The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Bellwether effect refers to the existence of exemplary projects (called the Bellwether) within a historical dataset to be used for improved prediction performance. Recent studies have shown an implicit assumption of using recently completed projects (referred to as moving window) for improved prediction accuracy. In this paper, we investigate the Bellwether effect on software effort estimation accuracy...
To improve software reliability, software defect prediction is utilized to assist developers in finding potential bugs and allocating their testing efforts. Traditional defect prediction studies mainly focus on designing hand-crafted features, which are input into machine learning classifiers to identify defective code. However, these hand-crafted features often fail to capture the semantic and structural...
Software applications contain valuable assets that, if compromised, can make the security of users at stake and cause huge monetary losses for software developers. Software protections are applied whenever assets' security is at risk as they delay successful attacks. Unfortunately, protections might have recognizable fingerprints that can expose the location of the assets, thus facilitating the attackers'...
In the presented work we predict the life expectancy of multi-part railway fail-safe signaling systems. The monitored electronic track circuits detect train locations and movement in real time, and issue alerts and warnings to prevent collisions. Based on 10 years of failure reports from the manufacturer of systems used by Railway Infrastructure Administration in the Czech Republic, we establish estimates...
The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript, and style sheets. A common programming error is the use of a wrong encoder to sanitize untrusted data, leaving the application vulnerable. We present a security...
Many applications in security, from understanding unfamiliar protocols to fuzz-testing and guarding against potential attacks, rely on analysing network protocols. In many situations we cannot rely on access to a specification or even an implementation of the protocol, and must instead rely on raw network data "sniffed" from the network. When this is the case, one of the key challenges is...
User interfaces which adapt based on usage patterns, for example based on frequency of use of certain features, have been proposed as a means of limiting the complexity of the user interface without specialising it unnecessarily to particular user profiles. However, from a software engineering perspective, adaptive user interfaces pose a challenge in code structuring, and separation of the different...
We consider the question of how to treat existing, context-based test inputs when contextual conditions change. Simply ignoring the voided inputs reduces confidence in the correctness of the system under test (SuT). Instead, we suggest to adjust the parameters of those inputs to the new conditions in a way that retains their original intention. This often comprises behavioral assumptions, e.g., because...
Despite all the efforts of the research community, buffer overflows remain one of the most dangerous bugs for modern IT systems. The problem is compounded by the fact that there are many developers who do not follow the basic rules of a secure software development lifecycle, supplying proprietary vulnerable products. To address this problem, the industry has proposed a number of techniques that perform...
In the recent times, software security has gained a great deal of attention in the Software Development Life Cycle due to increased cases of reported cyber threats and incidents. A considerable number of cyber-attacks targeting financial systems has made security be the most critical feature in banking systems. However, establishing security requirements for these applications can be a challenging...
An important step toward adoption of formal methods in software development is support for mainstream programming languages. Unfortunately, these languages are often rather complex and come with substantial standard libraries. However, by choosing a suitable intermediate language, most of the complexity can be delegated to existing execution-oriented (as opposed to verification-oriented) compiler...
Not only is Android the most widely used mobile operating system, more apps have been released and downloaded for Android than for any other OS. However, quality is an ongoing problem, with many apps being released with faults, sometimes serious faults. Because the structure of mobile app software differs from other types of software, testing is difficult and traditional methods do not work. Thus...
Spreadsheets often contain faults that are difficult to localize. Spectrum-based Fault Localization (SFL) assists users in the fault localization process by ranking cells by their suspiciousness to contain a fault. Since the ranking of the basic SFL approach is often imprecise, we propose three techniques to improve it, i.e., dynamic cones, grouping, and tie-breaking. We evaluate these techniques...
GUI exploration is a widely adopted technique to test GUI programs, which traverses the elements of screens during the user interaction and simultaneously constructs the GUI model to describe window transitions. Specific to Android apps, an elaborate GUI model should take Android characteristics into consideration. We propose a GUI exploration approach that dynamically acquires the information of...
Performance is an important aspect and critical requirement in multi-process software architecture systems such as Google Chrome. While interacting closely with members of the Google Chrome engineering team, we observed that they face a major challenge in detecting performance deviations between releases, because of their very high release frequency and therefore limited amount of data on each. This...
Analogy-based software effort estimation is a method to estimate the project cost of an unseen project based on analogies against previous projects sharing selected features. The validity of the selected features depends on many factors, and one of most crucial factors is the effectiveness of the datapreprocessing techniques applied to the datasets of the previous projects. In this paper, we report...
Identifying bug immediately when it is introduced can help improve the validity and effectiveness of bug fixing. Predicting bugs in software code changes makes such identification possible. Buggy changes, changes that introduce bugs into source code, can be viewed as anomalies relative to clean changes for that they are rare and irregular. Thus, anomaly detection techniques can be applied to buggy...
Many fault-proneness prediction models have been proposed in literature to identify fault-prone code in software systems. Most of the approaches use fault data history and supervised learning algorithms to build these models. However, since fault data history is not always available, some approaches also suggest using semi-supervised or unsupervised fault-proneness prediction models. The HySOM model,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.