Driftinformation
Ett driftavbrott i samband med versionsuppdatering är planerat till 24/9-2024, kl 12.00-14.00. Under den tidsperioden kommer DiVA inte att vara tillgängligt
Ändra sökning
Länk till posten
Permanent länk

Direktlänk
Publikationer (10 of 51) Visa alla publikationer
Fucci, D., Alégroth, E., Felderer, M. & Johannesson, C. (2024). Evaluating software security maturity using OWASP SAMM: Different approaches and stakeholders perceptions. Journal of Systems and Software, 214, Article ID 112062.
Öppna denna publikation i ny flik eller fönster >>Evaluating software security maturity using OWASP SAMM: Different approaches and stakeholders perceptions
2024 (Engelska)Ingår i: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 214, artikel-id 112062Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Background: Recent years have seen a surge in cyber-attacks, which can be prevented or mitigated using software security activities. OWASP SAMM is a maturity model providing a versatile way for companies to assess their security posture and plan for improvements. Objective: We perform an initial SAMM assessment in collaboration with a company in the financial domain. Our objective is to assess a holistic inventory of the company security-related activities, focusing on how different roles perform the assessment and how they perceive the instrument used in the process. Methodology: We perform a case study to collect data using SAMM in a lightweight and novel manner through assessment using an online survey with 17 participants and a focus group with seven participants. Results: We show that different roles perceive maturity differently and that the two assessments deviate only for specific practices making the lightweight approach a viable and efficient solution in industrial practice. Our results indicate that the questions included in the SAMM assessment tool are answered easily and confidently across most roles. Discussion: Our results suggest that companies can productively use a lightweight SAMM assessment. We provide nine lessons learned for guiding industrial practitioners in the evaluation of their current security posture as well as for academics wanting to utilize SAMM as a research tool in industrial settings. Editor's note: Open Science material was validated by the Journal of Systems and Software Open Science Board. © 2024 The Author(s)

Ort, förlag, år, upplaga, sidor
Elsevier, 2024
Nyckelord
Industry-academia collaboration, OWASP SAMM, Software security, Cybersecurity, Industrial research, Petroleum reservoir evaluation, Cyber-attacks, Evaluating software, Financial domains, Maturity model, Open science, Security activities, Stakeholder perception, Network security
Nationell ämneskategori
Programvaruteknik
Identifikatorer
urn:nbn:se:bth-26188 (URN)10.1016/j.jss.2024.112062 (DOI)001237888500001 ()2-s2.0-85192019707 (Scopus ID)
Forskningsfinansiär
KK-stiftelsen, 20180010
Tillgänglig från: 2024-05-13 Skapad: 2024-05-13 Senast uppdaterad: 2024-06-19Bibliografiskt granskad
Felderer, M., Enoiu, E. P. & Tahvili, S. (2023). Artificial Intelligence Techniques in System Testing. In: José Raúl Romero, Inmaculada Medina-Bulo, Francisco Chicano (Ed.), Optimising the Software Development Process with Artificial Intelligence: (pp. 221-240). Springer
Öppna denna publikation i ny flik eller fönster >>Artificial Intelligence Techniques in System Testing
2023 (Engelska)Ingår i: Optimising the Software Development Process with Artificial Intelligence / [ed] José Raúl Romero, Inmaculada Medina-Bulo, Francisco Chicano, Springer, 2023, s. 221-240Kapitel i bok, del av antologi (Refereegranskat)
Abstract [en]

System testing is essential for developing high-quality systems, but the degree of automation in system testing is still low. Therefore, there is high potential for Artificial Intelligence (AI) techniques like machine learning, natural language processing, or search-based optimization to improve the effectiveness and efficiency of system testing. This chapter presents where and how AI techniques can be applied to automate and optimize system testing activities. First, we identified different system testing activities (i.e., test planning and analysis, test design, test execution, and test evaluation) and indicated how AI techniques could be applied to automate and optimize these activities. Furthermore, we presented an industrial case study on test case analysis, where AI techniques are applied to encode and group natural language into clusters of similar test cases for cluster-based test optimization. Finally, we discuss the levels of autonomy of AI in system testing.

