Abstract

During the initial stages of software development, the primary goal is to define precise and detailed requirements without concern for software realizations. Security constraints should be introduced then and must be based on the semantic aspects of applications, not on their software architectures, as it is the case in most secure development methodologies. In these stages, we need to identify threats as attacker goals and indicate what conceptual security defenses are needed to thwart these goals, without consideration of implementation details. We can consider the effects of threats on the application assets and try to find ways to stop them. These threats should be controlled with abstract security mechanisms that can be realized by abstract security patterns (ASPs), that include only the core functions of these mechanisms, which must be present in every implementation of them. An abstract security pattern describes a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy. We describe here the properties of ASPs and present a detailed example. We relate ASPs to each other and to Security Solution Frames, which describe families of related patterns. We show how to include ASPs to secure an application, as well as how to derive concrete patterns from them. Finally, we discuss their practical value, including their use in “security by design” and IoT systems design.

Vulnerability and attack information must be collected to assess the severity of vulnerabilities and prioritize countermeasures against cyberattacks quickly and accurately. Common Vulnerabilities and Exposures is a dictionary that lists vulnerabilities and incidents, while Common Attack Pattern Enumeration and Classification is a dictionary of attack patterns. Direct identification of common attack pattern enumeration and classification from common vulnerabilities and exposures is difficult, as they are not always directly linked. Here, an approach to directly find common links between these dictionaries is proposed. Then, several patterns, which are combinations of similarity measures and popular algorithms such as term frequency–inverse document frequency, universal sentence encoder, and sentence BERT, are evaluated experimentally using the proposed approach. Specifically, two metrics, recall and mean reciprocal rank, are used to assess the traceability of the common attack pattern enumeration and classification identifiers associated with 61 identifiers for common vulnerabilities and exposures. The experiment confirms that the term frequency–inverse document frequency algorithm provides the best overall performance.

Online judges are often used in programming education for beginners. Although they help improve coding skills, students may not obtain sufficient educational effects with much assignment difficulty. Instead of presenting a model answer to an assignment, we propose an approach to provide students contents of problems and answer source code similar to the assignment. We implemented the approach as a system and conducted an intervention experiment in a university lecture course to evaluate its effectiveness. There was a statistically significant improvement in the number of correct answers compared to the same course in another year without the proposed system. Therefore, it is suggested that the proposed approach can aid in the understanding of an assignment and improve the educational effect.

In evaluating the learning achievement of programming-thinking skills, the method of using a rubric that describes evaluation items and evaluation stages is widely employed. However, few studies have evaluated the reliability, validity, and consistency of the rubrics themselves. In this study, we introduced a statistical method for evaluating the characteristics of rubrics using the goal question metric (GQM) method. Furthermore, we proposed a method for measuring four evaluation results and characteristics obtained from rubrics developed using this statistical method. Moreover, we showed and confirmed the consistency and validity of the statistical method using the GQM method of the resulting developed rubrics. We show how to verify the consistency and validity of the rubric using the GQM method.</p>

For effective vulnerability management, vulnerability and attack information must be collected quickly and efficiently. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of common attributes and approaches employed by adversaries to exploit known weaknesses. Due to the fact that the information in these two repositories are not linked, identifying related CAPEC attack information from CVE vulnerability information is challenging. Currently, the related CAPEC-ID can be traced from the CVE-ID using Common Weakness Enumeration (CWE) in some but not all cases. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using three similarity measures: TF–IDF, Universal Sentence Encoder (USE), and Sentence-BERT (SBERT). We prepared and used 58 CVE-IDs as test input data. Then, we tested whether we could trace CAPEC-IDs related to each of the 58 CVE-IDs. Additionally, we experimentally confirm that TF–IDF is the best similarity measure, as it traced 48 of the 58 CVE-IDs to the related CAPEC-ID.

To guide practitioners and researchers to design and research Machine Learning (ML) system development processes, we conduct a preliminary literature review on ML system development practices. We identified seven papers and two other papers determined in an ad-hoc review. Our findings include emphasized phases in ML system developments, frequently described ML-specific practices, and tailored traditional practices.

Security and privacy in cloud systems are critical. To address security and privacy concerns, many security patterns, privacy patterns, and non-pattern-based knowledge have been reported. However, knowing which pattern or combination of patterns to use in a specific scenario is challenging due to the sheer volume of options and the layered cloud stack. To deal with security and privacy in cloud services, this study proposes the cloud security and privacy metamodel (CSPM). CSPM uses a consistent approach to classify and handle existing security and privacy patterns. In addition, CSPM is used to develop a security and privacy awareness process to develop cloud systems. The effectiveness and practicality of CSPM is demonstrated via several case studies.

Many businesses strive to align their business goals, strategies, and systems. Because the relationships between goals, strategies, and systems are often vague, the level of success derived from their interrelationships may be ambiguous. In addition, adjusting the system to accommodate changing goals and strategies is becoming more difficult due to increasing agile developments. By linking GQM+Strategies and SysML, we propose a framework to systematically align business requirements and system functions.

