Stephen MacDonell

Shawn Rasheed, Max McPhee, Lisa Patterson et al.

Software Bills of Material (SBOMs) have emerged as an important technology for vulnerability management amid rising supply-chain attacks. They represent component relationships within a software product and support software composition analysis (SCA) by linking components to known vulnerabilities. However, the effectiveness of SBOM-based analysis depends on how accurately SBOMs represent component identities and actual dependencies in software. This paper studies two mismatch patterns: hidden code-level dependencies that are not represented as component-level dependencies, and component variants (clones) that cannot be identified consistently by scanners. We show that these mismatches can lead to inconsistent vulnerability reporting and inconsistent handling of VEX statements across popular SBOM-based vulnerability scanners. These results highlight limitations in current SBOM production and consumption and motivate richer dependency representation and component identity.

Nidhi Gowdra, Roopak Sinha, Stephen MacDonell et al.

Convolutional Neural Networks (CNNs) such as ResNet-50, DenseNet-40 and ResNeXt-56 are severely over-parameterized, necessitating a consequent increase in the computational resources required for model training which scales exponentially for increments in model depth. In this paper, we propose an Entropy-Based Convolutional Layer Estimation (EBCLE) heuristic which is robust and simple, yet effective in resolving the problem of over-parameterization with regards to network depth of CNN model. The EBCLE heuristic employs a priori knowledge of the entropic data distribution of input datasets to determine an upper bound for convolutional network depth, beyond which identity transformations are prevalent offering insignificant contributions for enhancing model performance. Restricting depth redundancies by forcing feature compression and abstraction restricts over-parameterization while decreasing training time by 24.99% - 78.59% without degradation in model performance. We present empirical evidence to emphasize the relative effectiveness of broader, yet shallower models trained using the EBCLE heuristic, which maintains or outperforms baseline classification accuracies of narrower yet deeper models. The EBCLE heuristic is architecturally agnostic and EBCLE based CNN models restrict depth redundancies resulting in enhanced utilization of the available computational resources. The proposed EBCLE heuristic is a compelling technique for researchers to analytically justify their HyperParameter (HP) choices for CNNs. Empirical validation of the EBCLE heuristic in training CNN models was established on five benchmarking datasets (ImageNet32, CIFAR-10/100, STL-10, MNIST) and four network architectures (DenseNet, ResNet, ResNeXt and EfficientNet B0-B2) with appropriate statistical tests employed to infer any conclusive claims presented in this paper.

Paolo Tell, Jil Klünder, Steffen Küpper et al.

Hardly any software development process is used as prescribed by authors or standards. Regardless of company size or industry sector, a majority of project teams and companies use hybrid development methods (short: hybrid methods) that combine different development methods and practices. Even though such hybrid methods are highly individualized, a common understanding of how to systematically construct synergetic practices is missing. In this article, we make a first step towards a statistical construction procedure for hybrid methods. Grounded in 1467 data points from a large-scale practitioner survey, we study the question: What are hybrid methods made of and how can they be systematically constructed? Our findings show that only eight methods and few practices build the core of modern software development. Using an 85% agreement level in the participants' selections, we provide examples illustrating how hybrid methods can be characterized by the practices they are made of. Furthermore, using this characterization, we develop an initial construction procedure, which allows for defining a method frame and enriching it incrementally to devise a hybrid method using ranked sets of practice.

Nidhi Gowdra, Roopak Sinha, Stephen MacDonell

Neural saturation in Deep Neural Networks (DNNs) has been studied extensively, but remains relatively unexplored in Convolutional Neural Networks (CNNs). Understanding and alleviating the effects of convolutional kernel saturation is critical for enhancing CNN models classification accuracies. In this paper, we analyze the effect of convolutional kernel saturation in CNNs and propose a simple data augmentation technique to mitigate saturation and increase classification accuracy, by supplementing negative images to the training dataset. We hypothesize that greater semantic feature information can be extracted using negative images since they have the same structural information as standard images but differ in their data representations. Varied data representations decrease the probability of kernel saturation and thus increase the effectiveness of kernel weight updates. The two datasets selected to evaluate our hypothesis were CIFAR- 10 and STL-10 as they have similar image classes but differ in image resolutions thus making for a better understanding of the saturation phenomenon. MNIST dataset was used to highlight the ineffectiveness of the technique for linearly separable data. The ResNet CNN architecture was chosen since the skip connections in the network ensure the most important features contributing the most to classification accuracy are retained. Our results show that CNNs are indeed susceptible to convolutional kernel saturation and that supplementing negative images to the training dataset can offer a statistically significant increase in classification accuracies when compared against models trained on the original datasets. Our results present accuracy increases of 6.98% and 3.16% on the STL-10 and CIFAR-10 datasets respectively.

