Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniq...Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.展开更多
Testing-effort(TE) and imperfect debugging(ID) in the reliability modeling process may further improve the fitting and prediction results of software reliability growth models(SRGMs). For describing the S-shaped...Testing-effort(TE) and imperfect debugging(ID) in the reliability modeling process may further improve the fitting and prediction results of software reliability growth models(SRGMs). For describing the S-shaped varying trend of TE increasing rate more accurately, first, two S-shaped testing-effort functions(TEFs), i.e.,delayed S-shaped TEF(DS-TEF) and inflected S-shaped TEF(IS-TEF), are proposed. Then these two TEFs are incorporated into various types(exponential-type, delayed S-shaped and inflected S-shaped) of non-homogeneous Poisson process(NHPP)SRGMs with two forms of ID respectively for obtaining a series of new NHPP SRGMs which consider S-shaped TEFs as well as ID. Finally these new SRGMs and several comparison NHPP SRGMs are applied into four real failure data-sets respectively for investigating the fitting and prediction power of these new SRGMs.The experimental results show that:(i) the proposed IS-TEF is more suitable and flexible for describing the consumption of TE than the previous TEFs;(ii) incorporating TEFs into the inflected S-shaped NHPP SRGM may be more effective and appropriate compared with the exponential-type and the delayed S-shaped NHPP SRGMs;(iii) the inflected S-shaped NHPP SRGM considering both IS-TEF and ID yields the most accurate fitting and prediction results than the other comparison NHPP SRGMs.展开更多
Software engineering(SE) courses are confronted with predicaments how to cultivate students' engineering concept and how to abridge the distance between the academy and industry.The "Computing and Software En...Software engineering(SE) courses are confronted with predicaments how to cultivate students' engineering concept and how to abridge the distance between the academy and industry.The "Computing and Software Engineering,III(CSE III)" helps students mimic a real-world software development and broaden realworld SE view.With the spiral model as the main development model,the CSE III course includes not only the SE theory knowledge,but also quick learning,team cooperation,development management and risk management skills which meet the real-world industry requirements.Our contribution is providing an introductory course for multiple dimensions of knowledge,creating a real-world software development circumstance for students under quantitative control and designing a systematic and practical evaluation mechanism which stimulates the interests of students.CSE III has been executed from 2009 and obtains a valuable teaching and learning effects among our teachers,TAs and students;and we add refinements to the course according to feedbacks of participants.This paper will describe the design and practice of the CSE III course.展开更多
Software product lines have recently been presented as one of the best promis-ing improvements for the efficient software development. Different research works contribute supportive parameters and negotiations regardi...Software product lines have recently been presented as one of the best promis-ing improvements for the efficient software development. Different research works contribute supportive parameters and negotiations regarding the prob-lems of producing a perfect software scheme. Traditional approaches or recy-cling software are not effective to solve the problems concerning software competence. Since fast developments with software engineering in the past few years, studies show that some approaches are getting extensive attention in both industries and universities. This method is categorized as the software product line improvement;that supports reusing of software in big organizations. Different industries are adopting product lines to enhance efficiency and reduce operational expenses by way of emerging product developments. This research paper is formed to offer in-depth study regarding the software engineering issues such as complexity, conformity, changeability, invisibility, time constraints, budget constraints, and security. We have conducted various research surveys by visiting different professional software development organizations and took feedback from the professional software engineers to analyze the real-time problems that they are facing during the development process of software systems. Survey results proved that complexity is a most occurring issue that most software developers face while developing software applications. Moreover, invisibility is the problem that rarely happens according to the survey.展开更多
文摘Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.
基金supported by the Pre-research Foundation of CPLA General Equipment Department
文摘Testing-effort(TE) and imperfect debugging(ID) in the reliability modeling process may further improve the fitting and prediction results of software reliability growth models(SRGMs). For describing the S-shaped varying trend of TE increasing rate more accurately, first, two S-shaped testing-effort functions(TEFs), i.e.,delayed S-shaped TEF(DS-TEF) and inflected S-shaped TEF(IS-TEF), are proposed. Then these two TEFs are incorporated into various types(exponential-type, delayed S-shaped and inflected S-shaped) of non-homogeneous Poisson process(NHPP)SRGMs with two forms of ID respectively for obtaining a series of new NHPP SRGMs which consider S-shaped TEFs as well as ID. Finally these new SRGMs and several comparison NHPP SRGMs are applied into four real failure data-sets respectively for investigating the fitting and prediction power of these new SRGMs.The experimental results show that:(i) the proposed IS-TEF is more suitable and flexible for describing the consumption of TE than the previous TEFs;(ii) incorporating TEFs into the inflected S-shaped NHPP SRGM may be more effective and appropriate compared with the exponential-type and the delayed S-shaped NHPP SRGMs;(iii) the inflected S-shaped NHPP SRGM considering both IS-TEF and ID yields the most accurate fitting and prediction results than the other comparison NHPP SRGMs.
文摘Software engineering(SE) courses are confronted with predicaments how to cultivate students' engineering concept and how to abridge the distance between the academy and industry.The "Computing and Software Engineering,III(CSE III)" helps students mimic a real-world software development and broaden realworld SE view.With the spiral model as the main development model,the CSE III course includes not only the SE theory knowledge,but also quick learning,team cooperation,development management and risk management skills which meet the real-world industry requirements.Our contribution is providing an introductory course for multiple dimensions of knowledge,creating a real-world software development circumstance for students under quantitative control and designing a systematic and practical evaluation mechanism which stimulates the interests of students.CSE III has been executed from 2009 and obtains a valuable teaching and learning effects among our teachers,TAs and students;and we add refinements to the course according to feedbacks of participants.This paper will describe the design and practice of the CSE III course.
文摘Software product lines have recently been presented as one of the best promis-ing improvements for the efficient software development. Different research works contribute supportive parameters and negotiations regarding the prob-lems of producing a perfect software scheme. Traditional approaches or recy-cling software are not effective to solve the problems concerning software competence. Since fast developments with software engineering in the past few years, studies show that some approaches are getting extensive attention in both industries and universities. This method is categorized as the software product line improvement;that supports reusing of software in big organizations. Different industries are adopting product lines to enhance efficiency and reduce operational expenses by way of emerging product developments. This research paper is formed to offer in-depth study regarding the software engineering issues such as complexity, conformity, changeability, invisibility, time constraints, budget constraints, and security. We have conducted various research surveys by visiting different professional software development organizations and took feedback from the professional software engineers to analyze the real-time problems that they are facing during the development process of software systems. Survey results proved that complexity is a most occurring issue that most software developers face while developing software applications. Moreover, invisibility is the problem that rarely happens according to the survey.
