Journal of Software-Evolution and Process最新文献

Code readability is of central concern for developers, as a more readable code indicates higher maintainability, reusability, and portability. In recent years, many deep learning–based code readability classification methods have been proposed. Among them, a graph neural network (GNN)–based model has achieved the best performance in the field of code readability classification. However, it is still unclear what aspects of the model's input lead to its decisions, which hinders its practical use in the software industry. To improve the interpretability of existing code readability classification models and identify key code characteristics that drive their readability predictions, we propose an explanation framework with GNN explainers towards transparent and trustworthy code readability classification. First, we propose a simplified Abstract Syntax Tree (AST)–based code representation method, which transforms Java code snippets into ASTs and discards lower-level nodes with limited information. Then, we retrain the state-of-the-art GNN-based model together with our simplified program graphs. Finally, we employ SubgraphX to explain the model's code readability predictions at the subgraph level and visualize the explanation results to further analyze what causes such predictions. The experimental results show that sequential logic, code comments, selection logic, and nested structure are the most influential code characteristics when classifying code snippets as readable or unreadable. Further investigations indicate the model's proficiency in capturing features related to complex logic structures and extensive data flows but point to its limitations in identifying readability issues associated with naming conventions and code formatting. The explainability analysis conducted in this research is the first step towards more transparent and reliable code readability classification. We believe that our findings are useful in providing constructive suggestions for developers to write more readable code and delimitating directions for future model improvement.

The increasing complexity of software development processes has heightened the need for robust security measures. Although technical safeguards are essential, the role of human factors in securing software development remains underexplored. This paper presents a novel approach that integrates people's maturity with a fuzzy analytic hierarchy process (Fuzzy-AHP) decision-making framework to enhance the security in software development. The framework provides a systematic method for evaluating and prioritizing human factors that influence an organization's security posture, such as team-expertized communication and adherence to security protocols. Using the decision-making model allows the project managers and stakeholders to determine the appropriate areas for improvement and develop the right strategies and actions to nurture a secure and mature development culture. The paper identifies 24 human success factors (HSFs) and human security vulnerabilities (HSVs) and 38 practices for addressing these HSFs and HSVs through systematic literature review (SLR) and empirical survey. Furthermore, we discuss the local and global ranks of each HSF and HSV practice and categorize the identified practices into nine categories to determine the ranks and weight of each category. Based on collected data, Fuzzy-AHP prioritized these practices; the category “C4: Skill development and stakeholder engagement” is ranked highest at rank-1 and possesses the most significant weight of 0.12435. Similarly, the highest global weight is 0.051506, and the global ranked (rank-1) HSF and HSV practice is “P15: Hands-on practice and stakeholder communication.” The proposed approach complements existing technical methods by addressing the human element of security, making it adaptable to diverse organizational environments. Through this integration of people maturity and Fuzzy-AHP, the paper contributes a new dimension to securing software development, emphasizing the critical role of human factors in achieving comprehensive security.

Requirements prioritization puts more emphasis on the software requirements based on their importance, making it a crucial activity in managing software requirements throughout the software development process. This work explains the concept of prioritization techniques, their relevance, and related issues. Recent literature has described many requirement prioritization techniques, but each comes with its own limitations and challenges, specifically regarding scalability. In this article, we provide a systematic literature review (SLR) of the requirement prioritization techniques over the past decade and identify their limitations and scalability issues. In this context, we develop a planned protocol that includes all the necessary steps required for the SLR process. As a result of conducting the SLR, 53 primary studies were shortlisted for data extraction. The analysis of the results indicates that there is a minimal focus on large-scale functional requirements, with only 9% of the work addressing this area. To the best of our knowledge, no work has been done on prioritizing requirements between ERP systems and mobile-specific applications. Most existing studies focus on imaginary or simulated projects, and very limited actual work has been carried out during the execution of the industrial projects. When requirements are prioritized correctly, the likelihood of successful implementation will be high, and it will lead to a higher quality product.

