Abstract: The classical method for identifying cause-effect relationships is to conduct controlled experiments. This paper reports upon the present state of how controlled experiments in software engineering are conducted and the extent to which relevant information is reported. Among the 5,453 scientific articles published in 12 leading software engineering journals and conferences in the decade from 1993 to 2002, 103 articles (1.9 percent) reported controlled experiments in which individuals or teams performed one or more software engineering tasks. This survey quantitatively characterizes the topics of the experiments and their subjects (number of subjects, students versus professionals, recruitment, and rewards for participation), tasks (type of task, duration, and type and size of application) and environments (location, development tools). Furthermore, the survey reports on how internal and external validity is addressed and the extent to which experiments are replicated. The gathered data reflects the relevance of software engineering experiments to industrial practice and the scientific maturity of software engineering research.

Abstract: Software engineering is an intensively people-oriented activity, yet too little is known about how designers, maintainers, requirements analysts and all other types of software engineers perform their work. In order to improve software engineering tools and practice, it is therefore essential to conduct field studies, i.e. to study real practitioners as they solve real problems. To do so effectively, however, requires an understanding of the techniques most suited to each type of field study task. In this paper, we provide a taxonomy of techniques, focusing on those for data collection. The taxonomy is organized according to the degree of human intervention each requires. For each technique, we provide examples from the literature, an analysis of some of its advantages and disadvantages, and a discussion of how to use it effectively. We also briefly talk about field study design in general, and data analysis.

Abstract: Development of software product families relies heavily on the use of variability to manage the differences between products by delaying design decisions to later stages of the development and usage of the constructed software systems. Implementation of variability is not a trivial task, and is governed by a number of factors. In this paper, we describe the factors that are relevant in determining how to implement variability, and present a taxonomy of variability realization techniques. Copyright (c) 2005 John Wiley & Sons, Ltd.

Abstract: Mining software repositories at the source code level can provide a greater understanding of how software evolves. We present a tool for quickly comparing the source code of different versions of a C program. The approach is based on partial abstract syntax tree matching, and can track simple changes to global variables, types and functions. These changes can characterize aspects of software evolution useful for answering higher level questions. In particular, we consider how they could be used to inform the design of a dynamic software updating system. We report results based on measurements of various versions of popular open source programs. including BIND, OpenSSH, Apache, Vsftpd and the Linux kernel.

Abstract: Quality assurance and testing organizations are tasked with the broad objective of assuring that a software application fulfills its functional business requirements. Such testing most often involves running a series of dynamic functional tests to ensure proper implementation of the application's features. However, because security is not a feature or even a set of features, security testing doesn't directly fit into this paradigm

Abstract: We may not be able to make you love reading, but software product line engineering will lead you to love reading starting from now. Book is the window to open the new world. The world that you want is in the better stage and level. World will always guide you to even the prestige stage of the life. You know, this is some of how reading will give you the kindness. In this case, more books you read more knowledge you know, but it can mean also the bore is full.

Abstract: Taxonomies can help software developers and security practitioners understand the common coding mistakes that affect security. The goal is to help developers avoid making these mistakes and more readily identify security problems whenever possible. Because developers today are by and large unaware of the security problems they can (unknowingly) introduce into code, a taxonomy of coding errors should provide a real tangible benefit to the software security community. Although the taxonomy proposed here is incomplete and imperfect, it provides an important first step. It focuses on collecting common errors and explaining them in a way that makes sense to programmers. This new taxonomy is made up of two distinct kinds of sets, which we're stealing from biology: a phylum (a type of coding error, such as illegal pointer value) and a kingdom (a collection of phyla that shares a common theme, such as input validation and representation). Both kingdoms and phyla naturally emerge from a soup of coding rules relevant to enterprise software, and it's for this reason that this taxonomy is likely to be incomplete and might lack certain coding errors. In some cases, it's easier and more effective to talk about a category of errors than to talk about any particular attack. Although categories are certainly related to attacks, they aren't the same as attack patterns.

Abstract: In this paper, a scheme for constructing software reliability growth model based on Non-Homogeneous Poisson Process is proposed. The main focus is to provide a method for software reliability modeling, which considers both testing-effort and change-point. In the vast literature, most researchers assume a constant detection rate per fault in deriving their software reliability models. They suppose that all faults have equal probability of being detected during the software testing process, and the rate remains constant over the intervals between fault occurrences. In reality, the fault detection rate strongly depends on the skill of test teams, program size, and software testability. Therefore, it may not be smooth and can be changed. On the other hand, sometimes we have to detect more additional faults in order to reach the desired reliability objective during testing. It is advisable for project managers to purchase new automated test tool, technology or additional manpower. These approaches can provide a conspicuous improvement in software testing and productivity. In this case, the fault detection rate will be changed during the software development process. Therefore, here we incorporate both generalized logistic testing-effort function and change-point parameter into software reliability modeling. New theorems are proposed and software testing data collected from real application are utilized to illustrate the proposed model. Experimental results show that the proposed framework to incorporate both testing-effort and change-point for SRGM has a fairly accurate prediction capability.

