Saad bin Saleem, Yijun Yu, and Bashar Nuseibeh.
An Empirical Study of Security Requirements in Planning Bug Fixes
for an Open Source Software Project.
Technical Report 2012/01, January 2012.
[ bib |
It is often difficult to estimate the resources needed to plan for bug fixing activities in software development projects. Security bug fixes are commonly implemented as patches in response to emergent common vulnerability and exposure (CVE) reports. In this paper we investigate how to plan for bug fixing, and whether security related bug fixes are different from other bugs. In a preprocessing step, we classify security and non-security bugs by using a definition of security requirements to elicit the keywords such as 'protection', 'assets' and 'malicious attackers', and by ranking their frequency of occurrences in the bug descriptions. We then create two release-planning inputs: one about the entire bug fixing activities, and another about bug fixes related to security requirements only. The results of the release plans are compared, with the bug fixing events recorded in the software repositories. Through a Samba case study, we show that it is possible to fix more high-priority bugs within limited given resource, and that bugs related to security requirements are materially different from other kinds of bugs.
The Problem of Reproducibility.
Technical Report 2012/02, February 2012.
[ bib |
In this article, I look at the issue of reproducibility in science, concentrating on omics- and medicine-based research work. In a sense I am (to quote a British saying) ‘teaching my grandmother to suck eggs’ since many of you, as statisticians, will have this as your central tenet. However, I hope I might describe some ideas and materials that are new to you—at least partially. Ideas which you might like to share with non-statisticians.
Studying Things that Go Wrong in Software Development.
Technical Report 2012/03, February 2012.
[ bib |
Literature sources suggest that software dependability is achieved or not as a result of decisions and judgements made by people, working alone and together. However they cannot explain exactly how this happens. Is it true that faulty ideas lead to bugs? How does this happen? What do faulty ideas look like? Points of doubt? The research proposed here lies somewhere between the broad statements of anecdotal accounts and the narrowly focused goals of software engineering research in areas related to dependability. It will consider the cognitive and social factors that anecdotes suggest contribute to failure prone software. Like other empirical studies in software engineering, this research will develop a body of detailed evidence that may be used to improve software engineering practice. However, in contrast to both of these approaches, this research will trace specific, mistaken choices made within software initiatives. Similarly, it will address gaps in the empirical data by examining these mistakes in the context of work as it happens, and by focusing on the thoughts and behaviour of the people involved in software development.
Jon G Hall and Lucia Rapanotti.
eiπ+1=0 for Computing.
Technical Report 2012/04, 2012.
[ bib |
Euler's identity relates, in just seven symbols, some of the most fundamental entities and operations in mathematics. It has been described as 'the most beautiful theorem in mathematics' and 'the greatest equation ever.' If twenty-four hours is the clock of seven thousand years of mathematics, then Euler's identity is stated just one hour before midnight, computing (with Babbage's mechanical difference engine) arriving, fashionably, a few minutes later; Software Engineering crashed the party a mere 7 minutes ago. Many have characterised elements of software, some have managed great beauty. Here we present another characterisation of the relationship between a software system, its context, the need it satisfies, its stakeholders and its validation, deduced from Rogers' definition of (general) engineering.
Thein Than Tun, Arosha K. Bandara, Blaine A. Price, Yijun Yu, Charles Haley,
Inah Omoronyia, and Bashar Nuseibeh.
Privacy Arguments: Analysing Selective Disclosure Requirements for
Technical Report 2012/05, 2012.
[ bib |
Privacy requirements for mobile applications offer a distinct set of challenges for requirements engineering. First, they are highly dynamic, changing over time and locations, and across the different roles of agents involved and the kinds of information that may be disclosed. Second, although some general privacy requirements can be elicited a priori, users often refine them at runtime as they interact with the system and its environment. Selectively disclosing information to appropriate agents is therefore a key privacy management challenge, requiring carefully formulated privacy requirements amenable to systematic reasoning. In this paper, we introduce privacy arguments as a means of analysing privacy requirements in general and selective disclosure requirements (that are both content- and context-sensitive) in particular. Privacy arguments allow individual users to express personal preferences, which are then used to reason about privacy for each user under different contexts. At runtime, these arguments provide a way to reason about requirements satisfaction and diagnosis. Our proposed approach is demonstrated and evaluated using the privacy requirements of BuddyTracker, a mobile application we developed as part of our overall research programme.
Pierre A. Akiki, Arosha K. Bandara, Hoda W. Maalouf, and Yijun Yu.
A SYSTEMATIC FRAMEWORK FOR ASSESSING THE IMPLEMENTATION PHASE OF
ENTERPRISE RESOURCE PLANNING SYSTEMS.
Technical Report 2012/06, 2012.
[ bib |
Enterprise Resource Planning (ERP) systems are a major pillar in the management of evolving modern businesses. With the continuous change of technology and increase of business process complexity, ERP systems had to evolve drastically to accommodate the needs of modern businesses. This makes the implementation of such systems very complex hence increasing the risk of failure. Aiming to reducing such risks and protecting businesses as well as ERP vendors from financial losses, this paper proposes a set of categorized critical success factors (CSFs) for assessing ERP implementations. A support tool is also presented to visualize the assessments of the current and past implementation states to help in monitoring the implementation's evolution history.
Faster Compilation through Lighter Precompilation.
Technical Report 2012/07, 2012.
[ bib |
Existing C/C++ precompilers [?] remove false dependencies between C/C++ headers to speed up their incremental compilation. Whilst parsing costs less than the backend optimisations in modern compilers, the overhead of restructuring exceeds the gain from a faster parsing. This report summaries the steps to reduce precompilation overhead through a lighter tag analyser. It also presents an evaluation on the tool.
Pierre Akiki, Arosha K. Bandara, and Yijun Yu.
Cedar: Engineering Role-Based Adaptive User Interfaces for
Technical Report 2012/08, 2012.
[ bib |
Feature-bloated enterprise applications such as customer relationship management (CRM) and enterprise resource planning (ERP) are very large scale, encompassing millions of lines-of-code and thousands of user interfaces (UI). Also, these applications are sold as generic off-the-shelf products to be used by people with diverse needs in required feature-set and backgrounds such as skills, culture, etc. Although several approaches have been proposed for adapting UIs to various user profiles, little work has focused on simplifying enterprise application UIs through engineering adaptive behavior. We define UI simplification as a mechanism for increasing usability through adaptive behavior by providing users with a minimal feature-set and an optimal layout based on their individual profile. In this paper we present Role-Based UI Simplification (RBUIS), a tool supported approach based on our CEDAR architecture for simplifying enterprise application UIs through engineering role-based adaptive behavior. RBUIS is integrated in our generic platform for developing adaptive model-driven enterprise UIs. Our approach is validated from the technical and end-user perspectives by applying it to developing a prototype enterprise application and user-testing the outcome.
This file was generated by bibtex2html 1.98.