Objective expertise evaluation of individuals,as a prerequisite stage for team formation,has been a long-term desideratum in large software development companies.With the rapid advancements in machine learning methods...Objective expertise evaluation of individuals,as a prerequisite stage for team formation,has been a long-term desideratum in large software development companies.With the rapid advancements in machine learning methods,based on reliable existing data stored in project management tools’datasets,automating this evaluation process becomes a natural step forward.In this context,our approach focuses on quantifying software developer expertise by using metadata from the task-tracking systems.For this,we mathematically formalize two categories of expertise:technology-specific expertise,which denotes the skills required for a particular technology,and general expertise,which encapsulates overall knowledge in the software industry.Afterward,we automatically classify the zones of expertise associated with each task a developer has worked on using Bidirectional Encoder Representations from Transformers(BERT)-like transformers to handle the unique characteristics of project tool datasets effectively.Finally,our method evaluates the proficiency of each software specialist across already completed projects from both technology-specific and general perspectives.The method was experimentally validated,yielding promising results.展开更多
Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that...Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code,posing security risks to dependent projects.Existing research addresses these challenges through Software Composition Analysis(SCA)for vulnerability detection and remediation.Nevertheless,current solutions may introduce additional issues,such as incompatibilities,dependency conflicts,and additional vulnerabilities.To address this,we propose Vulnerability Scan and Protection(VulnScanPro),a robust solution for detection and remediation vulnerabilities in Java projects.Specifically,VulnScanPro builds a finegrained method graph to identify unreachable methods.The method graph is mapped to the project’s dependency tree,constructing a comprehensive vulnerability propagation graph that identifies unreachable vulnerable APIs and dependencies.Based on this analysis,we propose three solutions for vulnerability remediation:(1)Removing unreachable vulnerable dependencies,thereby resolving security risks and reducing maintenance overhead.(2)Upgrading vulnerable dependencies to the closest non-vulnerable versions,while pinning the versions of transitive dependencies introduced by the vulnerable dependency,in order to mitigate compatibility issues and prevent the introduction of new vulnerabilities.(3)Eliminating unreachable vulnerable APIs,particularly when security patches are either incompatible or absent.Experimental results show that these solutions effectively mitigate vulnerabilities and enhance the overall security of the project.展开更多
文章基于地铁集团实际业务场景,设计了基于多模式出行的城际客票一体化系统。以MaaS(Mobility as a Service)理念为核心,构建软硬件协同架构,通过数据采集与传输、路径融合计算、用户界面交互及智能推荐算法实现路径动态优化机制,并以...文章基于地铁集团实际业务场景,设计了基于多模式出行的城际客票一体化系统。以MaaS(Mobility as a Service)理念为核心,构建软硬件协同架构,通过数据采集与传输、路径融合计算、用户界面交互及智能推荐算法实现路径动态优化机制,并以典型城际走廊为实验场景进行了模拟验证。实验结果表明,系统在响应速度、推荐准确性与用户满意度等方面均表现优越,具备良好的工程落地能力。展开更多
基金supported by the project“Romanian Hub for Artificial Intelligence-HRIA”,Smart Growth,Digitization and Financial Instruments Program,2021–2027,MySMIS No.334906.
文摘Objective expertise evaluation of individuals,as a prerequisite stage for team formation,has been a long-term desideratum in large software development companies.With the rapid advancements in machine learning methods,based on reliable existing data stored in project management tools’datasets,automating this evaluation process becomes a natural step forward.In this context,our approach focuses on quantifying software developer expertise by using metadata from the task-tracking systems.For this,we mathematically formalize two categories of expertise:technology-specific expertise,which denotes the skills required for a particular technology,and general expertise,which encapsulates overall knowledge in the software industry.Afterward,we automatically classify the zones of expertise associated with each task a developer has worked on using Bidirectional Encoder Representations from Transformers(BERT)-like transformers to handle the unique characteristics of project tool datasets effectively.Finally,our method evaluates the proficiency of each software specialist across already completed projects from both technology-specific and general perspectives.The method was experimentally validated,yielding promising results.
基金supported by the National Natural Science Foundation of China(Grant No.62141210)the Fundamental Research Funds for the Central Universities(Grant No.N2217005)+1 种基金Open Fund of State Key Lab.for Novel Software Technology,Nanjing University(KFKT2021B01)111 Project(B16009).
文摘Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code,posing security risks to dependent projects.Existing research addresses these challenges through Software Composition Analysis(SCA)for vulnerability detection and remediation.Nevertheless,current solutions may introduce additional issues,such as incompatibilities,dependency conflicts,and additional vulnerabilities.To address this,we propose Vulnerability Scan and Protection(VulnScanPro),a robust solution for detection and remediation vulnerabilities in Java projects.Specifically,VulnScanPro builds a finegrained method graph to identify unreachable methods.The method graph is mapped to the project’s dependency tree,constructing a comprehensive vulnerability propagation graph that identifies unreachable vulnerable APIs and dependencies.Based on this analysis,we propose three solutions for vulnerability remediation:(1)Removing unreachable vulnerable dependencies,thereby resolving security risks and reducing maintenance overhead.(2)Upgrading vulnerable dependencies to the closest non-vulnerable versions,while pinning the versions of transitive dependencies introduced by the vulnerable dependency,in order to mitigate compatibility issues and prevent the introduction of new vulnerabilities.(3)Eliminating unreachable vulnerable APIs,particularly when security patches are either incompatible or absent.Experimental results show that these solutions effectively mitigate vulnerabilities and enhance the overall security of the project.
文摘文章基于地铁集团实际业务场景,设计了基于多模式出行的城际客票一体化系统。以MaaS(Mobility as a Service)理念为核心,构建软硬件协同架构,通过数据采集与传输、路径融合计算、用户界面交互及智能推荐算法实现路径动态优化机制,并以典型城际走廊为实验场景进行了模拟验证。实验结果表明,系统在响应速度、推荐准确性与用户满意度等方面均表现优越,具备良好的工程落地能力。