Nidhi Gowdra, Roopak Sinha, Stephen MacDonell

Convolutional Neural Networks (CNNs) specialize in feature extraction rather than function mapping. In doing so they form complex internal hierarchical feature representations, the complexity of which gradually increases with a corresponding increment in neural network depth. In this paper, we examine the feature extraction capabilities of CNNs using Maximum Entropy (ME) and Signal-to-Noise Ratio (SNR) to validate the idea that, CNN models should be tailored for a given task and complexity of the input data. SNR and ME measures are used as they can accurately determine in the input dataset, the relative amount of signal information to the random noise and the maximum amount of information respectively. We use two well known benchmarking datasets, MNIST and CIFAR-10 to examine the information extraction and abstraction capabilities of CNNs. Through our experiments, we examine convolutional feature extraction and abstraction capabilities in CNNs and show that the classification accuracy or performance of CNNs is greatly dependent on the amount, complexity and quality of the signal information present in the input data. Furthermore, we show the effect of information overflow and underflow on CNN classification accuracies. Our hypothesis is that the feature extraction and abstraction capabilities of convolutional layers are limited and therefore, CNN models should be tailored to the input data by using appropriately sized CNNs based on the SNR and ME measures of the input dataset.

Frederick Schmidt, Stephen MacDonell, Andy M. Connor

Design erosion is a persistent problem within the software engineering discipline. Software designs tend to deteriorate over time and there is a need for tools and techniques that support software architects when dealing with legacy systems. This paper presents an evaluation of a Search Based Software Engineering (SBSE) approach intended to recover high-level architecture designs of software systems by structuring low-level artefacts into high-level architecture artefact configurations. In particular , this paper describes the performance evaluation of a number of metaheuristic search algorithms applied to architecture reconstruction problems with high dimensionality in terms of objectives. These problems have been selected as representative of the typical challenges faced by software architects dealing with legacy systems and the results inform the ongoing developed of a software tool that supports the analysis of trade-offs between different reconstructed architectures.

Paolo Tell, Stephen MacDonell, Sherlock A. Licorish

Evidence shows that software development methods, frameworks, and even practices are seldom applied in companies by following the book. Combinations of different methodologies into home-grown processes are being constantly uncovered. Nonetheless, an academic understanding and investigation of this phenomenon is very limited. In 2016, the HELENA initiative was launched to research hybrid development approaches in software system development. This paper introduces the 3rd HELENA workshop and provides a detailed description of the instrument used and the available data sets.

Marco Kuhrmann, Philipp Diebold, Stephen MacDonell et al.

Software and system development is complex and diverse, and a multitude of development approaches is used and combined with each other to address the manifold challenges companies face today. To study the current state of the practice and to build a sound understanding about the utility of different development approaches and their application to modern software system development, in 2016, we launched the HELENA initiative. This paper introduces the 2nd HELENA workshop and provides an overview of the current project state. In the workshop, six teams present initial findings from their regions, impulse talk are given, and further steps of the HELENA roadmap are discussed.

Jim Buchan, Muneera Bano, Didar Zowghi et al.

Context: User involvement is generally considered to contributing to user satisfaction and project success and is central to Agile software development. In theory, the expectations about user involvement, such as the PO's, are quite demanding in this Agile way of working. But what are the expectations seen in practice, and are the expectations of user involvement aligned among the development team and users? Any misalignment could contribute to conflict and miscommunication among stakeholders that may result in ineffective user involvement. Objective: Our aim is to compare and contrast the expectations of two stakeholder groups (software development team, and software users) about user involvement in order to understand the expectations and assess their alignment. Method: We have conducted an exploratory case study of expectations about user involvement in an Agile software development. Qualitative data was collected through interviews to design a novel method for the assessing the alignment of expectations about user involvement by applying Repertory Grids (RG). Results: By aggregating the results from the interviews and RGs, varying degrees of expectation alignments were observed between the development team and user representatives. Conclusion: Alignment of expectations can be assessed in practice using the proposed RG instrument and can reveal misalignment between user roles and activities they participate in Agile software development projects. Although we used RG instrument retrospectively in this study, we posit that it could also be applied from the start of a project, or proactively as a diagnostic tool throughout a project to assess and ensure that expectations are aligned.

Steve Counsell, Tracy Hall, Thomas Shippey et al.

