Information and Software Technology最新文献

{"title":"xPriMES: Explainable reinforcement learning-guided mutation strategy with dual-environment interaction for evading black-box malware detectors","authors":"Phan The Duy,&nbsp;Nguyen Manh Cuong,&nbsp;Ha Trieu Yen Vy,&nbsp;Le Tuan Luong,&nbsp;Nguyen Tran Duc Anh,&nbsp;Nghi Hoang Khoa,&nbsp;Van-Hau Pham","doi":"10.1016/j.infsof.2026.108019","DOIUrl":"10.1016/j.infsof.2026.108019","url":null,"abstract":"<div><div>Malware continues to evolve, exposing weaknesses in conventional detectors and motivating realistic adversarial evaluations. Prior RL-based evasion methods often rely on partial model access or feature-level perturbations, limiting realism under strict black-box constraints. We propose xPriMES, a dual-environment reinforcement learning framework that generates functionality-preserving binary mutations for malware evasion in black-box settings. A LightGBM surrogate provides continuous confidence feedback for dense reward shaping, while the real target detector supplies binary feedback — used both for episode termination and for issuing the final reward — ensuring learning remains grounded in real evasion outcomes. The agent employs Thompson sampling and SHAP-guided prioritized replay to focus exploration on feature-relevant mutations and accelerate convergence. Experiments on multiple static detectors (LightGBM, RF+CNN, MalConv, CNN, KNN) demonstrate up to 97.4% evasion success, surpassing PSP-Mal under equivalent conditions. Further tests on VirusTotal confirm the transferability and real-world impact of the adversarial samples. These findings show that integrating explainable guidance with surrogate-assisted RL yields interpretable and effective black-box evasion while preserving functionality. We conclude with implications for defensive hardening and discuss limitations related to surrogate fidelity and the focus on static detection.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"192 ","pages":"Article 108019"},"PeriodicalIF":4.3,"publicationDate":"2026-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145928208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CSVD-AES: Cross-project software vulnerability detection based on active learning with metric fusion","authors":"Zhidan Yuan ,&nbsp;Xiang Chen ,&nbsp;Juan Zhang ,&nbsp;Weiming Zeng","doi":"10.1016/j.infsof.2026.108015","DOIUrl":"10.1016/j.infsof.2026.108015","url":null,"abstract":"<div><h3>Context:</h3><div>Previous studies on Cross-Project Software Vulnerability Detection (CSVD) have shown that leveraging a small number of labeled modules from the target project can enhance the performance of CSVD. However, how to systematically select representative modules for labeling has not received sufficient attention. In addition, program modules can be measured using either expert or semantic metrics. There has been insufficient attention given to whether considering both metrics simultaneously helps in selecting representative modules.</div></div><div><h3>Objective:</h3><div>To address these challenges, we introduce a novel approach CSVD-AES. This method aims to fuse expert and semantic metrics and employs the active learning to select the most representative modules for labeling.</div></div><div><h3>Methods:</h3><div>CSVD-AES consists of three phases: the code representation phase, the active learning phase, and the model construction phase. In the code representation phase, a self-attention mechanism is used to fuse the metrics. In the active learning phase, an uncertainty sampling strategy is employed to select the most representative modules for labeling. In the model construction phase, the weighted cross-entropy (WCE) loss function is applied to address the class imbalance issue in the labeled modules. The metric fusion helps active learning identify representative modules. Since selecting modules can exacerbate the class imbalance issue in the labeled modules, we employ a sampling balancing strategy during the active learning phase to address this problem.</div></div><div><h3>Results:</h3><div>CSVD-AES is evaluated through a comprehensive study on four real-world projects. The results demonstrate that CSVD-AES outperforms five state-of-the-art baselines, achieving AUC improvements ranging from 4.0% to 24.4%. A series of ablation experiments verify the rationality of the CSVD-AES component settings.</div></div><div><h3>Conclusion:</h3><div>CSVD-AES effectively addresses the challenges in the field of CSVD by combining active learning and metric fusion, significantly advancing the development of this field.