Journal of Software-Evolution and Process最新文献

“Shift To Left” is the cornerstone of the successful implementation of DevSecOps. By testing projects for vulnerabilities in the early stages of development, teams can save overall costs before security issues reach the build phase. As one of the popular practices in “Shift To Left,” the Software Composition Analysis (SCA) system aims to leverage the Software Bill of Materials (SBOM) to enhance software supply chain security. However, the SBOM lacks mature generation and distribution mechanisms, requiring incentive measures to drive industry consensus. Additionally, the data and tools associated with the SBOM lack effective record-keeping and monitoring, making it challenging to ensure data integrity and tool security. Traditional SCA systems treat SBOM as a regular data format for external service provision, yet fail to solve problems such as lack of shared platforms, inability to guarantee data integrity and tool security, as well as issues with poor interoperation compatibility. This paper introduces blockchain technology into the SCA system, utilizing smart contracts to provide core SBOM tool services and microservices to improve the operational efficiency of smart contract deployment and maintenance. The proposed SCA system effectively provides a shared platform for SBOM with reliable data integrity, guaranteed tool security, and good interoperability.

Modern systems are increasingly connected and more integrated with other existing systems, giving rise to systems-of-systems (SoS). An SoS consists of a set of independent, heterogeneous systems that interact to provide new functionalities and accomplish global missions through emergent behavior manifested at runtime. The distinctive characteristics of SoS, when contrasted to traditional systems, pose significant research challenges within software engineering. These challenges motivate the need for a paradigm shift and the exploration of novel approaches for designing, developing, deploying, and evolving these systems. The International Workshop on Software Engineering for Systems-of-Systems (SESoS) series started in 2013 to fill a gap in scientific forums addressing SoS from the software engineering perspective, becoming the first venue for this purpose. This article presents a study aimed at outlining the evolution and future trajectory of software engineering for SoS based on the examination of 57 papers spanning the 11 editions of the SESoS workshop (2013–2023). The study combined scoping review and scientometric analysis methods to categorize and analyze the research contributions concerning temporal and geographic distribution, topics of interest, research methodologies employed, application domains, and research impact. Based on such a comprehensive overview, this article discusses current and future directions in software engineering for SoS.

Third-party software has streamlined the software engineering process, allowed software engineers to focus on developing more advanced components, and reduced time and cost. This shift has led to software development strategies moving from competition to collaboration, resulting in the concept of software ecosystems, in which internal and external actors work together on shared platforms and place their trust in the ecosystem. However, the increase in shared components has also created challenges, especially in security, as the large dependency trees significantly enlarge a system's attack surface. The situation is made worse by the lack of effective ways to measure and ensure the trustworthiness of these components. In this article, we explore current approaches used to evaluate trust in software ecosystems, focusing on analyzing the specific techniques utilized, the primary factors in trust evaluation, the diverse formats for result presentation, as well as the software ecosystem entities considered in the approaches. Our goal is to provide the status of current trust evaluation approaches, including their limitations. We identify key challenges, including the limited coverage of software ecosystem entities; the objectivity, universality, and environmental impacts of the evaluation approaches; the risk assessment for the evaluation approaches; and the security attacks posed by trust evaluation in these approaches.

Serious games (SGs) are valuable tools for learning, training, and improving skills in various domains because they engage and motivate players to achieve planned processes to reach objectives. Several works provided methods, models, and frameworks to support SG development. However, designers, developers, teachers, and researchers face challenges in creating SG with entertainment and learning balance, and many designed games still do not fulfill the main intended objectives. This paper introduces an approach, called SGDA-IE with phases and steps to follow during the entire SG design process. It was built on literature review and SG design challenges designers need to consider from the early stages when creating SG. The proposed approach is founded on three perspectives: software engineering best practices, video game industry practices, and SG success factors and provides means to overcome the investigated design challenges. These are characteristics taxonomy model, requirements specification approach, and artifacts iterative evaluation by designer, domain expert, and players. To assess our approach efficacy, we conceived a health, safety, and environment (HSE) training SG for workers on fuel storage sites and petroleum installations. The feedback received is positive and indicates a favorable specification method of the SG, effective participatory design, and control over requirements evolution. The SG playtesting reveals a significant involvement of participants and efficient tracking of the knowledge acquisition.

Risk management (RM) plays a role in project management in the software development field. As information technology (IT) systems become more essential across industries and IT projects continue to face failure rates effective project management becomes crucial. However, the utilization of methodologies in risk management is not widely considered, specifically in Malaysia. This study aims to investigate how software practitioners in Malaysia have implemented risk management and discover strategies that can enhance risk management for agile contexts. The main focus of this study is the limited integration of methodologies into risk management practices, which has created a gap within the software risk domain. Successful risk management is essential for the achievement of software projects, and the findings from this study can offer insights for software development organizations to make informed decisions and improve project outcomes. By utilizing a quantitative approach and adapted questionnaires, this comprehensive study collected data from 60 practitioners and conducted descriptive analysis to identify key risk elements that have significant potential to affect project performance. The findings highlight these risk elements that can significantly impact project success. Agile methodologies, with their emphasis on collaboration, communication within teams, and engagement with stakeholders, including top management, are instrumental in aligning project objectives, identifying potential risks, and resolving issues promptly. This study provides empirical insights into the risk management practices of agile practitioners in Malaysia, which can equip software development organizations with valuable knowledge for informed decision-making. By enhancing project outcomes and guiding future strategic actions, the findings of this study can contribute to the improvement of agile risk management in the software development industry, particularly in the Malaysian context.