Security patterns encompass security-related issues in secure software system development and operations that often appear in certain contexts. Since the late 1990s, about 500 security patterns have been proposed. Although the technical components are well investigated, the direction, overall picture, and barriers to implementation are not. Here, a systematic literature review of 240 papers is used to devise a taxonomy for security pattern research. Our taxonomy and the survey results should improve communications among practitioners and researchers, standardize the terminology, and increase the effectiveness of security patterns.

This paper summarizes the objectives and results of the WESPr-18: The International Workshop on Evidence-based Security and Privacy in the Wild held on December 4th in Nara, Japan. The workshop was collocated with APSEC 2018.

Dynamic approaches to log monitoring require adaptive/incremental parsing methodology to extract meaningful features from complex, evolving data. In this preliminary study, a systematic literature review of online/incremental log parsing research is performed. An inventory of methods is taken, gaps in current research are explored, and suggestions are made for future studies.

In this study, we consider projects for the development of machine learning (ML) service systems that apply ML techniques to enterprise functions, and propose a method of representing the architecture and design patterns for ML service systems. Based on the proposed method, we represent the items described in the pattern documents as elements in the enterprise architecture modeling and derived a generic model for ML architecture and designed patterns. By applying the proposed method and the generic pattern model, we analyze an existing ML design pattern and represent it as a model. Through modeling practice, we confirm that an effective use scenario occurs when using the represented model during the project activities, and we can revise or enhance the pattern documents consistently by applying the model.

Participants’ feelings and impressions utilizing electroencephalography (EEG) and the effectiveness of code are compared for different types of programming sessions. EEG information is obtained as an alternate viewpoint during three programming sessions (solo, pair, and mob programming). MindWave Mobile 2 (brainwave detector) is equipped to collect the attention levels, meditation levels, and EEG brainwaves. These data are utilized to distinguish efficiencies, weaknesses, and points of interest by programming session. The results provide preliminary information to distinguish between the three sessions, but further studies are necessary to make firm conclusions. Additionally, alternative methods or systems are required to analyze the collected data.

Extreme programming (XP) approaches such as pair and mob programming (PP and MP, respectively) have been introduced to the educational sector. However, higher education curricula have started implementing online courses as a method for teaching programming, which poses challenges when conducting XP. Because social factors are vital to learning, we examine a project-based learning method using online MP that introduces a high level of communication. It also maintains the advantages of PP through the "driver" and "navigator" approach. However, there are multiple complications, including discomfort, slow code generation, and interpersonal issues, when using conventional MP. Accordingly, we introduce a mentoring approach to the MP setup and examine the differences compared to conventional MP sessions. We create and analyze co-occurrence networks of codes found via open coding. In this paper, we explain our method and show its advantages based on the results of our analysis.

There are many lectures for students or working adults. Educational institutions have created a table that associates educational courses with learning standards in order to understand the content of these courses. Learning standards such as SFIA (Skills Framework for an Information Age) indicate the skills that learners should learn. The mapped table can make contents clear for students or other educational institutions.

Business-to-Business (B-to-B) software development companies develop services to satisfy their customers’ requirements. Developers should prioritize customer satisfaction because customers greatly influence agile software development. However, satisfying current customer’s requirements may not fulfill actual users or future customers’ requirements because customers’ requirements are not always derived from actual users. To reconcile these differences, developers should identify conflicts in their strategic plan. This plan should consider current commitments to end users and their intentions as well as employ a data-driven approach to adapt to rapid market changes. A persona models an end user representation in human-centered design. Although previous works have applied personas to software development and proposed data-driven software engineering frameworks with gap analysis between the effectiveness of commitments and expectations, the significance of developers’ commitment and quantitative decision-making are not considered. Developers often do not achieve their business goal due to conflicts. Hence, the target of commitments should be validated. To address these issues, we propose Data-Driven Persona Retrospective (DDR) to help developers plan future releases. DDR, which includes the Persona Significance Index (PerSI) to reflect developers’ commitments to end users’ personas, helps developers identify a gap between developers’ commitments to personas and expectations. In addition, DDR identifies release situations with conflicts based on PerSI. Specifically, we define four release cases, which include different situations and issues, and provide a method to determine the release case based on PerSI. Then we validate the release cases and their determinations through a case study involving a Japanese cloud application and discuss the effectiveness of DDR.

「情報分野における標準の戦略と実践」特集

Many researchers have proposed program visualization tools for memory management because this is a challenging concept for novice programmers. For example, SeeC and PythonTutor (PT) are state-of-the-art tools for C languages. However, three problems hinder the use of these and other tools: capability (P1), installability (P2), and usability (P3). (P1) Tools do not fully support dynamic memory allocation or File Input / Output (I/O) and Standard Input. (P2) Novice programmers often have difficulty installing SeeC due to its dependence on Clang and setting up an offline environment that uses PT. (P3) Revisualization of the modified source code in SeeC requires several steps. To alleviate these issues, we propose a new visualization tool called PlayVisualizerC (PVC). PVC, which is designed for novice C language programmers to provide solutions (S1-3) for P1-3. S1 offers complete support for dynamic memory allocation, standard I/O, and file I/O. S2 involves installation in a user web browser and its server program is initiated by executing a jar file. S3 reduces the steps required for revisualization. To evaluate PVC, we conducted an experiment and questionnaire involving 30 students. Students using PVC solved a set of four programming tasks on average 1.7 times faster and with 19% more correct answers than those using a current state-of-the-art visualization tool.

