2019
Nembhard, Fitzroy D.; Carvalho, Marco M.; Eskridge, Thomas C.
Towards the Application of Recommender Systems to Secure Coding Journal Article
In: EURASIP Journal on Information Security, vol. 2019, no. 1, pp. 9, 2019, ISBN: 2510-523X.
Abstract | Links | BibTeX | Tags: ab testing, bugs, code security, intellisense, java, minhash, recommender systems, simhash, software quality, user study, vulnerability detection
@article{nembhard_recommender_journal,
title = {Towards the Application of Recommender Systems to Secure Coding},
author = {Fitzroy D. Nembhard and Marco M. Carvalho and Thomas C. Eskridge},
url = {https://doi.org/10.1186/s13635-019-0092-4},
doi = {10.1186/s13635-019-0092-4},
isbn = {2510-523X},
year = {2019},
date = {2019-06-13},
urldate = {2019-06-13},
journal = {EURASIP Journal on Information Security},
volume = {2019},
number = {1},
pages = {9},
abstract = {Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and usability issues with existing code analysis tools. Therefore, it is essential to create tools that address these issues and concerns. This article features the proposal, development, and evaluation of a recommender system that uses text mining techniques, coupled with IntelliSense technology, to recommend fixes for potential vulnerabilities in program code. The resulting system mines a large code base of over 1.6 million Java files using the MapReduce methodology, creating a knowledge base for a recommender system that provides fixes for taint-style vulnerabilities. Formative testing and a usability study determined that surveyed participants strongly believed that a recommender system would help programmers write more secure code.},
keywords = {ab testing, bugs, code security, intellisense, java, minhash, recommender systems, simhash, software quality, user study, vulnerability detection},
pubstate = {published},
tppubtype = {article}
}
Slhoub, Khaled; Nembhard, Fitzroy; Carvalho, Marco
A Metrics Tracking Program for Promoting High-Quality Software Development Proceedings Article
In: 2019 SoutheastCon, pp. 1-8, 2019.
Abstract | Links | BibTeX | Tags: coding standards, defect density, eclipse, Goal-Questions-Metrics, GQM, java, logging standards, maintainability, plugin, Qualitative Risk Ranking Matrix, software engineering, software quality, software requirements, teamwork
@inproceedings{metricsTracking,
title = {A Metrics Tracking Program for Promoting High-Quality Software Development},
author = {Khaled Slhoub and Fitzroy Nembhard and Marco Carvalho},
doi = {10.1109/SoutheastCon42311.2019.9020395},
year = {2019},
date = {2019-04-11},
urldate = {2019-04-11},
booktitle = {2019 SoutheastCon},
pages = {1-8},
abstract = {There has been substantial focus on software metrics over the last few decades. However, many activities within software engineering are often qualitative and are not consonant with automated approaches. Consequently, there are few tools to measure software development quality or to assess teamwork contribution. This paper uses ideas from the Goal-Questions-Metrics (GQM) paradigm to propose a set of metrics to track product and process quality throughout the software development process. The proposed metrics program consists of a set of quality metrics and associated standards that will encourage software development teams to produce high-quality products. We also propose a framework for a tool that implements the metrics tracking program and demonstrate its utility by developing an Eclipse plugin based on the proposed quality metrics.},
keywords = {coding standards, defect density, eclipse, Goal-Questions-Metrics, GQM, java, logging standards, maintainability, plugin, Qualitative Risk Ranking Matrix, software engineering, software quality, software requirements, teamwork},
pubstate = {published},
tppubtype = {inproceedings}
}
Slhoub, Khaled; Carvalho, Marco; Nembhard, Fitzroy
Evaluation and Comparison of Agent-Oriented Methodologies: A Software Engineering Viewpoint Proceedings Article
In: 2019 IEEE International Systems Conference (SysCon), pp. 1-8, 2019.
Abstract | Links | BibTeX | Tags: agent, AOSE, MaSE, PASSI, Prometheus, software engineering, software quality, software requirements, standards, SWEBOK
@inproceedings{AOSEEvaluation,
title = {Evaluation and Comparison of Agent-Oriented Methodologies: A Software Engineering Viewpoint},
author = {Khaled Slhoub and Marco Carvalho and Fitzroy Nembhard},
doi = {10.1109/SYSCON.2019.8836962},
year = {2019},
date = {2019-04-08},
urldate = {2019-04-08},
booktitle = {2019 IEEE International Systems Conference (SysCon)},
pages = {1-8},
abstract = {Numerous agent-oriented methodologies that offer a rich pool of resources to support developers of agent-based systems have been proposed. However, the use of existing methodologies in industrial settings is still limited due to the large volume of methodologies, diversity of covered scopes, ambiguity in concepts, and lack of maturity. This makes it difficult for agent technology practitioners to choose the appropriate methodology that best fits their given development context. To eliminate such agent-based development bottleneck, it is important to introduce suitable methods for evaluating, comparing, and classifying agent-oriented methodologies in order to leverage their usage among practitioners. Having systems to evaluate methodologies can effectively help developers better understand existing methodologies, realize their benefits, outline their pros and cons, and assist practitioners with selecting the best-fit methodology for a specific agent-based project. In response, this paper proposes a novel criteria-based evaluation that is influenced by software engineering practices to assess and compare agent-oriented methodologies. The proposed evaluation is derived from the software engineering body of knowledge (SWEBOK) and provides a simplified method to assess the coverage degree of an agent-oriented methodology with respect to major software knowledge areas such as the requirements and testing phases. We demonstrate the applicability of the proposed evaluation by applying it to three agent-oriented methodologies (PASSI, MaSE, and Prometheus) in the software engineering requirements and testing phases.},
keywords = {agent, AOSE, MaSE, PASSI, Prometheus, software engineering, software quality, software requirements, standards, SWEBOK},
pubstate = {published},
tppubtype = {inproceedings}
}