Nowadays, systems containing components based on machine learning (ML) methods are becoming more widespread. In order to ensure the intended behavior of a software system, there are standards that define necessary qualities of the system and its components (such as ISO/IEC 25010). Due to the different nature of ML, we have to re-interpret existing qualities for ML systems or add new ones (such as trustworthiness)

To (semi-)automatically classify user needs that are collected from online open sources, we propose the Open Innovation in Requirements Engineering (OIRE) method. OIRE is mimicking the well-known Kano model exclusively using data from online reviews instead of conducting interviews with select focus groups. In our previous research, we introduced the design, implementation and preliminary validation

Analyzing the behavior of sensors is becoming one of the key challenges due to their increasing use for decision making in IoT systems. The paper proposes an approach for a formal specification and analysis of such behavior starting from existing sensor traces. A model that embodies the sensor measurements over time in the form of stochastic automata is built, then temporal properties are fed to Statistical

Cause–effect graphing is a well-known requirement-based and systematic testing method with a heuristic approach. Since it was introduced by Myers in 1979, there have not been any sufficiently comprehensive studies to generate test inputs from these graphs. However, there exist several methods for test input generation from Boolean expressions. Cause–effect graphs can be more convenient for a wide variety

Although extensive research has been conducted on the characteristics of the agile developer, little attention has been given to the features of the software-testing role. This paper explores the human factors of the software testers working in agile projects through a qualitative study focusing on how these factors are perceived. We interviewed 22 agile software practitioners working in three international

This special issue is dedicated to the presentation of novel results in the scope of program analysis, verification, and testing of software to improve its quality. The papers included in the special issue present approaches that successfully combine model-based test case generation, reasoning about functional equivalence, data mining, classification, and the combination of abstraction with model-checking

Security remains under-addressed in many organisations, illustrated by the number of large-scale software security breaches. Preventing breaches can begin during software development if attention is paid to security during the software’s design and implementation. One approach to security assurance during software development is to examine communications between developers as a means of studying the

This article addresses the need of applying testing activities with the purpose of checking the consistency and the correctness of distributed and dynamically adaptable systems whose structure and behavior evolve dynamically at runtime. We identified in the literature a number of studies that used some traditional testing techniques (e.g., regression testing) applied at development time and runtime

Despite the acknowledged importance of quantitative security assessment in secure software development, current literature still lacks an efficient model for measuring internal software security risk. To this end, in this paper, we introduce a hierarchical security assessment model (SAM), able to assess the internal security level of software products based on low-level indicators, i.e., security-relevant

Observing and controlling the dependability of service provision of complex IoT systems is challenging. In practice, many organizations struggle to derive consumer needs related to quality and to observe and quantify the service provision in the context of the dynamic behavior of a complex distributed system. In this paper, we present an approach to define and evaluate the dependability of complex

Modern-day demands for services often require an availability on a 24/7 basis as well as online accessibility around the globe. For this sake, personalized virtual assistants, called chatbots, are implemented. Such systems offer services, goods or information in natural language. These natural language processing (NLP) programs respond to the user in real time and offer an intuitive and simple interface

Heterogeneous cross-project defect prediction (HCPDP) is aimed at building a defect prediction model for the target project by reusing datasets from source projects, where the source project datasets and target project dataset have different features. Most existing HCPDP methods only remove redundant or unrelated features without exploring the underlying features of cross-project datasets. Additionally

This work was developed in an industrial setting towards UI regression testing, where we do not have access to source code and the majority of test cases are manually executed (and only part of the regression-based test cases can be executed due to limited resources). Test case prioritization (TCP) is indicated for such a scenario. But characteristic of many TCP techniques is that they rely on source

Homing and synchronizing sequences (HSs and SSs) are used in Finite State Machine (FSM)-based testing for state identification when deriving a test suite with guaranteed fault coverage or when performing a non-intrusive (passive) testing or monitoring. However, such preset sequences do not always exist for nondeterministic FSMs or can be rather long if existing. Adaptive HSs and SSs are known to exist

Scrum is currently the most widely used agile methodology. However, it is regarded as a framework rather than a concrete process. Unfortunately, the resources available on Scrum do not explicitly define its variable parts and do not offer proper guidance on how to resolve those variabilities. Process (re)configuration is thus left to Scrum Retrospective sessions; this can delay the vital decisions