Abstract: This invention relates to methods and a system for developing software. In one embodiment, a method for developing software includes communicating a specification for the design of a software program to a first plurality of developers, in response to the specification, receiving a design from a subset of the developers to a subset of the developers, facilitating a design review process for scoring the designs, selecting one design based on its score, communicating the selected design to a second plurality of software developers, in response to the design, receiving software programs from a subset of the second plurality of developers, facilitating a software review process for scoring the programs, and selecting one program based on its score. In another embodiment, a method for the distributed development of software includes providing a software development system to a distributed community of developers, the system including software development software that utilizes a structured development methodology, a communication server, and a review board for determining the quality of submitted software; accepting a request to create a software program; and facilitating the development of the program by a subset of the distributed community of developers using the software development system.

Abstract: This short tutorial introduces the fundamental activities of RE (requirements engineering) and discusses how it has evolved as a part of the software engineering process. However, rather than focusing on the established RE techniques, the author discusses how the changing nature of software engineering has led to the new challenges in RE. The author then introduces a number of new techniques that helps us to meet these challenges by integrating RE more closely with other systems implementation activities.

Abstract: The wide-variety of real-time software systems, including telecontrol/telepresence systems, robotic systems, and mission planning systems, can entail dynamic code synthesis based on runtime mission-specific requirements and operating conditions. This necessitates the need for dynamic dependability assessment to ensure that these systems perform as specified and not fail in catastrophic ways. One approach in achieving this is to dynamically assess the modules in the synthesized code using software defect prediction techniques. Statistical models; such as stepwise multi-linear regression models and multivariate models, and machine learning approaches, such as artificial neural networks, instance-based reasoning, Bayesian-belief networks, decision trees, and rule inductions, have been investigated for predicting software quality. However, there is still no consensus about the best predictor model for software defects. In this paper; we evaluate different predictor models on four different real-time software defect data sets. The results show that a combination of IR and instance-based learning along with the consistency-based subset evaluation technique provides a relatively better consistency in accuracy prediction compared to other models. The results also show that "size" and "complexity" metrics are not sufficient for accurately predicting real-time software defects.

Abstract: In the 21st century our society is becoming more and more dependent on software systems. The safety of these systems and the quality of our lives is increasingly dependent on the quality of such systems. A key element in the manufacture and quality assurance process in software engineering is the testing of software and hardware systems. The construction of efficient combinatorial covering suites has important applications in the testing of hardware and software. In this paper we define the general problem, discuss the lower bounds on the size of covering suites, and give a series of constructions that achieve these bounds asymptotically. These constructions include the use of finite field theory, extremal set theory, group theory, coding theory, combinatorial recursive techniques, and other areas of computer science and mathematics. The study of these combinatorial covering suites is a fascinating example of the interplay between pure mathematics and the applied problems generated by software and hardware engineers. The wide range of mathematical techniques used, and the often unexpected applications of combinatorial covering suites make for a rewarding study.

Abstract: Software reuse enables developers to leverage past accomplishments and facilitates significant improvements in software productivity and quality. Software reuse catalyzes improvements in productivity by avoiding redevelopment and improvements in quality by incorporating components whose reliability has already been established. This study addresses a pivotal research issue that underlies software reuse - what factors characterize successful software reuse in large-scale systems. The research approach is to investigate, analyze, and evaluate software reuse empirically by mining software repositories from a NASA software development environment that actively reuses software. This software environment successfully follows principles of reuse-based software development in order to achieve an average reuse of 32 percent per project, which is the average amount of software either reused or modified from previous systems. We examine the repositories for 25 software systems ranging from 3,000 to 112,000 source lines from this software environment. We analyze four classes of software modules: modules reused without revision, modules reused with slight revision (<25 percent revision), modules reused with major revision (/spl ges/25 percent revision), and newly developed modules. We apply nonparametric statistical models to compare numerous development variables across the 2,954 software modules in the systems. We identify two categories of factors that characterize successful reuse-based software development of large-scale systems: module design factors and module implementation factors. We also evaluate the fault rates of the reused, modified, and newly developed modules. The module design factors that characterize module reuse without revision were (after normalization by size in source lines): few calls to other system modules, many calls to utility functions, few input-output parameters, few reads and writes, and many comments. The module implementation factors that characterize module reuse without revision were small size in source lines and (after normalization by size in source lines): low development effort and many assignment statements. The modules reused without revision had the fewest faults, fewest faults per source line, and lowest fault correction effort. The modules reused with major revision had the highest fault correction effort and highest fault isolation effort as wed as the most changes, most changes per source line, and highest change correction effort. In conclusion, we outline future research directions that build on these software reuse ideas and strategies.

