Journal of Software-Evolution and Process最新文献

Software architecture plays a fundamental role in overcoming the challenges of the development process of large-scale and complex software systems. The software architecture of a system is the result of an extensive process in which several stakeholders negotiate issues and solutions, and as a result of this negotiation, a series of architectural decisions are made. This survey study aims to determine the experiences of the software industry experts with respect to architectural decision-making, the factors that are effective in decision-making, and the technical and social problems they encounter. An online questionnaire-based survey was conducted with 101 practitioners. The responses were analyzed qualitatively and quantitatively. Analysis of responses revealed that the majority of the participants prefer to document some or all of the architectural decisions taken and to store these documents in web-based collaboration software. Decisions are usually made by teams of two or three, and discussion-based approaches (brainstorming and consensus) are adopted. In the software architecture decision-making process, “major business impact” is the most challenging situation. Information sharing and keeping track of decisions and decision rationale are areas in need of improvement as identified by most participants. From the participants' feedback and their answers to open-ended questions, we concluded that the software architecture decision-making process has an important role in the industry. Our key findings are that decisions made in the architectural decision-making process are taken by teams and generally all decisions are documented. In projects where decisions are made by a single person, peer pressure is found to be significantly different from pressure in projects where decisions are made by the group. This is an indication that as the number of people in the decision-making process increases, the disagreements also increase.

Whenever an emergency occurs, such as a change in the system operating environment that prevents regular functioning, one possibility to restore the system to normal operation is to perform immediately the emergency repair process (ERP). This paper introduces the feature-based emergency repair process (FbERP), which constitutes a feature-based improvement/extension to ERP. FbERP uses feature models to represent urgent change requests (UCRs) and traces each change to its location in the code base in order to realign documentation and code. Based on real-world change requests, we evaluated the proposed process using different techniques, including an empirical case study and a small survey. In the empirical case study, we compare FbERP with respect to ERP to check the effectiveness, efficiency, and usability of the proposed process. The results of the evaluation reveal that FbERP can be successfully used by software engineers to respond to UCRs, with an improvement over ERP.

“Shift To Left” is the cornerstone of the successful implementation of DevSecOps. By testing projects for vulnerabilities in the early stages of development, teams can save overall costs before security issues reach the build phase. As one of the popular practices in “Shift To Left,” the Software Composition Analysis (SCA) system aims to leverage the Software Bill of Materials (SBOM) to enhance software supply chain security. However, the SBOM lacks mature generation and distribution mechanisms, requiring incentive measures to drive industry consensus. Additionally, the data and tools associated with the SBOM lack effective record-keeping and monitoring, making it challenging to ensure data integrity and tool security. Traditional SCA systems treat SBOM as a regular data format for external service provision, yet fail to solve problems such as lack of shared platforms, inability to guarantee data integrity and tool security, as well as issues with poor interoperation compatibility. This paper introduces blockchain technology into the SCA system, utilizing smart contracts to provide core SBOM tool services and microservices to improve the operational efficiency of smart contract deployment and maintenance. The proposed SCA system effectively provides a shared platform for SBOM with reliable data integrity, guaranteed tool security, and good interoperability.

Modern systems are increasingly connected and more integrated with other existing systems, giving rise to systems-of-systems (SoS). An SoS consists of a set of independent, heterogeneous systems that interact to provide new functionalities and accomplish global missions through emergent behavior manifested at runtime. The distinctive characteristics of SoS, when contrasted to traditional systems, pose significant research challenges within software engineering. These challenges motivate the need for a paradigm shift and the exploration of novel approaches for designing, developing, deploying, and evolving these systems. The International Workshop on Software Engineering for Systems-of-Systems (SESoS) series started in 2013 to fill a gap in scientific forums addressing SoS from the software engineering perspective, becoming the first venue for this purpose. This article presents a study aimed at outlining the evolution and future trajectory of software engineering for SoS based on the examination of 57 papers spanning the 11 editions of the SESoS workshop (2013–2023). The study combined scoping review and scientometric analysis methods to categorize and analyze the research contributions concerning temporal and geographic distribution, topics of interest, research methodologies employed, application domains, and research impact. Based on such a comprehensive overview, this article discusses current and future directions in software engineering for SoS.

Third-party software has streamlined the software engineering process, allowed software engineers to focus on developing more advanced components, and reduced time and cost. This shift has led to software development strategies moving from competition to collaboration, resulting in the concept of software ecosystems, in which internal and external actors work together on shared platforms and place their trust in the ecosystem. However, the increase in shared components has also created challenges, especially in security, as the large dependency trees significantly enlarge a system's attack surface. The situation is made worse by the lack of effective ways to measure and ensure the trustworthiness of these components. In this article, we explore current approaches used to evaluate trust in software ecosystems, focusing on analyzing the specific techniques utilized, the primary factors in trust evaluation, the diverse formats for result presentation, as well as the software ecosystem entities considered in the approaches. Our goal is to provide the status of current trust evaluation approaches, including their limitations. We identify key challenges, including the limited coverage of software ecosystem entities; the objectivity, universality, and environmental impacts of the evaluation approaches; the risk assessment for the evaluation approaches; and the security attacks posed by trust evaluation in these approaches.

Serious games (SGs) are valuable tools for learning, training, and improving skills in various domains because they engage and motivate players to achieve planned processes to reach objectives. Several works provided methods, models, and frameworks to support SG development. However, designers, developers, teachers, and researchers face challenges in creating SG with entertainment and learning balance, and many designed games still do not fulfill the main intended objectives. This paper introduces an approach, called SGDA-IE with phases and steps to follow during the entire SG design process. It was built on literature review and SG design challenges designers need to consider from the early stages when creating SG. The proposed approach is founded on three perspectives: software engineering best practices, video game industry practices, and SG success factors and provides means to overcome the investigated design challenges. These are characteristics taxonomy model, requirements specification approach, and artifacts iterative evaluation by designer, domain expert, and players. To assess our approach efficacy, we conceived a health, safety, and environment (HSE) training SG for workers on fuel storage sites and petroleum installations. The feedback received is positive and indicates a favorable specification method of the SG, effective participatory design, and control over requirements evolution. The SG playtesting reveals a significant involvement of participants and efficient tracking of the knowledge acquisition.