Journal of Software-Evolution and Process最新文献

Automotive SPICE for Cybersecurity incorporates the Cybersecurity Risk Management process (MAN.7), aligning with the Risk Assessment methods defined in ISO/SAE 21434:2021 (Clause 15). Both standards provide guidance on conducting Threat Analysis and Risk Assessments (TARA). However, they do not specify how to integrate the determination of attack feasibility when multiple TARAs emerge across different development phases. This paper explores how the concept of freedom from interference can facilitate a unified approach to determining attack feasibility in such scenarios.

Effective management of software assets in their whole lifespan is the main goal of software asset management (SAM) and is a contemporary organizational practice. It includes a range of tasks such as purchasing, implementing, and maintaining software inside a company. SAM seeks to minimize the risks and expenses related to software ownership while ensuring that software resources are used as efficiently as possible to support business activities. Recently, a great increase in the use of this technique has occurred, especially in large-scale enterprises where the complexity and diversity of software assets have faced major hurdles. The proposed study presents an overview of the analysis of the recent approaches and hurdles in the area of SAM. Because big software companies have access to a multitude of resources and experience, maximizing the reuse of software assets inside these organizations is a common topic of academic and industrial study. Through the integration of several important attributes from previous research endeavors, the current study seeks to determine the most common attributes for the research. The study aims to contribute to the area by integrating the Analytical Hierarchy Process (AHP) along with the Weighted Aggregated Sum Product Assessment (WASPAS) approaches to give a rigorous and systematic way to analyze and rate the prominent qualities for selection of the most appropriate choice among the available alternatives.

Modern software development faces a critical bottleneck in manually prioritizing the overwhelming volume of issues generated in platforms like Jira and GitHub. This labor-intensive process leads to delays, increased costs, inconsistent handling, and developer burnout, worsened by the lack of standardized priority labels. This paper investigates the potential of automated issue priority classification using state-of-the-art Transformer models to alleviate this burden. We evaluate the performance of models like BERT, DeBERTa, and ModernBERT, comparing them against general large language models (LLMs) such as GPT-3.5, Qwen2.5-3B and Llama-3.2-3B, using curated datasets derived from public Jira and GitHub repositories. Our research addresses the effectiveness of these models for their generalization capabilities on out-of-distribution projects, the impact of fine-tuning, and performs a detailed performance comparison across different priority levels and model types. Results demonstrate that Transformer models, particularly ModernBERT, achieve high classification performance (e.g., accuracy > 81%), significantly outperforming the evaluated general LLMs (accuracy $��\approx �$ 75%) for this specific task. We find that binary classification is more effective than multilabel approaches, models generalize well to unseen projects, and performance is further enhanced by fine-tuning. Key contributions include the provision of cleaned, labeled datasets and a comprehensive evaluation confirming the viability and benefits of using specialized Transformer models for automated issue priority suggestion, offering a path to improved efficiency and resource allocation in software development workflows.

Software development is a multifaceted endeavor, requiring a profound grasp of both social dynamics and technical intricacies. Poor collaboration often leads to the accumulation of social debt, manifesting as unforeseen project costs due to sub-optimal team interactions. Community smells have emerged as indicators of these socio-technical inefficiencies and potential social debt. While previous research has focused on automated detection of community smells through analyzing developer communication patterns, our study offers a complementary approach. We emphasize the critical role of project managers in assessing socio-technical dynamics and propose a novel, tool-supported catalog of symptoms. This catalog can be used for manual inspections to identify early signs of community smells at the individual level, allowing managers to address issues before they escalate. Using a mixed-method design that leveraged an existing literature review and a user survey, we cataloged symptoms related to four community smell types. Additionally, we developed TOAST, a tool that operationalizes this catalog, and assessed its usability and practical usefulness through an experiment involving project managers. The study showed that even participants unfamiliar with the term “community smells” were able to interpret the tool's output, reflect on team dynamics, and recognize problematic behavioral patterns when supported by structured symptom-based information. The paper concludes by shedding light on the potential impact of our work and its contribution to advancing the detection and analysis of community smells.