Abstract: The purpose of this text is to survey recent advances in the development of software tools for scientific computing It emphasizes the design of large software codes, computational efficiency, object-oriented programming, reliability of numerical software and parallel computing

Abstract: To make software maintenance easier, a superior quality of its design and implementation process must be ensured. For this reason, existing software must be supported by automated systems for analysis, diagnose and design improvement, at a high level as well as at a level close to source code. iPlasma is an integrated environment for quality analysis of objectoriented software systems that includes support for all the necessary phases of analysis: from model extraction (including scalable parsing for C++ and Java) up to high-level metricsbased analysis, or detection of code duplication. iPlasma has three major advantages: extensibility of supported analysis, integration with further analysis tools and scalability, as it was used in the past to analyze large-scale projects in the size of millions of code lines (e.g. Eclipse and Mozilla).

Abstract: Many projects currently used in Software Engineering curricula lack both the "fun factor" needed to engage students, as well as the practical realism of engineering projects that include other computer science disciplines such as Software Engineering, Networks, or Human Computer Interaction. This paper reports on our endeavor to enhance interest and retention in an existing Software Engineering curriculum through the use of computer game-based projects. Specifically, a set of game-centric, project-based modules have been developed that enable students to: (1) actively participate in the different phases of the software lifecycle taking a single project from requirement elicitation to testing and maintenance; (2) expose students to real issues in project and team management over the course of a 2-semester project; and at the same time (3) introduce students to the different aspects of computer game design. Preliminary results suggest the merits of our approach, showing improved class participation and performance.

Abstract: In this paper, we study the impact of software testing effort & efficiency on the modeling of software reliability, including the cost for optimal release time. This paper presents two important issues in software reliability modeling & software reliability economics: testing effort, and efficiency. First, we propose a generalized logistic testing-effort function that enjoys the advantage of relating work profile more directly to the natural flow of software development, and can be used to describe the possible testing-effort patterns. Furthermore, we incorporate the generalized logistic testing-effort function into software reliability modeling, and evaluate its fault-prediction capability through several numerical experiments based on real data. Secondly, we address the effects of new testing techniques or tools for increasing the efficiency of software testing. Based on the proposed software reliability model, we present a software cost model to reflect the effectiveness of introducing new technologies. Numerical examples & related data analyzes are presented in detail. From the experimental results, we obtain a software economic policy which provides a comprehensive analysis of software based on cost & test efficiency. Moreover, the policy can also help project managers determine when to stop testing for market release at the right time.

Abstract: Most software-development groups have embarrassing records: By some accounts, more than half of all software projects are significantly late and over budget, and nearly a quarter of them are cancelled without ever being completed. Although developers recognize that unrealistic schedules, inadequate resources, and unstable requirements are often to blame for such failures, few know how to solve these problems. Fortunately, the Personal Software Process (PSP) provides a clear and proven solution. Comprising precise methods developed over many years by Watts S. Humphrey and the Software Engineering Institute (SEI), the PSP has successfully transformed work practices in a wide range of organizations and has already produced some striking results.This book describes the PSP and is the definitive guide and reference for its latest iteration. PSP training focuses on the skills required by individual software engineers to improve their personal performance. Once learned and effectively applied, PSP-trained engineers are qualified to participate on a team using the Team Software Process (TSP), the methods for which are described in the final chapter of the book. The goal for both PSP and TSP is to give developers exactly what they need to deliver quality products on predictable schedules.PSPSM: A Self-Improvement Process for Software Engineers presents a disciplined process for software engineers and anyone else involved in software development. This process includes defect management, comprehensive planning, and precise project tracking and reporting.The book first scales down industrial software practices to fit the needs of the module-sized program development, then walks readers through a progressive sequence of practices that provide a sound foundation for large-scale software development. By doing the exercises in the book, and using the PSP methods described here to plan, evaluate, manage, and control the quality of your own work, you will be well prepared to apply those methods on ever larger and more critical projects.Drawing on the author's extensive experience helping organizations to achieve their development goals, and with the PSP benefits well illustrated, the book presents the process in carefully crafted steps. The first chapter describes overall principles and strategies. The next two explain how to follow a defined process, as well as how to gather and use the data required to manage a programming job. Several chapters then cover estimating and planning, followed by quality management and design. The last two chapters show how to put the PSP to work, and how to use it on a team project. A variety of support materials for the book, as described in the Preface, are available on the Web.If you or your organization are looking for a way to improve your project success rate, the PSP could well be your answer.

Abstract: UPPAAL-TRON is a new tool for model based online black-box conformance testing of real-time embedded systems specified as timed automata. In this paper we present our experiences in applying our tool and technique on an industrial case study. We conclude that the tool and technique is applicable to practical systems, and that it has promising error detection potential and execution performance.