The use of asserts in code has received increasing attention in the software engineering community in the past few years, even though it has been a recognized programming construct for many decades. A previous empirical study by Casalnuovo showed that methods containing asserts had fewer defects than those that did not. In this paper, we analyze the test classes of two industrial telecom Java systems to lend support to, or refute that finding. We also analyze the physical position of asserts in methods to determine if there is a relationship between assert placement and method defect-proneness. Finally, we explore the role of test method size and the relationship it has with asserts. In terms of the previous study by Casalnuovo, we found only limited evidence to support the earlier results. We did however find that defective methods with one assert tended to be located at significantly lower levels of the class position-wise than non-defective methods. Finally, method size seemed to correlate strongly with asserts, but surprisingly less so when we excluded methods with just one assert. The work described highlights the need for more studies into this aspect of code, one which has strong links with code comprehension.

Waqar Hussain, Tony Clear, Stephen MacDonell

The DevOps phenomenon is gaining popularity through its ability to support continuous value delivery and ready accommodation of change. However, given the relative immaturity and general confusion about DevOps, a common view of expectations from a DevOps role is lacking. Through investigation of online job advertisements, combined with interviews, we identified key Knowledge Areas, Skills and Capabilities for a DevOps role and their relative importance in New Zealand's job market. Our analysis also revealed the global dimensions and the emerging nature of the DevOps role in GSE projects. This research adds a small advanced economy (New Zealand) perspective to the literature on DevOps job advertisements and should be of value to employers, job seekers, researchers as well educators and policy makers.

Waqar Hussain, Didar Zowghi, Tony Clear et al.

Software has always been considered as malleable. Changes to software requirements are inevitable during the development process. Despite many software engineering advances over several decades, requirements changes are a source of project risk, particularly when businesses and technologies are evolving rapidly. Although effectively managing requirements changes is a critical aspect of software engineering, conceptions of requirements change in the literature and approaches to their management in practice still seem rudimentary. The overall goal of this study is to better understand the process of requirements change management. We present findings from an exploratory case study of requirements change management in a globally distributed setting. In this context we noted a contrast with the traditional models of requirements change. In theory, change control policies and formal processes are considered as a natural strategy to deal with requirements changes. Yet we observed that "informal requirements changes" (InfRc) were pervasive and unavoidable. Our results reveal an equally 'natural' informal change management process that is required to handle InfRc in parallel. We present a novel model of requirements change which, we argue, better represents the phenomenon and more realistically incorporates both the informal and formal types of change.

Thomas Laurenson, Stephen MacDonell, Hank Wolfe

Reference sets contain known content that are used to identify relevant or filter irrelevant content. Application profiles are a type of reference set that contain digital artifacts associated with application software. An application profile can be compared against a target data set to identify relevant evidence of application usage in a variety of investigation scenarios. The research objective is to design and implement a standardised strategy to collect and distribute application software artifacts using application profiles. An advanced technique for creating application profiles was designed using a formalised differential analysis strategy. The design was implemented in a live differential forensic analysis tool, LiveDiff, to automate and simplify data collection. A storage mechanism was designed based on a previously standardised forensic data abstraction. The design was implemented in a new data abstraction, Application Profile XML (APXML), to provide storage, distribution and automated processing of collected artifacts.

Vinod Menon, Roopak Sinha, Stephen MacDonell

Software development has steadily embraced agile software development methodology/method (ASDM) and has been moving away from the plan driven software development methodology (PDM) approaches like waterfall. Given the iterative nature of agile development, the integration of software architecture into the agile way has become challenging. This research identifies the challenges of having a robust architecture in projects already executed by plan driven methods and new projects likewise by conducting a literature review and a case study analysis. The ensuing analysis finds that there are three major areas: people, process and technology, in which these challenges could be mapped.

Jim Buchan, Stephen MacDonell, Jennifer Yang

Context: It is not uncommon for a new team member to join an existing Agile software development team, even after development has started. This new team member faces a number of challenges before they are integrated into the team and can contribute productively to team progress. Ideally, each newcomer should be supported in this transition through an effective team onboarding program, although prior evidence suggests that this is challenging for many organisations. Objective: We seek to understand how Agile teams address the challenge of team onboarding in order to inform future onboarding design. Method: We conducted an interview survey of eleven participants from eight organisations to investigate what onboarding activities are common across Agile software development teams. We also identify common goals of onboarding from a synthesis of literature. A repertory grid instrument is used to map the contributions of onboarding techniques to onboarding goals. Results: Our study reveals that a broad range of team onboarding techniques, both formal and informal, are used in practice. It also shows that particular techniques that have high contributions to a given goal or set of goals. Conclusions: In presenting a set of onboarding goals to consider and an evidence-based mechanism for selecting techniques to achieve the desired goals it is expected that this study will contribute to better-informed onboarding design and planning. An increase in practitioner awareness of the options for supporting new team members is also an expected outcome.