Use case points (UCP) method has been around for over two decades. Although there was a substantial criticism concerning the algebraic construction and factor assessment of UCP, it remains an efficient early size estimation method. Predicting software effort from UCP is still an ever-present challenge. The earlier version of UCP method suggested using productivity as a cost driver, where fixed or a

In previous research, we proposed the multiple modelling quality evaluation framework (MMQEF), which is a method and tool for evaluating modelling languages in model-driven engineering (MDE) environments. Rather than being exclusive, MMQEF attempts to complement other methods of evaluation of quality such as SEQUAL. However, to date, MMQEF has not been validated beyond some concept proofs. This paper

Software process standards and models are used in large- and medium-sized organizations to reach the Iron Triangle. In contrast, small and very small entities either ignore them or cannot apply them because these standards and models are technically and economically not affordable. Consequently, agile software development practices are usually used by small and very small organizations. The ISO/IEC

Design smell detection has proven to be an efficient strategy to improve software quality and consequently decrease maintainability expenses. This work explores the influence of the information about project context expressed as project domain and size category information, on the automatic detection of the god class design smell by machine learning techniques. A set of experiments using eight classifiers

The effectiveness of model-based testing (MBT) is mainly due to its potential for automation. If the model is formal and machine-readable, test cases can be derived automatically. One of the most used formal modeling techniques is the interpretation of a system as an extended finite state machine (EFSM). However, formal models are not a common practice in the industry. The Unified Modeling Language

Test automation brings the potential to reduce costs and human effort, but several aspects of software testing remain challenging to automate. One such example is automated performance testing to find performance breaking points. Current approaches to tackle automated generation of performance test cases mainly involve using source code or system model analysis or use-case-based techniques. However

This paper focuses on codes of conduct (CoC) of Free and Open Source Software (F/OSS) and their role in improving women’s participation in online communities of OSS. We investigated 355 F/OSS software package websites for the presence of codes of conduct and then analyzed these for diversity elements. Qualitative content analysis of the websites shows that less than 10% (28) of the analyzed websites

Model checking has advanced over the last decades to become an effective formal technique for verifying distributed and concurrent systems. As computers grew in memory and processing capacity, it became possible to exhaustively verify systems with billions of states, making it practical to model and verify real-world protocols and algorithms. However, writing a model is a manual task that potentially

Software testing (ST) has been considered as one of the most important and critical activities of the software development life cycle (SDLC) since it influences directly on quality. When a software project is planned, it is common practice to predict the corresponding ST effort (STEP) as a percentage of predicted SDLC effort. However, the effort range for ST has been reported between 10 and 60% of

Safety is one of the most important features of modern software systems, especially safety-critical systems such as nuclear power plants, which can be checked exactly by model checking. Model checking is a formal verification technique that analyzes system properties through exploring all reachable states (state space) of a model of a system. The problem of the technique is that it confronts the state

Community-aware metrics through socio-technical developer networks or organizational structures have already been studied in the software bug prediction field. Community smells are also proposed to identify communication and collaboration patterns in developer communities. Prior work reports a statistical association between community smells and code smells identified in software modules. We investigate

When deadlines and resources of software projects become scarce, testing is usually in the first row to have its activities aborted or reduced; however, if defects cannot be found, product quality can be affected. In the software development process, aborted or reduced activities that can bring short-term benefits, but can be harmful to the project in the long run, are considered Technical Debt (TD)

JavaScript is a popular programming language today with several implementations competing for market dominance. Although a specification document and a conformance test suite exist to guide engine development, bugs occur and have important practical consequences. Implementing correct engines is challenging because the spec is intentionally incomplete and evolves frequently. This paper investigates

Energy consumption of software has been becoming increasingly significant, since it can vary according to how the software has been developed. In recent years, developers and researchers have been interested in analyzing, among other things, how energy consumption evolves when changes occur from one version to another in any given software. Thus far, the only studies available are theoretical papers

Test-driven development (TDD) is a popular design approach used by the developers with testing being the important software development driving factor. On the other hand, mutation testing is considered one of the most effective testing techniques. However, there is not so much research on combining these two techniques together. In this paper, we propose a novel, hybrid approach called TDD+M which

