinguish it from other languages. This motivates dedicated research related to JavaScript quality attributes and metrics. This paper aims to identify (a) the quality attributes of the JavaScript language that are mainly studied and (b) the quality metrics that are used to quantify them. Additionally, the paper provides information on the tools that can be used to measure quality metrics. To achieve these goals, we have conducted a mapping study on seven journals and eight conferences of high quality. A total of 142 primary studies, published between 2002 and February 2025, have been selected and analyzed, to identify and classify software metrics to high-level quality attributes, as described in ISO/IEC 25010:2011. Maintainability, Security, Reliability, and Usability quality attributes are the most studied ones. Furthermore, 78 generic and 48 JavaScript-specific metrics were identified. A wide dispersion of metrics has been identified for assessing each quality attribute, based on different development tasks. Moreover, a variety of tools and benchmarks were identified. A clear research trend in JavaScript quality assessment related to issues that involve software reuse, code testing, and dynamic code analysis has been identified. Yet differences among primary studies in quality assessment and quantification, along with tool adoption indicate the need for further exploration of these recurring topics.

Automotive SPICE for Cybersecurity incorporates the Cybersecurity Risk Management process (MAN.7), aligning with the Risk Assessment methods defined in ISO/SAE 21434:2021 (Clause 15). Both standards provide guidance on conducting Threat Analysis and Risk Assessments (TARA). However, they do not specify how to integrate the determination of attack feasibility when multiple TARAs emerge across different development phases. This paper explores how the concept of freedom from interference can facilitate a unified approach to determining attack feasibility in such scenarios.

Effective management of software assets in their whole lifespan is the main goal of software asset management (SAM) and is a contemporary organizational practice. It includes a range of tasks such as purchasing, implementing, and maintaining software inside a company. SAM seeks to minimize the risks and expenses related to software ownership while ensuring that software resources are used as efficiently as possible to support business activities. Recently, a great increase in the use of this technique has occurred, especially in large-scale enterprises where the complexity and diversity of software assets have faced major hurdles. The proposed study presents an overview of the analysis of the recent approaches and hurdles in the area of SAM. Because big software companies have access to a multitude of resources and experience, maximizing the reuse of software assets inside these organizations is a common topic of academic and industrial study. Through the integration of several important attributes from previous research endeavors, the current study seeks to determine the most common attributes for the research. The study aims to contribute to the area by integrating the Analytical Hierarchy Process (AHP) along with the Weighted Aggregated Sum Product Assessment (WASPAS) approaches to give a rigorous and systematic way to analyze and rate the prominent qualities for selection of the most appropriate choice among the available alternatives.

Modern software development faces a critical bottleneck in manually prioritizing the overwhelming volume of issues generated in platforms like Jira and GitHub. This labor-intensive process leads to delays, increased costs, inconsistent handling, and developer burnout, worsened by the lack of standardized priority labels. This paper investigates the potential of automated issue priority classification using state-of-the-art Transformer models to alleviate this burden. We evaluate the performance of models like BERT, DeBERTa, and ModernBERT, comparing them against general large language models (LLMs) such as GPT-3.5, Qwen2.5-3B and Llama-3.2-3B, using curated datasets derived from public Jira and GitHub repositories. Our research addresses the effectiveness of these models for their generalization capabilities on out-of-distribution projects, the impact of fine-tuning, and performs a detailed performance comparison across different priority levels and model types. Results demonstrate that Transformer models, particularly ModernBERT, achieve high classification performance (e.g., accuracy > 81%), significantly outperforming the evaluated general LLMs (accuracy $��\approx �$ 75%) for this specific task. We find that binary classification is more effective than multilabel approaches, models generalize well to unseen projects, and performance is further enhanced by fine-tuning. Key contributions include the provision of cleaned, labeled datasets and a comprehensive evaluation confirming the viability and benefits of using specialized Transformer models for automated issue priority suggestion, offering a path to improved efficiency and resource allocation in software development workflows.

Software development is a multifaceted endeavor, requiring a profound grasp of both social dynamics and technical intricacies. Poor collaboration often leads to the accumulation of social debt, manifesting as unforeseen project costs due to sub-optimal team interactions. Community smells have emerged as indicators of these socio-technical inefficiencies and potential social debt. While previous research has focused on automated detection of community smells through analyzing developer communication patterns, our study offers a complementary approach. We emphasize the critical role of project managers in assessing socio-technical dynamics and propose a novel, tool-supported catalog of symptoms. This catalog can be used for manual inspections to identify early signs of community smells at the individual level, allowing managers to address issues before they escalate. Using a mixed-method design that leveraged an existing literature review and a user survey, we cataloged symptoms related to four community smell types. Additionally, we developed TOAST, a tool that operationalizes this catalog, and assessed its usability and practical usefulness through an experiment involving project managers. The study showed that even participants unfamiliar with the term “community smells” were able to interpret the tool's output, reflect on team dynamics, and recognize problematic behavioral patterns when supported by structured symptom-based information. The paper concludes by shedding light on the potential impact of our work and its contribution to advancing the detection and analysis of community smells.

Microservice bad smells, arising from poor design and development practices, can severely degrade system quality if unaddressed. While rule-based detection methods exist, their applicability is limited by subjective metric thresholds and the difficulty in defining certain bad smells, particularly complex microservice bad smells that are challenging to express through rules or involve high subjectivity. These smells often involve multiple services or manifest across multiple layers within a service, making them particularly challenging to detect using traditional methods. Without efficient and accurate detection mechanisms, the self-healing capabilities of microservices during operation and continuous evolution will also be compromised. Given the promise of machine learning in code smell detection, this study empirically evaluates its performance in detecting complex microservice bad smells. We employ two sampling techniques and eight classification models on 1180 samples from 55 systems, generating 45 detection models and identifying top classifiers for seven complex microservice bad smell types. We compare machine learning with rule-based methods for high-subjectivity smells, analyze performance gaps, and propose a MAPE-K-based conceptual framework for runtime detection and refactoring. Finally, we discuss the necessity for future research.

Requirements prioritization provides a structured way to rank and sequence requirements, which is particularly important in large-scale ERP systems where development tasks are distributed among multiple teams. Prerequisite requirements often depend on one another and must be implemented in a specific order. Improper handling of these dependencies can delay project timelines, yet limited research addresses this challenge. This study aims to develop a systematic approach to prioritize requirements in order to minimize dependencies and improve the timely completion of the project. The Analytical Hierarchical Process (AHP) combined with spanning tree methodology was applied to analyze requirement dependencies. In addition, the NA technique was used to classify prioritized requirements into distinct categories. ODOO ERP requirements served as the case study for evaluation. The proposed methodology produced a prioritized list of requirements grouped into categories, which significantly reduced inter-dependencies and improved the organization of requirements. Minimizing requirement dependencies through structured prioritization enhances the reliability and timely completion of software development projects. In the ODOO ERP case study, the suggested approach reduced 90% of dependencies. Priority grouping showed that the top 25 requirements eliminated 90% of dependencies, while the top 20 and 15 removed 82% and 67% respectively. This reduction lowered the projected project delay rate from about 25% to under 5%, confirming the approach's practical effectiveness and scalability for large ERP projects.