A code summarization engine based on large language models (LLMs) can describe code functionality from different perspectives according to programmers' needs. However, these engines are at risk of black-box backdoor attacks. We propose a simple yet practical method called Bad Prompt Attack (BPA), specifically designed to investigate such black-box backdoor attacks. This innovative attack method aims to induce the code summarization engine to generate summarizations that conceal security vulnerabilities in source code. Consistent with most commercial code summarization engines, BPA only assumes black-box query access to the target engine without requiring knowledge of its internal structure. This attack targets in-context learning by injecting adversarial demonstrations into user input prompts. We validated our method on the SOTA black-box commercial service, OpenAI API. In security-critical test cases covering seven types of CWE, BPA significantly increased the likelihood that the code summarization engine would generate the attacker-desired code summarization targets, achieving an average attack success rate (ASR) of 91.4%. This result underscores the potential threat of backdoor attacks on code summarization tasks while providing essential reference points for future defense research.

In the EU blueprint project FLAMENCO (Forward Looking Approaches for Green Mobility Ecosystem Network Collaboration), an innovation agent task force has been founded, which acts as an expert panel to elaborate a skills set of an innovation agent for automotive and establishes an innovation capability assessment model based on the ISO 560xx Innovation Management Systems norm series. In 2024, a new EU project TRIREME (Digital & Green Skills Towards Future of the Mobility Ecosystem, 2024–2027) started, which builds on this existing innovation agent task force and provides resources to elaborate MOOcs (Massive Open Online Courses) per chapter of the ISO 5600x norm applying new tools like AI. The MOOC is then configured in a European Skills Hub of the ASA (Automotive Skills Alliance). ASA represents the pact for skills partner in the EU Erasmus+ program for the automotive sector. The research work about the use of AI (artificial intelligence) for the implementation of specific ISO 560xx chapters will be published. This paper is about the results of the work on the ISO 56006 Strategic Intelligence Management implementation using AI in the TRIREME project.

In today's swiftly evolving technological landscape, the importance of software reliability has become crucial. To evaluate software reliability, many researchers have investigated several software reliability growth models (SRGMs). Software developers frequently use a controlled environment for software testing, where they are aware of all the factors. However, the operational environment can introduce unpredictable and unfamiliar factors. Many studies in the literature have recognized the existence of uncertainty in the operational environment with different scenarios like perfect and imperfect debugging, several testing coverage functions, different error detection rates, etc. However, the inclusion of the testing effort function (TEF) alongside this operating uncertain environment has received notably less attention. This paper addresses this gap by exploring a software reliability growth model that integrates a power law TEF to account for an operational uncertain environment. For the validation, a numerical analysis is done based on two datasets (DS1 and DS2), and the proposed model is compared to seven existing reliability models using six goodness-of-fit criteria, and other improved NCD ranking criteria. In addition, we have also conducted single and multiple-parameter sensitivity analysis, which has enabled us to identify the critical parameters. The proposed models could potentially assist system analysts in predicting various parameters related to certain software systems. The findings encourage the decision makers.

The usage of micro-services in IT services is increasing. As this growth continues, the importance of eco-friendly design and operation becomes a significant factor. This study aims to evaluates the potential of Java frameworks that facilitate cloud-native micro-services in reducing the energy footprint throughout the release lifecycle. The release lifecycle view also looks into the development phase and its footprint impact respectively potentials to build overall more energy footprint optimized releases. Technology-driven methods and tools based on micro-service frameworks can help reduce the energy footprint at the micro-service level. However, local optimizations at the micro-service level cannot diminish the importance of more holistic approaches, such as optimizing the overall system, architecture and design of micro-services. The concepts derived from this analysis can be implemented in industrial settings, as presented by the case study. The effects are measurable and represent a positive step towards more eco-friendly cloud-native micro-service-based IT service offerings.