Journal of Software-Evolution and Process最新文献

Platform owners like SAP, Eclipse Foundation, and Microsoft have developed partnership models to expand their software ecosystems. These models govern the cluster of complementors, enabling the attraction and maintenance of partners and consumers. Companies aiming to define new partnership models when moving from a software product approach to an ecosystem face challenges that may limit their growth. When establishing an emerging ecosystem, platform providers (i.e., keystones) must perform several activities, such as attracting and retaining partners, defining rules of participation, managing risks, and maintaining the quality of the platform. This paper proposes three strategic patterns to assist companies in structuring their partnership models. The patterns provide actionable guidance to companies establishing new ecosystems. We adopted the Design Science Research (DSR) method to conduct the study. Following the DSR cycle, the strategic patterns were defined using a Multivocal Literature Review. The strategies described in the proposed patterns were validated by the industry professionals with experience in emerging software ecosystems. The proposed patterns help keystone companies adopt suitable strategies to address the following challenges: selecting partners, attracting and retaining consumers, technically structuring the platform while maintaining the robustness of the ecosystem, managing risks and conflicts, and assisting complementors in developing, selling, and distributing solutions in the ecosystem.

Cyber security is an ongoing and critical concern due to persistent threats posed by threat actors, such as hackers and crackers. With the development of information and communication technologies (ICT), the widespread usage of software systems has transformed modern society in many ways but also created new issues in protecting confidential and sensitive information. The quantification of security measures can provide evidence to support decision-making in software security, particularly when assessing the security performance of software systems. This entails understanding the key quality criteria of security metrics, which can assist in constructing security models aligned with practical requirements. To delve deeper into this subject, the current study conducted a systematic literature review (SLR) on security metrics and measures within the realm of secure software development (SSD). The study selected 61 research publications for data extraction based on the specific inclusion and exclusion criteria. The study identified 215 software security metrics and classified them into different phases of software development life cycle (SDLC). In order to evaluate the most cited metrics in each phase of SDLC, the strengths, weaknesses, opportunities, and threats (SWOT) analysis was performed. The SWOT analysis offers a structured framework enabling researchers to make more effective, well-informed decisions and mitigate potential risks, ultimately contributing to more valuable research findings. The study's findings provide researchers guidance for exploring emerging trends and addressing existing gaps in SDLC. This study also provides software professionals with a more comprehensive understanding of security measurements, constraints, and open-ended specific and general issues.

Open-source software is evolved through the active participation of users. In general, a user request for bug fixing, the addition of new features, and feature enhancements. Due to this, the software repositories are increasing day by day at an enormous rate. Additionally, user distinct requests add uncertainty and irregularity to the reported bug data. The performance of machine learning algorithms drastically gets influenced by the inappropriate handling of uncertainty and irregularity in the bug data. Researchers have used machine learning techniques for assigning priority to the bug without considering the uncertainty and irregularity in reported bug data. In order to capture the uncertainty and irregularity in the reported bug data, the summary entropy–based measure in combination with the severity and summary weight is considered in this study to predict the priority of bugs in the open-source projects. Accordingly, the classifiers are build using these measures for different machine learning techniques, namely, k-nearest neighbor (KNN), naïve Bayes (NB), J48, random forest (RF), condensed nearest neighbor (CNN), multinomial logistic regression (MLR), decision tree (DT), deep learning (DL), and neural network (NNet) for bug priority prediction This research aims to systematically analyze the summary entropy–based machine learning classifiers from three aspects: type of machine learning technique considered, estimation of various performance measures: Accuracy, Precision, Recall, and F-measure and through existing model comparison. The experimental analysis is carried out using three open-source projects, namely, Eclipse, Mozilla, and OpenOffice. Out of 145 cases (29 products X 5 priority levels), the J48, RF, DT, CNN, NNet, DL, MLR, and KNN techniques give the maximum F-measure for 46, 35, 28, 11, 15, 4, 3, and 1 cases, respectively. The result shows that the proposed summary entropy–based approach using different machine learning techniques performs better than without entropy-based approach and also entropy-based approach improves the Accuracy and F-measure as compared with the existing approaches. It can be concluded that the classifier build using summary entropy measure significantly improves the machine learning algorithms' performance with appropriate handling of uncertainty and irregularity. Moreover, the proposed summary entropy–based classifiers outperform the existing models available in the literature for predicting bug priority.

Developers utilize issue tracking systems to track ideas, feedback, tasks, and bugs for projects in the open-source software ecosystem of GitHub. In this context, extensive bug reports and feature requests are raised as issues that need to be resolved. This makes issue resolution prediction become more and more important in project management. To address this problem, this paper constructed a multiple feature set from the perspectives of project, issue, and developer, by combining static and dynamic features of issues. Then, we refine a feature set based on the feature's importance. Furthermore, we proposed a method to explore what features and how these features affect the prediction of issue resolution time. Experiments are conducted on a dataset of 46,735 resolved issues from 18 popular GitHub projects to validate the effectiveness of the refined feature set. The results show that our prediction method outperforms the baseline methods.

With organizations seeking faster, cheaper, and smarter ways of delivering higher quality software, many are looking towards generative artificial intelligence (AI) to drive efficiencies and innovation throughout the software development lifecycle. However, generative AI can suffer from several fundamental issues, including a lack of traceability in concept generation and decision-making, the potential for making incorrect inferences (hallucinations), shortcomings in response quality, and bias. Quality engineering (QE) has long been utilized to enable more efficient and effective delivery of higher quality software. A core aspect of QE is adopting quality models to support various lifecycle practices, including requirements definition, quality risk assessments, and testing. In this position paper, we introduce the application of QE to AI systems, consider shortcomings in existing AI quality models from the International Organization for Standardization (ISO), and propose extensions to ISO models based on the results of a survey. We also reflect on skills that IT graduates may need in the future, to support delivery of better-quality AI.