Abstract: While often defined in informal ways, software cohesion reflects important properties of modules in a software system. Cohesion measurement has been used for quality assessment, fault proneness prediction, software modularization, etc. Existing approaches to cohesion measurement in object-oriented software are largely based on the structural information of the source code, such as attribute references in methods. These measures reflect particular interpretations of cohesion and try to capture different aspects of cohesion and no single cohesion metric or suite is accepted as standard measurement for cohesion. The paper proposes a new set of measures for the cohesion of individual classes within an OO software system, based on the analysis of the semantic information embedded in the source code, such as comments and identifiers. A case study on open source software is presented, which compares the new measures with an extensive set of existing metrics. The differences and similarities among the approaches and results are discussed and analyzed.

Abstract: Despite the advances of the electronic technologies in e-learning, a consolidated evaluation methodology for e-learning applications does not yet exist. The goal of e-learning is to offer the users the possibility to become skillful and acquire knowledge on a new domain. The evaluation of educational software must consider its pedagogic effectiveness as well as its usability. The design of its interface should take into account the way students learn and also provide good usability so that student's interactions with the software are as natural and intuitive as possible. In this paper, we present the results obtained from a first phase of observation and analysis of the interactions of people with e-learning applications. The aim is to provide a methodology for evaluating such applications.

Abstract: The software development process imposes major impacts on the quality of software at every development stage; therefore, a common goal of each software development phase concerns how to improve software quality. Software quality prediction thus aims to evaluate software quality level periodically and to indicate software quality problems early. In this paper, we propose a novel technique to predict software quality by adopting support vector machine (SVM) in the classification of software modules based on complexity metrics. Because only limited information of software complexity metrics is available in early software life cycle, ordinary software quality models cannot make good predictions generally. It is well known that SVM generalizes well even in high dimensional spaces under small training sample conditions. We consequently propose a SVM-based software classification model, whose characteristic is appropriate for early software quality predictions when only a small number of sample data are available. Experimental results with a medical imaging system software metrics data show that our SVM prediction model achieves better software quality prediction than some commonly used software quality prediction models

Abstract: To aid software analysis and maintenance tasks, a number of software clustering algorithms have been proposed to automatically partition a software system into meaningful subsystems or clusters. However, it is unknown whether these algorithms produce similar meaningful clusterings for similar versions of a real-life software system under continual change and growth. This paper describes a comparative study of six software clustering algorithms. We applied each of the algorithms to subsequent versions from five large open source systems. We conducted comparisons based on three criteria respectively: stability (Does the clustering change only modestly as the system undergoes modest updating?), authoritative-ness (Does the clustering reasonably approximate the structure an authority provides?) and extremity of cluster distribution (Does the clustering avoid huge clusters and many very small clusters?). Experimental results indicate that the studied algorithms exhibit distinct characteristics. For example, the clusterings from the most stable algorithm bear little similarity to the implemented system structure, while the clusterings from the least stable algorithm has the best cluster distribution. Based on obtained results, we claim that current automatic clustering algorithms need significant improvement to provide continual support for large software projects.

Abstract: When trying to incorporate security into a program, software developers face either too much theoretical information that they cannot apply or exhaustive and discouraging recommendation lists. This article gives an overview of security concerns at each step of a project's life cycle.

Abstract: The importance of software measurement is increasing leading to development of new measurement techniques. Reusing existing software components is a key feature in increasing software productivity. It is one of the key elements in object-oriented programming, which reduces the cost and increases the quality of the software. An important feature of C++ called templates support generic programming, which allows the programmer to develop reusable software modules such as functions, classes, etc. The need for software reusability metrics is particularly acute for an organization in order to measure the degree of generic programming included in the form of templates in code. This research addresses this need and introduces a new set of metrics for object-oriented software. Two metrics are proposed for measuring amount of genericty included in the code and then analytically evaluated against Weyuker's set of nine axioms. This set of metrics is then applied to standard projects and accordingly ways in which project managers can use these metrics are suggested.

Abstract: The Tonatiuh project is underway at the University of Texas at Brownsville under the DOE-NREL Minority University Research Associate (MURA) Program Subcontract. It intends to improve the cost-effectiveness of solar energy technologies by advancing the state-of-the-art of the simulation tools available for the design and analysis of solar concentrating systems. The project includes the design, development, implementation, verification and validation of Tonatiuh: an open-source advanced object-oriented program, that using distributed computing, Monte-Carlo Ray tracing, and the best 3-D user interface technologies available today, will provide a sophisticated and efficient software environment for the design and analysis of solar concentrating systems. This paper presents an overview of the Tonatiuh Software Development Project, emphasizing the software design aspects of the project, and the scientific relevance of the program.Copyright © 2005 by ASME