Ort, förlag, år, upplaga, sidor
Springer, 2023
Serie
Natural Computing Series, ISSN 1619-7127, E-ISSN 2627-6461 ; F1169
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:bth-25211 (URN)10.1007/978-981-19-9948-2_8 (DOI)2-s2.0-85165956570 (Scopus ID)9789811999475 (ISBN)9789811999482 (ISBN)
Forskningsfinansiär
EU, Horisont 2020, 957212
Tillgänglig från: 2023-08-07 Skapad: 2023-08-07 Senast uppdaterad: 2023-08-11Bibliografiskt granskad
Bendler, D. & Felderer, M. (2023). Competency Models for Information Security and Cybersecurity Professionals: Analysis of Existing Work and a New Model. ACM Transactions on Computing Education, 23(2), Article ID 25.
Öppna denna publikation i ny flik eller fönster >>Competency Models for Information Security and Cybersecurity Professionals: Analysis of Existing Work and a New Model
2023 (Engelska)Ingår i: ACM Transactions on Computing Education, E-ISSN 1946-6226, Vol. 23, nr 2, artikel-id 25Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Competency models are widely adopted frameworks that are used to improve human resource functions and education. However, the characteristics of competency models related to the information security and cybersecurity domains are not well understood. To bridge this gap, this study investigates the current state of competency models related to the security domain through qualitative content analysis. Additionally, based on the competency model analysis, an evidence-based competency model is proposed. Examining the content of 27 models, we found that the models can benefit target groups in many different ways, ranging from policymaking to performance management. Owing to their many uses, competency models can arguably help to narrow the skills gap from which the profession is suffering. Nonetheless, the models have their shortcomings. First, the models do not cover all of the topics specified by the Cybersecurity Body of Knowledge ( i.e., no model is complete). Second, by omitting social, personal, and methodological competencies, many models reduce the competency profile of a security expert to professional competencies. Addressing the limitations of previous work, the proposed competency model provides a holistic view of the competencies required by security professionals for job achievement and can potentially benefit both the education system and the labor market. To conclude, the implications of the competency model analysis and use cases of the proposed model are discussed.

Ort, förlag, år, upplaga, sidor
Association for Computing Machinery (ACM), 2023
Nyckelord
Cybersecurity education, competency model, competency, workforce development, skills gap
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Identifikatorer
urn:nbn:se:bth-25261 (URN)10.1145/3573205 (DOI)001018474800009 ()
Projekt
MIDISE
Forskningsfinansiär
KK-stiftelsen, 20210026Europeiska kommissionen, 2019-1-LI01-KA203-000130
Tillgänglig från: 2023-08-09 Skapad: 2023-08-09 Senast uppdaterad: 2024-04-23Bibliografiskt granskad
Molléri, J. S., Mendes, E., Petersen, K. & Felderer, M. (2023). Determining a core view of research quality in empirical software engineering. Computer Standards & Interfaces, 84, Article ID 103688.
Öppna denna publikation i ny flik eller fönster >>Determining a core view of research quality in empirical software engineering
2023 (Engelska)Ingår i: Computer Standards & Interfaces, ISSN 0920-5489, E-ISSN 1872-7018, Vol. 84, artikel-id 103688Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Context: Research quality is intended to appraise the design and reporting of studies. It comprises a set of standards such as methodological rigor, practical relevance, and conformance to ethical standards. Depending on the perspective, different views of importance are given to the standards for research quality. Objective: To investigate the suitability of a conceptual model of research quality to Software Engineering (SE), from the perspective of researchers engaged in Empirical Software Engineering (ESE) research, in order to understand the core value of research quality. Method: We conducted a mixed-methods approach with two distinct group perspectives: (i) a research group; and (ii) the empirical SE research community. Our data collection approach comprised a questionnaire survey and a complementary focus group. We carried out a hierarchical voting prioritization to collect relative values for importance of standards for research quality. Results: In the context of this research, ‘internally valid’, ‘relevant research idea’, and ‘applicable results’ are perceived as the core standards for research quality in empirical SE. The alignment at the research group level was higher compared to that at the community level. Conclusion: The conceptual model was seen to express fairly the standards for research quality in the SE context. It presented limitations regarding its structure and components’ description, which resulted in an updated model. © 2022