Automotive test case specifications document test cases to be performed for a specific test object at a defined test level. They are a fundamental part of a structured automotive testing process, as required by the ISO 26262. The aim of our research is to identify challenges from a practitioner’s point of view that lead to poor quality of test case specifications and thus negatively impact time, cost

Conventional approaches for the validation of robotic systems include simulations and functional software testing. Although these approaches are interesting, they do not offer coverage information to guide the testing activity. In this sense, the introduction of coverage testing to the validation of mobile robotic systems seems to promise. This paper proposes a integration testing approach for robotic

Mutation testing is a well-established but costly technique to assess and improve the fault detection ability of test suites. This technique consists of introducing subtle changes in the code of a program, which are expected to be detected by the designed test cases. Among the strategies conceived to reduce its cost, evolutionary mutation testing (EMT) has been revealed as a promising approach to select

In requirements engineering (RE), an early yet critical activity consists in eliciting the requirements from various stakeholders, who usually have different assumptions, knowledge, and intentions. The goal during elicitation is to understand what stakeholders expect from a given software, expectations which then feed the analysis, prioritization, validation, and ultimately specification activities

Mobile application reviews are considered a rich source of information for software engineers to provide a general understanding of user requirements and technical feedback to avoid main programming issues. Previous researches have used traditional data mining techniques to classify user reviews into several software maintenance tasks. In this paper, we aim to use associative classification (AC) algorithms

Monitoring for cloud is the key technology to know the status and the availability of the resources and services present in the current infrastructure. However, cloud monitoring faces a lot of challenges due to inefficient monitoring capability and enormous resource consumption. We study the adaptive monitoring for cloud computing platform, and focus on the problem of balancing monitoring capability

Software’s ability to adapt at run-time to changing user needs, faults, or system intrusions; changing operational environment; and resource variability has been proposed to cope with the complexity of today’s software-intensive systems. Such self-adaptive systems can reconfigure themselves, augment their own functionality, or continually optimize and recover themselves. For example, such capabilities

Bad modularized concerns are a known deficiency of legacy systems, making their maintenance increasingly harder and expensive. An alternative is to conduct a modularity-oriented modernization (MOM), whose goal is to restructure concerns for making them more modular. Architecture-driven modernization (ADM) is a model-based alternative for that—it is a kind of reengineering that employs standard metamodels

Product line (PL)-based development is a thriving research area to develop software-intensive systems. Feature models (FMs) facilitate derivation of valid products from a PL by managing commonalities and variabilities among software products. However, the researchers in academia as well as in the industries experience difficulties in quality assessment of FMs. The increasing complexity and size of

In software engineering predictive modeling, early prediction of software modules or classes that possess high maintainability effort is a challenging task. Many prediction models are constructed to predict the maintainability of software classes or modules by applying various machine learning (ML) techniques. If the software modules or classes need high maintainability, effort would be reduced in

Self-admitted technical debt refers to sub-optimal development solutions that are expressed in written code comments or commits. We reproduce and improve on a prior work by Yan et al. ( 2018 ) on detecting commits that introduce self-admitted technical debt. We use multiple natural language processing methods: Bag-of-Words, topic modeling, and word embedding vectors. We study 5 open-source projects

Having systems that can adapt themselves in case of faults or changing environmental conditions is of growing interest for industry and especially for the automotive industry considering autonomous driving. In autonomous driving, it is vital to have a system that is able to cope with faults in order to enable the system to reach a safe state. In this paper, we present an adaptive control method that

Improving code quality without changing its functionality, e.g., by refactoring or optimization, is an everyday programming activity. Good programming practice requires that each such change should be followed by a check if the change really preserves the code behavior. If such a check is performed by testing, it can be time consuming and still cannot guarantee the absence of differences in behavior

Some countries have adopted the diagnosis-related groups (DRG) system to pay hospitals according to the number and complexity of patients they treat. Translating diseases and procedures into medical codes based on international standards such as ICD-9-CM or ICD-10-CM/PCS is at the core of the DRG systems. However, certain types of coding errors undermine this system, namely, upcoding, in which data

Test automation enables continuous testing, a cornerstone of agile methods, and DevOps. Assertions play a fundamental role in test automation, and recently competing assertion libraries for unit testing frameworks, such as, for example, JUnit or TestNG, emerged. Thus, it is imperative to gauge assertion libraries in terms of developer/tester productivity, allowing SQA managers and software testers

