2019
Nembhard, Fitzroy D.; Carvalho, Marco M.; Eskridge, Thomas C.
Towards the Application of Recommender Systems to Secure Coding Journal Article
In: EURASIP Journal on Information Security, vol. 2019, no. 1, pp. 9, 2019, ISBN: 2510-523X.
Abstract | Links | BibTeX | Tags: ab testing, bugs, code security, intellisense, java, minhash, recommender systems, simhash, software quality, user study, vulnerability detection
@article{nembhard_recommender_journal,
title = {Towards the Application of Recommender Systems to Secure Coding},
author = {Fitzroy D. Nembhard and Marco M. Carvalho and Thomas C. Eskridge},
url = {https://doi.org/10.1186/s13635-019-0092-4},
doi = {10.1186/s13635-019-0092-4},
isbn = {2510-523X},
year = {2019},
date = {2019-06-13},
urldate = {2019-06-13},
journal = {EURASIP Journal on Information Security},
volume = {2019},
number = {1},
pages = {9},
abstract = {Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and usability issues with existing code analysis tools. Therefore, it is essential to create tools that address these issues and concerns. This article features the proposal, development, and evaluation of a recommender system that uses text mining techniques, coupled with IntelliSense technology, to recommend fixes for potential vulnerabilities in program code. The resulting system mines a large code base of over 1.6 million Java files using the MapReduce methodology, creating a knowledge base for a recommender system that provides fixes for taint-style vulnerabilities. Formative testing and a usability study determined that surveyed participants strongly believed that a recommender system would help programmers write more secure code.},
keywords = {ab testing, bugs, code security, intellisense, java, minhash, recommender systems, simhash, software quality, user study, vulnerability detection},
pubstate = {published},
tppubtype = {article}
}
Slhoub, Khaled; Nembhard, Fitzroy; Carvalho, Marco
A Metrics Tracking Program for Promoting High-Quality Software Development Proceedings Article
In: 2019 SoutheastCon, pp. 1-8, 2019.
Abstract | Links | BibTeX | Tags: coding standards, defect density, eclipse, Goal-Questions-Metrics, GQM, java, logging standards, maintainability, plugin, Qualitative Risk Ranking Matrix, software engineering, software quality, software requirements, teamwork
@inproceedings{metricsTracking,
title = {A Metrics Tracking Program for Promoting High-Quality Software Development},
author = {Khaled Slhoub and Fitzroy Nembhard and Marco Carvalho},
doi = {10.1109/SoutheastCon42311.2019.9020395},
year = {2019},
date = {2019-04-11},
urldate = {2019-04-11},
booktitle = {2019 SoutheastCon},
pages = {1-8},
abstract = {There has been substantial focus on software metrics over the last few decades. However, many activities within software engineering are often qualitative and are not consonant with automated approaches. Consequently, there are few tools to measure software development quality or to assess teamwork contribution. This paper uses ideas from the Goal-Questions-Metrics (GQM) paradigm to propose a set of metrics to track product and process quality throughout the software development process. The proposed metrics program consists of a set of quality metrics and associated standards that will encourage software development teams to produce high-quality products. We also propose a framework for a tool that implements the metrics tracking program and demonstrate its utility by developing an Eclipse plugin based on the proposed quality metrics.},
keywords = {coding standards, defect density, eclipse, Goal-Questions-Metrics, GQM, java, logging standards, maintainability, plugin, Qualitative Risk Ranking Matrix, software engineering, software quality, software requirements, teamwork},
pubstate = {published},
tppubtype = {inproceedings}
}