Microservice bad smells, arising from poor design and development practices, can severely degrade system quality if unaddressed. While rule-based detection methods exist, their applicability is limited by subjective metric thresholds and the difficulty in defining certain bad smells, particularly complex microservice bad smells that are challenging to express through rules or involve high subjectivity. These smells often involve multiple services or manifest across multiple layers within a service, making them particularly challenging to detect using traditional methods. Without efficient and accurate detection mechanisms, the self-healing capabilities of microservices during operation and continuous evolution will also be compromised. Given the promise of machine learning in code smell detection, this study empirically evaluates its performance in detecting complex microservice bad smells. We employ two sampling techniques and eight classification models on 1180 samples from 55 systems, generating 45 detection models and identifying top classifiers for seven complex microservice bad smell types. We compare machine learning with rule-based methods for high-subjectivity smells, analyze performance gaps, and propose a MAPE-K-based conceptual framework for runtime detection and refactoring. Finally, we discuss the necessity for future research.

Requirements prioritization provides a structured way to rank and sequence requirements, which is particularly important in large-scale ERP systems where development tasks are distributed among multiple teams. Prerequisite requirements often depend on one another and must be implemented in a specific order. Improper handling of these dependencies can delay project timelines, yet limited research addresses this challenge. This study aims to develop a systematic approach to prioritize requirements in order to minimize dependencies and improve the timely completion of the project. The Analytical Hierarchical Process (AHP) combined with spanning tree methodology was applied to analyze requirement dependencies. In addition, the NA technique was used to classify prioritized requirements into distinct categories. ODOO ERP requirements served as the case study for evaluation. The proposed methodology produced a prioritized list of requirements grouped into categories, which significantly reduced inter-dependencies and improved the organization of requirements. Minimizing requirement dependencies through structured prioritization enhances the reliability and timely completion of software development projects. In the ODOO ERP case study, the suggested approach reduced 90% of dependencies. Priority grouping showed that the top 25 requirements eliminated 90% of dependencies, while the top 20 and 15 removed 82% and 67% respectively. This reduction lowered the projected project delay rate from about 25% to under 5%, confirming the approach's practical effectiveness and scalability for large ERP projects.

Users of software applications use issue tracking systems (ITSs) to file enhancement reports, which leads to a large quantity of user requests. These reports play a pivotal role in shaping software requirements and continuous product improvement. However, the manual evaluation of these reports by developers and maintainers can be a time-consuming and labor-intensive process due to the constant influx of enhancement requests. Timely handling and implementation of these enhancement reports are crucial for enhancing user satisfaction and product competitiveness. In response to this challenge, research has concentrated on automated methods to predict which enhancement reports are likely to gain approval, aiming to maximize the value extracted from user feedback. Nevertheless, existing approaches still fall short in delivering practical results. In this paper, we introduce a novel creator profile-based approach designed to uncover the dependency between creators' identity and the value of enhancement reports, ultimately enhancing prediction accuracy. Firstly, we present the concept of a “creator profile” and outline a comprehensive methodology for generating creator profiles from the dataset. We then demonstrate how creator profiles can be effectively applied to the task of predicting the approval of enhancement reports. Subsequently, we assess the performance of our approach using a dataset of 40,551 enhancement reports collected from ITSs. The experimental results indicate a substantial improvement over the existing state of the art, particularly in predicting approved reports. For cross-application prediction, the accuracy reaches 80.7%, while for non–cross-application prediction, the overall accuracy is 83.6%. In essence, with the proposed approach, over 80% of user requests can be automatically identified for exacting valuable user requirements, which significantly reduces labor costs. The replication package is available at https://github.com/feifeiniu-se/approval_prediction.

Enterprise Information System (EIS) streamlines business processes and enhances productivity by integrating various functions. However, conventional development methods are labor-intensive, time-consuming, and error-prone, often necessitating a design model from requirements for implementation. Existing solutions focus on auto-generating code from Object-Oriented (OO) design models, but specifying the design model from a validated requirements model requires more effort due to information gaps between requirements and design. This paper introduces RM2EIS, an approach that automatically generates EIS from contract-based requirements models, which include use case diagrams, conceptual class diagrams, and use case definitions specified by system sequence diagrams and contracts. System operation contracts are formally specified using pre- and post-conditions written in OCL. We conducted nine case studies to evaluate RM2EIS. The results indicate that the time of the generation including modeling and validation by RM2EIS is at least twice as fast as the design and implementation of developers. Moreover, the generated EIS outperforms the developer-implemented systems in functionality and is close to the non-functional aspects like performance.