Ort, förlag, år, upplaga, sidor
Elsevier, 2023
Nyckelord
Alignment, Conceptual model, Research quality, Standards, Surveys, Core values, Data collection, Empirical Software Engineering, Ethical standards, Mixed method, Research communities, Research groups, Software engineering research, Software engineering
Nationell ämneskategori
Programvaruteknik
Identifikatorer
urn:nbn:se:bth-23706 (URN)10.1016/j.csi.2022.103688 (DOI)000870181900002 ()2-s2.0-85137713683 (Scopus ID)
Tillgänglig från: 2022-10-03 Skapad: 2022-10-03 Senast uppdaterad: 2023-12-04Bibliografiskt granskad
Steidl, M., Felderer, M. & Ramler, R. (2023). The pipeline for the continuous development of artificial intelligence models-Current state of research and practice. Journal of Systems and Software, 199, Article ID 111615.
Öppna denna publikation i ny flik eller fönster >>The pipeline for the continuous development of artificial intelligence models-Current state of research and practice
2023 (Engelska)Ingår i: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 199, artikel-id 111615Artikel, forskningsöversikt (Refereegranskat) Published
Abstract [en]

Companies struggle to continuously develop and deploy Artificial Intelligence (AI) models to complex production systems due to AI characteristics while assuring quality. To ease the development process, continuous pipelines for AI have become an active research area where consolidated and in-depth analysis regarding the terminology, triggers, tasks, and challenges is required.This paper includes a Multivocal Literature Review (MLR) where we consolidated 151 relevant formal and informal sources. In addition, nine-semi structured interviews with participants from academia and industry verified and extended the obtained information. Based on these sources, this paper provides and compares terminologies for Development and Operations (DevOps) and Continuous Integration (CI)/Continuous Delivery (CD) for AI, Machine Learning Operations (MLOps), (end-to-end) lifecycle management, and Continuous Delivery for Machine Learning (CD4ML). Furthermore, the paper provides an aggregated list of potential triggers for reiterating the pipeline, such as alert systems or schedules. In addition, this work uses a taxonomy creation strategy to present a consolidated pipeline comprising tasks regarding the continuous development of AI. This pipeline consists of four stages: Data Handling, Model Learning, Software Development and System Operations. Moreover, we map challenges regarding pipeline implementation, adaption, and usage for the continuous development of AI to these four stages.(c) 2023 The Authors. Published by Elsevier Inc. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).

Ort, förlag, år, upplaga, sidor
Elsevier, 2023
Nyckelord
Continuous development of AI, Continuous (end-to-end) lifecycle pipeline for AI, MLOps, CI, CD for AI, DevOps for AI, Multivocal literature review
Nationell ämneskategori
Programvaruteknik
Identifikatorer
urn:nbn:se:bth-24504 (URN)10.1016/j.jss.2023.111615 (DOI)000967982100001 ()
Tillgänglig från: 2023-05-09 Skapad: 2023-05-09 Senast uppdaterad: 2023-05-09Bibliografiskt granskad
Huber, S., Demetz, L. & Felderer, M. (2022). A comparative study on the energy consumption of Progressive Web Apps. Information Systems, 108, Article ID 102017.
Öppna denna publikation i ny flik eller fönster >>A comparative study on the energy consumption of Progressive Web Apps
2022 (Engelska)Ingår i: Information Systems, ISSN 0306-4379, E-ISSN 1873-6076, Vol. 108, artikel-id 102017Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Progressive Web Apps (PWAs) are a promising approach for developing mobile apps, especially when developing apps for multiple mobile systems. As mobile devices are limited with respect to battery capacity, developers should keep the energy footprint of a mobile app as low as possible. The goal of this study is to analyze the difference in energy consumption of PWAs compared to other mobile development approaches. As mobile apps are primarily interactive in nature, we focus on UI rendering and interaction scenarios. For this, we implemented five versions of the same app with different development approaches and examined their energy footprint on two Android devices with four execution scenarios. Additionally, we extended our research by analyzing multiple real-world mobile apps to include a more practical perspective. Regarding execution environments, we also compared the energy consumption of PWAs executed in different web-browsers. The results based on sample and real-world apps show that the used development approach influences the energy footprint of a mobile app. Native development shows the lowest energy consumption. PWAs, albeit having a higher energy consumption than native apps, are a viable alternative to other mobile cross-platform development (MCPD) approaches. The experiments could not assert an inherent technological disadvantage of PWAs in contrast to other MCPD approaches when considering UI energy consumption. Moreover, the web-browser engine used to execute the PWA has a significant influence on the energy footprint of the app. © 2022 Elsevier Ltd