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"192 ","pages":"Article 108015"},"PeriodicalIF":4.3,"publicationDate":"2026-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145928338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Automatic multi-language analysis of SOLID compliance via machine learning algorithms","authors":"Caner Balim ,&nbsp;Naim Karasekreter ,&nbsp;Özkan Aslan","doi":"10.1016/j.infsof.2026.108013","DOIUrl":"10.1016/j.infsof.2026.108013","url":null,"abstract":"<div><h3>Context</h3><div>The SOLID design principles are fundamental in object-oriented software development, promoting modularity, maintainability, and scalability. Manual verification of these principles in code is often time-consuming and error-prone, especially in large-scale, multilingual projects. Since adherence to SOLID principles is closely linked to software quality, automating this verification can significantly enhance code reliability.</div></div><div><h3>Objectives</h3><div>This study proposes a machine learning-based approach for the automatic classification of SOLID principle compliance in object-oriented code. Specifically, we investigate the effectiveness of embedding representations generated by three pretrained transformer models: LongCoder and StarCoder2, which are both code-oriented, and BigBird, a general-purpose model, in supporting principle-specific classification across Java and Python codebases.</div></div><div><h3>Methods</h3><div>We compiled a novel multi-label dataset consisting of 1103 real-world multi-class code units in Java and Python, annotated for compliance with five SOLID principles. Feature embeddings were extracted using the three transformer models. These embeddings were input to six different classifiers per principle. We evaluated model performance using stratified 5-fold cross-validation and reported accuracy, precision, recall, and F1 scores.</div></div><div><h3>Results</h3><div>Principles with well-defined structural characteristics, such as Interface Segregation (ISP) and Dependency Inversion (DIP), achieved high F1 scores (&gt;90%). Semantically complex principles like Single Responsibility (SRP) and Liskov Substitution (LSP) yielded lower F1 scores (∼70–75%). Among the models, StarCoder2 combined with Multi-Layer Perceptron (MLP) consistently outperformed others across both Java and Python datasets. Statistical analyses confirmed that these performance differences are significant. Furthermore, comparisons with open-source large language models (DeepSeek-Coder-V2 and CodeLlama) demonstrated that the approach yields more stable and interpretable results across all principles.</div></div><div><h3>Conclusion</h3><div>Machine learning models leveraging code-specific embeddings can accurately identify structurally explicit SOLID principles. Code-oriented transformers such as StarCoder2 and LongCoder outperformed the general-purpose model BigBird, especially for principles requiring nuanced semantic understanding. Beyond its experimental contributions, the study provides practical value by enabling automated design-principle assessment in large codebases, reducing manual inspection effort, and offering a foundation for integration into software quality assurance tools and continuous integration pipelines.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"192 ","pages":"Article 108013"},"PeriodicalIF":4.3,"publicationDate":"2026-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145928206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A study on functionality validation for windows malware mutating using reinforcement learning","authors":"Do Thi Thu Hien ,&nbsp;Le Viet Tai Man ,&nbsp;Le Trong Nhan ,&nbsp;Phan Ngoc Yen Nhi ,&nbsp;Hoang Thanh Lam ,&nbsp;Nguyen Tan Cam ,&nbsp;Van-Hau Pham","doi":"10.1016/j.infsof.2025.108008","DOIUrl":"10.1016/j.infsof.2025.108008","url":null,"abstract":"<div><h3>Context:</h3><div>To keep pace with the rapid advancements in both the quality and complexity of malware, recent research has extensively employed machine learning (ML) and deep learning (DL) models to detect malicious software, particularly in the widely used Windows system. Despite demonstrating promising accuracy in identifying malware, these models remain vulnerable to adversarial attacks, where carefully modified malware samples can bypass detection. Consequently, there is a growing need to generate mutated malware by altering existing samples to comprehensively assess the robustness of ML/DL-based detectors. Unlike in the field of computer vision, functionality validation plays a crucial role in evaluating the effectiveness of these modified malware samples. Even if they achieve high evasion rates, any corruption in file format or execution can make them ineffective.</div></div><div><h3>Objective:</h3><div>To address this, we consider the essentials of functionality validation in creating malware samples by designing validators that can be used in reinforcement learning-based Windows malware mutation. Our focus is on workable and useful adversarial samples rather than the quantity.