Test automation enables continuous testing, a cornerstone of agile methods, and DevOps. Assertions play a fundamental role in test automation, and recently competing assertion libraries for unit testing frameworks, such as, for example, JUnit or TestNG, emerged. Thus, it is imperative to gauge assertion libraries in terms of developer/tester productivity, allowing SQA managers and software testers

Bug datasets have been created and used by many researchers to build and validate novel bug prediction models. In this work, our aim is to collect existing public source code metric-based bug datasets and unify their contents. Furthermore, we wish to assess the plethora of collected metrics and the capabilities of the unified bug dataset in bug prediction. We considered 5 public datasets and we downloaded

Many Java programs encode temporal behaviors in their source code, typically mixing three features provided by the Java language: (1) pausing the execution for a limited amount of time, (2) waiting for an event that has to occur before a deadline expires, and (3) comparing timestamps. In this work, we show how to exploit modern SMT solvers together with static analysis in order to produce a network

Today, many tools exist that attempt to find possible vulnerabilities in Android applications, e.g., FlowDroid, Fortify, or AppScan. However, all these tools aim to detect vulnerabilities or (sometimes) tainted flows and present the reviewer detected possible issues of an analyzed Android application. None of these tools supports the identification of implemented security features in code, although

Automatic test case generation is usually based on models of the software under test. However, those models may not exist or may be outdated and so, the test case generation must resort to other artifacts. In a software maintenance context, test cases must adapt to software changes and should be improved continuously to test adequately the new versions of the software. Mutation testing is a fault-based

Data is of ever-growing importance and is widely considered to be a company’s most valuable asset. Since data is becoming the main driver of business value, data quality and, specifically, data security are of paramount importance to companies. Various regulations related to data cybersecurity have been drawn up, such as the GDPR and the Cybersecurity Act, thus proving the importance placed on data

It is already common to compute quantitative metrics of requirements to assess their quality. However, the risk is to build assessment methods and tools that are both arbitrary and rigid in the parameterization and combination of metrics. Specifically, we show that a linear combination of metrics is insufficient to adequately compute a global measure of quality. In this work, we propose to develop

Quality of web service becomes more and more interesting as a distinguishing criterion to select a unique web service from all candidate ones. The quality assessment issue, especially regarding the volatility of the web services environment, is one among the main challenges in this context. In this paper, we propose a service-based system for web services monitoring. Compared with other efforts in

We study the problem of online runtime verification of real-time event streams. Our monitors can observe concurrent systems with a shared clock, but where each component reports observations as signals that arrive to the monitor at different speeds and with different and varying latencies. We start from specifications in a fragment of the TeSSLa specification language, where streams (including inputs

In the context of access control systems, testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. In XACML-based access control systems, incoming access requests are transmitted to the policy decision point (PDP) that grants or denies the access based on the defined XACML policies. The criticality of a PDP component requires an intensive

Code smells are characteristics of the software that indicates a code or design problem which can make software hard to understand, evolve, and maintain. There are several code smell detection tools proposed in the literature, but they produce different results. This is because smells are informally defined or subjective in nature. Machine learning techniques help in addressing the issues of subjectivity

Software engineering (SE) experiments suffer from threats to validity that may impact their results. Replication allows researchers building on top of previous experiments’ weaknesses and increasing the reliability of the findings. Illustrating the benefits of replication to increase the reliability of the findings and uncover moderator variables. We replicate an experiment on test-driven development

Quality requirements (QRs) are a key artifact needed to ensure the quality and success of a software system. Despite their importance, QRs rarely get the same degree of attention as their functional counterpart in agile software development (ASD) projects. Moreover, crucial information that can be obtained from software development repositories (e.g., JIRA, GitHub) is not fully exploited, or is even

Self-adaptive systems dynamically change their structure and behavior in response to changes in their execution environment to ensure the quality of the services they provide. Self-adaptive systems are usually built of a managed part, which implements their functionality, and a managing part, which implements the self-adaptive mechanisms. Hence, the complexity of self-adaptive systems results also

Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users

Brazilian Federal Institutes of Education, Science and Technology (FIs) have expanded through multicampi structure, which has led to profound changes in their administrative and academic organization. As consequence of this expansion, the demand for services, systems, and information technology (IT) solutions has increased; and the support service’s provision has become much more relevant. However

Cloud computing serves as a platform for diverse types of applications, from low-priority to critical. Some of these applications require high levels of system availability and reliability. Developing methods for cloud computing availability and reliability evaluation is of utmost importance. In this paper, we propose a set of models for availability and reliability evaluation of a virtualized system

Continuous integration practice mandates to continuously introduce incremental changes into code, but doing so may introduce new faults too. These faults could be detected automatically through regression testing, but this practice becomes prohibitive as the cost of executing the tests grows. This problem is preponderant in end-to-end testing where the whole system is requested for test execution.

As a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, and threats to applications security have been continuously evolving. Security of code and privacy of data must be implemented in both design and programming practice to face such scenarios. In such a context, this paper proposes a software development approach, Privacy

Open source software (OSS) allows developers to study, change, and improve the code free of charge. There are several high-quality software projects which deliver stable and well-documented products. Most OSS forges typically sustain active user and expert communities which in turn provide decent levels of support both with respect to answering user questions as well as to repairing reported software

Self-adaptive systems have to implement adaptation policies described by sets of rules that express how the components are reconfigured within the system, the priority of a given reconfiguration to happen, when a given (sequence of) event(s) occurs, and when specific conditions on the system state are satisfied. However, when this priority is given by a fuzzy value (e.g., high, medium, low) depending

Abstract Master data management (MDM) can provide an integrated and unified view of key business entities to offer better support in business processes. Due to the very nature of master data-based applications, it is possible to use data with the highest possible level of quality. MDM can help ensure that some common concerns, like duplicates or inconsistencies, are prevented by sharing a ‘single version

Abstract Gap analysis is a common approach in industry to evaluate the gaps between the implemented software processes and the requirements of process quality frameworks or standard norms. Gap analysis processes are usually executed by means of questionnaires that need to be crafted ad hoc according to specific appraisal goals. The approaches used for developing, compiling and evaluating the answers

Abstract Traditional runtime quantitative verification approaches for self-adaptive systems usually rely on the use of state-transition models to describe the system behaviour and check property violation at runtime. More recently, some approaches have advocated the use of scenarios as a strategy for representing both the normal and adaptive system behaviour. However, the use of scenarios as a runtime

Abstract Symptoms of software aging include performance degradation and failure occurrence increasing when software systems run for a period of time. Therefore, software aging is closely related to system performance. Understanding and analyzing performance issues in the software system is critical to mastering software aging information. Instead of focusing on normal valid bug reports (VBRs), this

Today’s enterprise software systems are much more complicated than the past. Increasing numbers of dependent applications, heterogeneous technologies, and wide usage of Service-Oriented Architectures (SOA), where numerous services communicate with each other, makes testing of such systems challenging. For testing these software systems, the concept of service virtualization is gaining popularity. Service