Ort, förlag, år, upplaga, sidor
Elsevier Ltd, 2022
Nyckelord
Energy-efficiency, Mobile cross-platform development, Mobile software development, Progressive Web Apps, Energy utilization, Software design, Web browsers, Cross platform development, Development approach, Energy, Energy-consumption, Mobile app, Progressive web app, Real-world, Web App, Energy efficiency
Nationell ämneskategori
Programvaruteknik
Identifikatorer
urn:nbn:se:bth-22773 (URN)10.1016/j.is.2022.102017 (DOI)001133975200018 ()2-s2.0-85126383074 (Scopus ID)
Tillgänglig från: 2022-03-25 Skapad: 2022-03-25 Senast uppdaterad: 2024-08-06Bibliografiskt granskad
Fagerholm, F., Felderer, M., Fucci, D., Unterkalmsteiner, M., Marculescu, B., Martini, M., . . . Khattak, J. (2022). Cognition in Software Engineering: A Taxonomy and Survey of a Half-Century of Research. ACM Computing Surveys, 54(11)
Öppna denna publikation i ny flik eller fönster >>Cognition in Software Engineering: A Taxonomy and Survey of a Half-Century of Research
Visa övriga...
2022 (Engelska)Ingår i: ACM Computing Surveys, ISSN 0360-0300, E-ISSN 1557-7341, Vol. 54, nr 11Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Cognition plays a fundamental role in most software engineering activities. This article provides a taxonomy of cognitive concepts and a survey of the literature since the beginning of the Software Engineering discipline. The taxonomy comprises the top-level concepts of perception, attention, memory, cognitive load, reasoning, cognitive biases, knowledge, social cognition, cognitive control, and errors, and procedures to assess them both qualitatively and quantitatively. The taxonomy provides a useful tool to filter existing studies, classify new studies, and support researchers in getting familiar with a (sub) area. In the literature survey, we systematically collected and analysed 311 scientific papers spanning five decades and classified them using the cognitive concepts from the taxonomy. Our analysis shows that the most developed areas of research correspond to the four life-cycle stages, software requirements, design, construction, and maintenance. Most research is quantitative and focuses on knowledge, cognitive load, memory, and reasoning. Overall, the state of the art appears fragmented when viewed from the perspective of cognition. There is a lack of use of cognitive concepts that would represent a coherent picture of the cognitive processes active in specific tasks. Accordingly, we discuss the research gap in each cognitive concept and provide recommendations for future research.

Ort, förlag, år, upplaga, sidor
ACM Digital Library, 2022
Nyckelord
Cognition, cognitive concepts, psychology of programming, human factors, measurement, taxonomy
Nationell ämneskategori
Programvaruteknik
Identifikatorer
urn:nbn:se:bth-23177 (URN)10.1145/3508359 (DOI)000886929000001 ()
Anmärkning

open access

Tillgänglig från: 2022-06-16 Skapad: 2022-06-16 Senast uppdaterad: 2023-06-30Bibliografiskt granskad
Adigun, J. G., Camilli, M., Felderer, M., Giusti, A., Matt, D. T., Perini, A., . . . Susi, A. (2022). Collaborative Artificial Intelligence Needs Stronger Assurances Driven by Risks. Computer, 55(3), 52-63
Öppna denna publikation i ny flik eller fönster >>Collaborative Artificial Intelligence Needs Stronger Assurances Driven by Risks
Visa övriga...
2022 (Engelska)Ingår i: Computer, ISSN 0018-9162, E-ISSN 1558-0814, Vol. 55, nr 3, s. 52-63Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Collaborative artificial intelligence systems (CAISs) aim to work with humans in a shared space to achieve a common goal, but this can pose hazards that could harm human beings. We identify emerging problems in this context and report our vision of and progress toward a risk-driven assurance process for CAISs.