</div></div><div><h3>Method:</h3><div>Two different functionality validation methods are proposed, leveraging the static and dynamic analysis processes of PE files to capture the representation of their behaviors to verify the preservation of designed functionalities. They are then integrated into the RL framework to support the agent in recognizing actions that can cause broken samples.</div></div><div><h3>Results:</h3><div>Whether employing static or dynamic analysis for validation, the experimental results confirm that the proposed methods successfully maintain the original behavior of malware while enhancing its ability to evade ML-based detectors. Compared to other approaches, although the number of created adversarial malware drops due to stricter validation, a higher ratio of them are confirmed functionality-preserved.</div></div><div><h3>Conclusions:</h3><div>Functionality validation is an essential task in creating Windows malware mutants to ensure their reliability and usability in further assessment scenarios or real-life attacks.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"192 ","pages":"Article 108008"},"PeriodicalIF":4.3,"publicationDate":"2026-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145928335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Gated transformer network for multivariate security patch identification with mixture-of-experts","authors":"Jiajun Tong ,&nbsp;Zhixiao Wang ,&nbsp;Xiaobin Rui","doi":"10.1016/j.infsof.2025.108006","DOIUrl":"10.1016/j.infsof.2025.108006","url":null,"abstract":"<div><h3>Context:</h3><div>Security patch identification is an important task in continuous integration and deployment, which helps software developers detect security issues and code vulnerabilities. Recent studies have confirmed that using both commit message and code diff information are beneficial to identification performance. However, existing works still face the problems of poor model representation ability and low model robustness, both of which affect the quality of commit representation, resulting in bad identification performance.</div></div><div><h3>Objective:</h3><div>We propose a gated transformer network for multivariate security patch identification with mixture-of-experts.</div></div><div><h3>Method:</h3><div>To improve the representation capability of the model and the quality of the commit representations, we provided a bi-encoder to utilize prior knowledge to enhance distinctive features for commit message and code diff respectively. To improve the robustness of the model and further improve the quality of commit representations, we designed a gated layer to learn the weight of each expert, and dynamically assign weights to different features.</div></div><div><h3>Results:</h3><div>Extensive experiments show that our framework has effectively improved the model representation ability, and the robustness of the model, providing high-quality commit representations, and achieves the state-of-the-art performance.</div></div><div><h3>Conclusion:</h3><div>Our approach provides a bi-encoder to obtain the embedding of each feature by two experts, and then explore the difference between them, by setting different weights through the gated layer. It not only improves the model representation ability but also improves the robustness of the model, thus having favorable applicability in real-world scenarios. The code and data are shared in <span><span>https://github.com/AppleMax1992/ensemble_commit</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"192 ","pages":"Article 108006"},"PeriodicalIF":4.3,"publicationDate":"2025-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145891160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"VulSEG: Enhanced graph-based vulnerability detection system with advanced text embedding","authors":"Wenjing Cai ,&nbsp;Xin Liu ,&nbsp;Lipeng Gao","doi":"10.1016/j.infsof.2025.108007","DOIUrl":"10.1016/j.infsof.2025.108007","url":null,"abstract":"<div><div>In the field of software security, the detection of vulnerabilities in source code has become increasingly important. Traditional methods based on feature engineering and statistical models are inefficient when dealing with complex code structures and large-scale data, while deep learning approaches have shown significant potential. Many detection methods involve converting source code into images for analysis. Although scalable, convolutional neural networks often fail to fully comprehend the complex structure and semantic relationships in the code, resulting in inadequate capture of high-level semantic features, which affects the accuracy of detection. This study introduces an innovative vulnerability detection framework, <em>VulSEG</em>, which significantly improves detection accuracy while maintaining high scalability. We combine the <em>Program Dependence Graph (PDG)</em>, <em>Control Flow Graph (CFG)</em>, and <em>Context Dependency Graph (CDG)</em> to create a context-enhanced graph representation. Additionally, we develop a composite feature encoding strategy that integrates <em>Syntax Tree (AST)</em> encoding with deep semantic security coding <em>(Word2Vec + Complexity- and Security-Weighted TF-IDF, CSW-TF-IDF)</em> to enhance the understanding of code complexity and the accuracy of predicting potential vulnerabilities. By incorporating the <em>Text Convolutional Neural Network (TextCNN)</em> and <em>Bidirectional Long Short-Term Memory (BiLSTM)</em> models, we further enhance feature extraction and long-sequence dependency handling capabilities. The experimental results show that, compared to state-of-the-art methods, our approach improves accuracy by 11.8%.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"192 ","pages":"Article 108007"},"PeriodicalIF":4.3,"publicationDate":"2025-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145928209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Compositional security analysis of dynamic component-based systems","authors":"Charilaos Skandylas ,&nbsp;Narges Khakpour","doi":"10.1016/j.infsof.2025.108002","DOIUrl":"10.1016/j.infsof.2025.108002","url":null,"abstract":"<div><h3>Context:</h3><div>To reason about and enforce security in dynamic software systems, automated analysis and verification approaches are required. However, such approaches often encounter scalability issues, particularly when employed for runtime analysis, which is necessary in software systems with dynamically changing architectures, such as self-adaptive systems.</div></div><div><h3>Objective:</h3><div>In this work, we propose an automated formal approach for security analysis of component-based systems with dynamic architectures.</div></div><div><h3>Methods:</h3><div>This approach leverages formal abstraction and incremental analysis techniques to reduce the complexity of runtime analysis. We have implemented and evaluated our approach against ZNN, a widely known self-adaptive system exemplar.</div></div><div><h3>Results:</h3><div>Compared to the state of the art, our results demonstrate an improvement both in the size of systems that can be analyzed and at the time required to complete the analysis. In particular, our incremental analysis is well suited for systems that alter their architectures at runtime.</div></div><div><h3>Conclusion:</h3><div>Therefore, this approach is suitable for analyzing the security dynamic component based both statically and at runtime.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"191 ","pages":"Article 108002"},"PeriodicalIF":4.3,"publicationDate":"2025-12-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145884035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Maximizing quantum hardware utilization via multiprogramming circuits and shot-wise distribution","authors":"Giuseppe Bisicchia ,&nbsp;Jaime Alvarado-Valiente ,&nbsp;Javier Romero-Álvarez ,&nbsp;Jose Garcia-Alonso ,&nbsp;Juan M. Murillo ,&nbsp;Antonio Brogi","doi":"10.1016/j.infsof.2025.108005","DOIUrl":"10.1016/j.infsof.2025.108005","url":null,"abstract":"<div><h3>Context:</h3><div>Quantum computing is rapidly evolving, offering new opportunities for solving problems in optimization, cryptography, and simulation. However, the limited availability of quantum resources makes efficient utilization of quantum hardware a current challenge. Today’s paradigms often lead to under-utilization of qubits, increased costs, and execution delays, especially in the NISQ era.</div></div><div><h3>Objective:</h3><div>This work aims to improve the utilization of quantum hardware by introducing an execution model that integrates multiprogramming at circuit level with quantum shot-wise distribution in a single policy-driven pipeline.</div></div><div><h3>Methods:</h3><div>An architecture has been implemented that combines circuit scheduling and shot distribution techniques to aggregate multiple circuits and distribute their shots across heterogeneous QPUs. The approach was empirically validated on actual IBM Quantum devices using a diverse set of reference circuits.</div></div><div><h3>Results:</h3><div>The proposal achieved a reduction in cost of 95% and a reduction in tasks 92%. Moreover, the fidelity analysis of the results showed an increase in noise, with an average increase of approximately 20% using different statistical distances.</div></div><div><h3>Conclusions:</h3><div>This research provides a usable and extensible solution to increase the efficiency, cost effectiveness, and resilience of quantum workload execution in heterogeneous and dynamic cloud environments. These results obtained suggest that users should weigh the implications of fidelity versus cost (and time) savings based on the application requirements and their goals.