66 research outputs found

    Do all task dependencies require coordination? The role of task properties in identifying critical coordination needs in software projects

    No full text
    Several methods exist to detect the coordination needs within software teams. Evidence exists that developers' awareness about coordination needs improves work performance. Distinguishing with certainty between critical and trivial coordination needs and identifying and prioritizing which specific tasks a pair of developers should coordinate about remains an open problem. We investigate what work dependencies should be considered when establishing coordination needs within a development team. We use our conceptualization of work dependencies named Proximity and leverage machine learning techniques to analyze what additional task properties are indicative of coordination needs. In a case study of the Mylyn project, we were able to identify from all potential coordination requirements a subset of 17% that are most critical. We define critical coordination requirements as those that can cause the most disruption to task duration when left unmanaged. These results imply that coordination awareness tools could be enhanced to make developers aware of only the coordination needs that can bring about the highest performance benefit.http://dl.acm.org/citation.cfm?id=249141

    Challenges and Strategies for Managing Requirements Selection in Software Ecosystems

    No full text
    Damian D, Linaker J, Johnson D, Clear T, Blincoe K. Challenges and Strategies for Managing Requirements Selection in Software Ecosystems. IEEE Software. 2021;38(6):76-87.In platform software ecosystems, organizations partner and innovate together. Success and innovation depend on managing complex sets of business relationships and stakeholders and using a requirements-selection process. We describe the associated challenges and strategies from the study of two large proprietary platform ecosystems

    Classification of software forum data with machine learning

    No full text
    Full Text is available to authenticated members of The University of Auckland only.App reviews and tweets from Twitter are currently being studied as the main source of information for analysing diferent aspects of software development. However, software related information does not only occur on these two platforms. Software forums are another source of software related information, with popular forums having millions of registered users and an active community. This thesis examines the content of software forums to determine whether or not software forums contain information to support the development of software. The data composition found in forums is compared to Play Store review data, and it was discovered that software forums contain more than double the amount of relevant information compared to Play Store review data. Using existing tools built for Play Store data to classify software forum data led to disappointing results. A new classifcation process is developed in this thesis to examine the feasibility of automatically classifying software forum data. The result showed that 74% recall and precision value can be achieved by using Metadata features and text features. The result of this study impact the design of potential new classifcation tools built to collect software requirements from software forums

    Dynamic Prediction of Delays in Software Projects using Delay Patterns and Bayesian Modeling

    No full text
    Modern agile software projects are subject to constant change, making it essential to re-asses overall delay risk throughout the project life cycle. Existing effort estimation models are static and not able to incorporate changes occurring during project execution. In this paper, we propose a dynamic model for continuously predicting overall delay using delay patterns and Bayesian modeling. The model incorporates the context of the project phase and learns from changes in team performance over time. We apply the approach to real-world data from 4,040 epics and 270 teams at ING. An empirical evaluation of our approach and comparison to the state-of-the-art demonstrate significant improvements in predictive accuracy. The dynamic model consistently outperforms static approaches and the state-of-the-art, even during early project phases.Software EngineeringSoftware Technolog

    CRYSTALLIZER: A Hybrid Path Analysis Framework to Aid in Uncovering Deserialization Vulnerabilities

    No full text
    Applications use serialization and deserialization to exchange data. Serialization allows developers to exchange messages or perform remote method invocation in distributed applications. However, the application logic itself is responsible for security. Adversaries may abuse bugs in the deserialization logic to forcibly invoke attacker-controlled methods by crafting malicious bytestreams (payloads).|CRYSTALLIZER presents a novel hybrid framework to automatically uncover deserialization vulnerabilities by combining static and dynamic analyses. Our intuition is to first over-approximate possible payloads through static analysis (to constrain the search space). Then, we use dynamic analysis to instantiate concrete payloads as a proof-of-concept of a vulnerability (giving the analyst concrete examples of possible attacks). Our proof-of-concept focuses on Java deserialization as the imminent domain of such attacks.|We evaluate our prototype on seven popular Java libraries against state-of-the-art frameworks for uncovering gadget chains. In contrast to existing tools, we uncovered 41 previously unknown exploitable chains. Furthermore, we show the real-world security impact of CRYSTALLIZER by using it to synthesize gadget chains to mount RCE and DoS attacks on three popular Java applications. We have responsibly disclosed all newly discovered vulnerabilities.HEXHIV
    corecore