Ort, förlag, år, upplaga, sidor
IEEE Computer Society, 2022
Nyckelord
Artificial intelligence systems, Human being, Shared spaces
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:bth-22818 (URN)10.1109/MC.2021.3131990 (DOI)000769986500008 ()2-s2.0-85127599993 (Scopus ID)
Tillgänglig från: 2022-04-07 Skapad: 2022-04-07 Senast uppdaterad: 2022-04-19Bibliografiskt granskad
Foidl, H., Felderer, M. & Ramler, R. (2022). Data Smells: Categories, Causes and Consequences, and Detection of Suspicious Data in AI-based Systems. In: Proceedings - 1st International Conference on AI Engineering - Software Engineering for AI, CAIN 2022: . Paper presented at 1st International Conference on AI Engineering - Software Engineering for AI, CAIN 2022, Pittsburgh, 16 May 2022 through 17 May 2022 (pp. 229-239). Institute of Electrical and Electronics Engineers (IEEE)
Öppna denna publikation i ny flik eller fönster >>Data Smells: Categories, Causes and Consequences, and Detection of Suspicious Data in AI-based Systems
2022 (Engelska)Ingår i: Proceedings - 1st International Conference on AI Engineering - Software Engineering for AI, CAIN 2022, Institute of Electrical and Electronics Engineers (IEEE), 2022, s. 229-239Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

High data quality is fundamental for today's AI-based systems. However, although data quality has been an object of research for decades, there is a clear lack of research on potential data quality issues (e.g., ambiguous, extraneous values). These kinds of issues are latent in nature and thus often not obvious. Nevertheless, they can be associated with an increased risk of future problems in AI-based systems (e.g., technical debt, data-induced faults). As a counterpart to code smells in software engineering, we refer to such issues as Data Smells. This article conceptualizes data smells and elaborates on their causes, consequences, detection, and use in the context of AI-based systems. In addition, a catalogue of 36 data smells divided into three categories (i.e., Believability Smells, Understandability Smells, Consistency Smells) is presented. Moreover, the article outlines tool support for detecting data smells and presents the result of an initial smell detection on more than 240 real-world datasets. 

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2022
Nyckelord
Data reduction, Odors, Code smell, Data engineering, Data quality, Data smell, On potentials, Quality issues, Technical debts, Three categories, Tool support, Understandability, Software engineering, artificial intelligence, data smells
Nationell ämneskategori
Programvaruteknik
Identifikatorer
urn:nbn:se:bth-23541 (URN)10.1145/3522664.3528590 (DOI)2-s2.0-85133411277 (Scopus ID)9781450392754 (ISBN)
Konferens
1st International Conference on AI Engineering - Software Engineering for AI, CAIN 2022, Pittsburgh, 16 May 2022 through 17 May 2022
Anmärkning

open access

Tillgänglig från: 2022-08-12 Skapad: 2022-08-12 Senast uppdaterad: 2022-12-13Bibliografiskt granskad
Tuzun, E., Erdogmus, H., Baldassarre, M. T., Felderer, M., Feldt, R. & Turhan, B. (2022). Ground-Truth Deficiencies in Software Engineering: When Codifying the Past Can Be Counterproductive. IEEE Software, 39(3), 85-95
Öppna denna publikation i ny flik eller fönster >>Ground-Truth Deficiencies in Software Engineering: When Codifying the Past Can Be Counterproductive
Visa övriga...
2022 (Engelska)Ingår i: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194, Vol. 39, nr 3, s. 85-95Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

In software engineering, the objective function of human decision makers might be influenced by many factors. Relying on historical data as the ground truth may give rise to systems that automate software engineering decisions by mimicking past suboptimal behavior. We describe the problem and offer some strategies. ©IEEE.

Ort, förlag, år, upplaga, sidor
IEEE Computer Society, 2022
Nyckelord
Decision making, Cognitive bias, Engineering decisions, Historical data, Human decisions, Mitigation strategy, Objective functions, Process decisions, Software engineering tools, Software engineering
Nationell ämneskategori
Företagsekonomi Produktionsteknik, arbetsvetenskap och ergonomi
Identifikatorer
urn:nbn:se:bth-22971 (URN)10.1109/MS.2021.3098670 (DOI)000811542700012 ()2-s2.0-85111024778 (Scopus ID)
Tillgänglig från: 2022-05-23 Skapad: 2022-05-23 Senast uppdaterad: 2023-06-30Bibliografiskt granskad
Organisationer
Identifikatorer
ORCID-id: ORCID iD iconorcid.org/0000-0003-3818-4442

Sök vidare i DiVA

Visa alla publikationer