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"191 ","pages":"Article 108005"},"PeriodicalIF":4.3,"publicationDate":"2025-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145840127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A model-driven approach to streamline the development of prescriptive services for digital twins","authors":"Arturo Barriga,&nbsp;José A. Barriga,&nbsp;Pablo A. Portillo,&nbsp;Adolfo Lozano-Tello,&nbsp;Pedro J. Clemente","doi":"10.1016/j.infsof.2025.108001","DOIUrl":"10.1016/j.infsof.2025.108001","url":null,"abstract":"<div><h3>Context:</h3><div>Digital twins are dynamic virtual replicas of physical systems that offer significant benefits in terms of efficiency and productivity. In particular, prescriptive digital twins are able to provide specific recommendations to help stakeholders optimize physical system performance, reduce risks, and proactively solve problems. However, despite the high value of prescriptive services, most current digital twin implementations remain focused on monitoring and descriptive analytics, lacking the advanced capabilities required to provide actionable, prescriptive insights.</div></div><div><h3>Objective:</h3><div>This paper aims to streamline the development of prescriptive services for digital twin systems, thus fostering their adoption and unlocking their full potential.</div></div><div><h3>Methods:</h3><div>To this end, a Model-Driven Development (MDD) approach specifically designed for prescriptive digital twin services is proposed.</div></div><div><h3>Results:</h3><div>With the proposed Domain-Specific Language (DSL), developers can focus on designing their prescriptive services from a high-level perspective. Then, Model-to-Text (M2T) transformations generate the required code, configuration files, and deployment artifacts.</div></div><div><h3>Conclusion:</h3><div>Thus, this approach not only reduces the development time and cost of these services, but also reduces the need for technical expertise. In addition, the applicability of the proposal is validated through two digital twin use cases in the agriculture and manufacturing domains.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"191 ","pages":"Article 108001"},"PeriodicalIF":4.3,"publicationDate":"2025-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145840299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the use of extended reality to support software development activities: A systematic literature review","authors":"Tiara Rojas-Stambuk ,&nbsp;Juan Pablo Sandoval Alcocer ,&nbsp;Leonel Merino ,&nbsp;Andres Neyem","doi":"10.1016/j.infsof.2025.107999","DOIUrl":"10.1016/j.infsof.2025.107999","url":null,"abstract":"<div><h3>Context:</h3><div>Extended Reality (XR) technologies, including virtual, augmented, and mixed reality, offer novel ways to support software development through immersive and spatial representations of complex software artifacts. Although many XR-based tools have been introduced, their coverage of development activities, types of visualized software data, and evaluation quality remain unclear.</div></div><div><h3>Objectives:</h3><div>This paper aims to systematically review the use of XR in software development, focusing on the tasks supported, the types of data visualized, the visualization and interaction techniques, the evaluation methods, and the limitations reported.</div></div><div><h3>Methods:</h3><div>We conducted a systematic review of the literature of 77 primary studies published between 1995 and February 2025. Each study was analyzed and classified according to the supported development tasks, the types of visualized software data, the visualization techniques used, the XR technologies used, the evaluation strategies, and the limitations.</div></div><div><h3>Results:</h3><div>Our findings show that most XR tools target software comprehension, primarily through structural visualizations. City metaphors and other metaphor-based techniques are the most common. However, XR remains underexplored in activities such as testing, performance analysis, and requirements engineering. Evaluation approaches are heterogeneous, often lacking methodological rigor, sufficient sample sizes, and standardized metrics.</div></div><div><h3>Conclusion:</h3><div>Although XR holds promise for improving software development, its current use is concentrated in a narrow set of activities and is hampered by limited evaluation quality. The challenges remain in tool integration, interaction design, and practical adoption. We identify key gaps and provide recommendations to guide future research toward broader and more effective use of XR in software engineering.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"191 ","pages":"Article 107999"},"PeriodicalIF":4.3,"publicationDate":"2025-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145840129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}