Abstract-Security bug reports can describe security critical vulnerabilities in software products. Bug tracking systems may contain thousands of bug reports, where relatively few of them are security related. Therefore finding unlabelled security bugs among them can be challenging. To help security engineers identify these reports quickly and accurately, text-based prediction models have been proposed. These can often mislabel security bug reports due to a number of reasons such as class imbalance, where the ratio of non-security to security bug reports is very high. More critically, we have observed that the presence of security related keywords in both security and non-security bug reports can lead to the mislabelling of security bug reports. This paper proposes FARSEC, a framework for filtering and ranking bug reports for reducing the presence of security related keywords. Before building prediction models, our framework identifies and removes non-security bug reports with security related keywords. We demonstrate that FARSEC improves the performance of text-based prediction models for security bug reports in 90% of cases. Specifically, we evaluate it with 45,940 bug reports from Chromium and four Apache projects. With our framework, we mitigate the class imbalance issue and reduce the number of mislabelled security bug reports by 38%.
Adaptive user interfaces (UIs) were introduced to address some of the usability problems that plague many software applications. Model-driven engineering formed the basis for most of the systems targeting the development of such UIs. An overview of these systems is presented and a set of criteria is established to evaluate the strengths and shortcomings of the state-of-the-art, which is categorized under architectures, techniques, and tools. A summary of the evaluation is presented in tables that visually illustrate the fulfillment of each criterion by each system. The evaluation identified several gaps in the existing art and highlighted the areas of promising improvement. The user interface (UI) layer is considered one of the key components of software applications since it connects their end-users to the functionality. Well-engineered and robust software applications could eventually fail to be adopted due to a weak UI layer. Some user interface development techniques such as: universal design [Mace et al. 1990], inclusive design [Keates et al. 2000], and design for all [Stephanidis 1997] promote the concept of making one UI design fit as many people as possible. Yet, a UI is not independent from its context-of-use, which is defined in terms of the user, platform, and environment [Calvary et al. 2003]. The "one design fits all" approach is unable to accommodate all the cases of variability in the context-of-use, in many cases leading to a diminished user experience. Building multiple UIs for the same functionality due to context variability is difficult since the scope of variability cannot be completely known at design-time and there is a high cost incurred by manually developing multiple versions of the UI. Adaptive UIs have been promoted as a solution for context variability due to their ability to automatically adapt to the context-of-use at runtime. User interfaces capable of adapting to their context-of-use are also referred to as multi-context or multi-target [Fonseca 2010]. A key goal behind adaptive UIs is plasticity denoting a UI's ability to preserve its usability across multiple contexts-of-use [Coutaz 2010]. Norcio and Stanley [1989] consider that the idea of an adaptive UI is straightforward since it simply means that: "The interface should adapt to the user; rather than the user adapting to the system" (p. 399) but they note that in spite of the simplicity of the definition, there are some difficult and complex problems relating to adaptive UIs. In our study of the literature, we noticed that some of these problems are technical and are related to devising systems that can support the development of adaptive UIs, while others are related to human factors such as the end-user acceptance of these UIs. Realizing the abstract properties illustrated in Fig. 1, could help in handling some of the technical and human problems related to adaptive UIs. Salehie and Tahvildari [2009] present a hierarchy of adaptability properties for software systems, referred to as self-* properties. This hierarchy demon...
Abstract. Software requirements consist of functionalities and qualities to be accommodated during design. Through goal-oriented requirements engineering, stakeholder goals are refined into a space of alternative functionalities. We adopt this framework and propose a decision-making process to generate a generic software design that can accommodate the full space of alternatives each of which can fulfill stakeholder goals. Specifically, we present a process for generating complementary design views from a goal model with high variability in configurations, behavioral specifications, architectures and business processes.
Abstract. The success of a business process (BP) depends on whether it meets its business goal as well as non-functional requirements associated with it. BP specifications frequently need to accommodate changing business priorities, varying client preferences, etc. However, since business process goals and preferences are rarely captured explicitly in the dominant BP modeling approaches, adapting business processes proves difficult. We propose a systematic requirements-driven approach for BP design and configuration management that uses requirements goal models to capture alternative process configurations and provides the ability to tailor deployed processes to changing business priorities or customer preferences (i.e., non-functional constraints) by configuring their corresponding goal models at the goal level. A set of design time and runtime tools for configuring business processes implemented using WS-BPEL is provided, allowing to easily change the behaviour of deployed BP instances at a high level, based on business priorities and stakeholder preferences.
Abstract-Studies have demonstrated the importance of good identifier names to program comprehension. It is unclear, however, whether poor naming has other effects that might impact maintenance effort, e.g. on code quality. We evaluated the quality of identifier names in 8 established open source Java applications libraries, using a set of 12 identifier naming guidelines. We found statistically significant associations between flawed identifiers (i.e. violating at least one guideline) and code quality issues reported by FindBugs, a static analysis tool.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.