Bug datasets have been created and used by many researchers to build and validate novel bug prediction models. In this work, our aim is to collect existing public source code metric-based bug datasets and unify their contents. Furthermore, we wish to assess the plethora of collected metrics and the capabilities of the unified bug dataset in bug prediction. We considered 5 public datasets and we downloaded

Many Java programs encode temporal behaviors in their source code, typically mixing three features provided by the Java language: (1) pausing the execution for a limited amount of time, (2) waiting for an event that has to occur before a deadline expires, and (3) comparing timestamps. In this work, we show how to exploit modern SMT solvers together with static analysis in order to produce a network

I hope that all our readers are healthy and safe at this time of global uncertainty. In this issue, we have four regular research papers and three special sections. The first two regular research papers are linked by the common theme of software testing, whereas the final two regular papers report secondary research, the first being a survey of APIs and the second a systematic literature review concerned

Today, many tools exist that attempt to find possible vulnerabilities in Android applications, e.g., FlowDroid, Fortify, or AppScan. However, all these tools aim to detect vulnerabilities or (sometimes) tainted flows and present the reviewer detected possible issues of an analyzed Android application. None of these tools supports the identification of implemented security features in code, although

Automatic test case generation is usually based on models of the software under test. However, those models may not exist or may be outdated and so, the test case generation must resort to other artifacts. In a software maintenance context, test cases must adapt to software changes and should be improved continuously to test adequately the new versions of the software. Mutation testing is a fault-based

This issue of the Software Quality Journal is devoted to studies on the quality of software in various advanced applications in business, industry, and everyday life. Following an open call and a thorough review process, the articles accepted for publication cover various aspects relevant to the generic topic. Various areas are represented in the published papers, such as embedded systems, gap analysis

Data is of ever-growing importance and is widely considered to be a company’s most valuable asset. Since data is becoming the main driver of business value, data quality and, specifically, data security are of paramount importance to companies. Various regulations related to data cybersecurity have been drawn up, such as the GDPR and the Cybersecurity Act, thus proving the importance placed on data

It is already common to compute quantitative metrics of requirements to assess their quality. However, the risk is to build assessment methods and tools that are both arbitrary and rigid in the parameterization and combination of metrics. Specifically, we show that a linear combination of metrics is insufficient to adequately compute a global measure of quality. In this work, we propose to develop

From the industry point of view, IS (Information Systems) Quality is much more than achieving adequate levels of quality in the systems of which company IS is composed. IS quality has become a strategic objective that directly impacts the success of all companies. However, since technologies and paradigms (both those supporting software and those that develop it) are in continuous evolution, quality

Quality of web service becomes more and more interesting as a distinguishing criterion to select a unique web service from all candidate ones. The quality assessment issue, especially regarding the volatility of the web services environment, is one among the main challenges in this context. In this paper, we propose a service-based system for web services monitoring. Compared with other efforts in

We study the problem of online runtime verification of real-time event streams. Our monitors can observe concurrent systems with a shared clock, but where each component reports observations as signals that arrive to the monitor at different speeds and with different and varying latencies. We start from specifications in a fragment of the TeSSLa specification language, where streams (including inputs

Code smells are characteristics of the software that indicates a code or design problem which can make software hard to understand, evolve, and maintain. There are several code smell detection tools proposed in the literature, but they produce different results. This is because smells are informally defined or subjective in nature. Machine learning techniques help in addressing the issues of subjectivity

Software engineering (SE) experiments suffer from threats to validity that may impact their results. Replication allows researchers building on top of previous experiments’ weaknesses and increasing the reliability of the findings. Illustrating the benefits of replication to increase the reliability of the findings and uncover moderator variables. We replicate an experiment on test-driven development

Quality requirements (QRs) are a key artifact needed to ensure the quality and success of a software system. Despite their importance, QRs rarely get the same degree of attention as their functional counterpart in agile software development (ASD) projects. Moreover, crucial information that can be obtained from software development repositories (e.g., JIRA, GitHub) is not fully exploited, or is even

Self-adaptive systems dynamically change their structure and behavior in response to changes in their execution environment to ensure the quality of the services they provide. Self-adaptive systems are usually built of a managed part, which implements their functionality, and a managing part, which implements the self-adaptive mechanisms. Hence, the complexity of self-adaptive systems results also