<p>Recent organizations are expected to grow up by innovation management of IoT (Internet of Things) in a broad sense covering from planning to implementation. However, in Japan, there is a shortage of advanced information technology professionals who master IoT and related technologies, and can lead innovation using them. This paper analyzes and classifies requirements of IoT technology and innovation management education for working professionals, then explain some representative educational programs.</p>

Aligning organizational goals and strategies is important in Business Process Management (BPM). The Horizontal Relation Identification Method (HoRIM), which is our extension of the GQM+Strategies framework, improves the strategic alignment between organizations. GQM+Strategies aligns the strategies across organizational units at different levels by a strategy model, which is a tree structure of strategies called a GQM+Strategies grid. HoRIM identifies and handles horizontal relations (e.g., conflicting and similar strategies) between strategies in different branches, but we have yet to adequately inspect the impact of HoRIM on identifying correct horizontal relations and improving grids. This lack of clarity hampers the application of HoRIM to industrial business strategy models. Herein, we evaluate the impact of HoRIM on the review process and the improvement process of GQM+Strategies grids using two experiments. The review experiment confirms that HoRIM identifies about 1.5 more horizontal relations than an ad hoc review. The modification experiment where four researchers evaluated the validity of improved grids by the ranking method suggests that HoRIM effectively modifies GQM+Strategies grids.

Aligning organizational goals and strategies is important in Business Process Management (BPM). The Horizontal Relation Identification Method (HoRIM), which is our extension of the GQM+Strategies framework, improves the strategic alignment between organizations. GQM+Strategies aligns the strategies across organizational units at different levels by a strategy model, which is a tree structure of strategies called a GQM+Strategies grid. HoRIM identifies and handles horizontal relations (e.g., conflicting and similar strategies) between strategies in different branches, but we have yet to adequately inspect the impact of HoRIM on identifying correct horizontal relations and improving grids. This lack of clarity hampers the application of HoRIM to industrial business strategy models. Herein, we evaluate the impact of HoRIM on the review process and the improvement process of GQM+Strategies grids using two experiments. The review experiment confirms that HoRIM identifies about 1.5 more horizontal relations than an ad hoc review. The modification experiment where four researchers evaluated the validity of improved grids by the ranking method suggests that HoRIM effectively modifies GQM+Strategies grids.

Aligning organizational goals and strategies is important in Business Process Management (BPM). The Horizontal Relation Identification Method (HoRIM), which is our extension of the GQM+Strategies framework, improves the strategic alignment between organizations. GQM+Strategies aligns the strategies across organizational units at different levels by a strategy model, which is a tree structure of strategies called a GQM+Strategies grid. HoRIM identifies and handles horizontal relations (e.g., conflicting and similar strategies) between strategies in different branches, but we have yet to adequately inspect the impact of HoRIM on identifying correct horizontal relations and improving grids. This lack of clarity hampers the application of HoRIM to industrial business strategy models. Herein, we evaluate the impact of HoRIM on the review process and the improvement process of GQM+Strategies grids using two experiments. The review experiment confirms that HoRIM identifies about 1.5 more horizontal relations than an ad hoc review. The modification experiment where four researchers evaluated the validity of improved grids by the ranking method suggests that HoRIM effectively modifies GQM+Strategies grids.

特集テーマ「IoT時代のイノベーションマネジメント」招待論文

© Springer Nature Singapore Pte Ltd. 2018. A software system is developed for satisfying requirements of stakeholders. Each requirement will be never satisfied without the collaboration of several components such as the system, devices and people interacting with them, i.e. users. However, a user does not or cannot always behave toward the other components according to their expectations. For example, a user sometimes makes mistake or even misuse of the system. The system thus has to encourage users to behave according to such expectations as well as possible. In this paper, we propose a method for eliciting software requirements that will improve users’ behavior with respect to the expectations. We rely on transparency, i.e. the open flow of information amongst stakeholders because no one can directly manipulate users but transparency has an influence on users’ behavior. We expect users will voluntarily behave better than ever when the system provides suitable information flows. We represent our method by using KAOS goal modeling notation, and show examples how it works.

Aligning organizational goals and strategies is important in Business Process Management (BPM). The Horizontal Relation Identification Method (HoRIM), which is our extension of the GQM+Strategies framework, improves the strategic alignment between organizations. GQM+Strategies aligns the strategies across organizational units at different levels by a strategy model, which is a tree structure of strategies called a GQM+Strategies grid. HoRIM identifies and handles horizontal relations (e.g., conflicting and similar strategies) between strategies in different branches, but we have yet to adequately inspect the impact of HoRIM on identifying correct horizontal relations and improving grids. This lack of clarity hampers the application of HoRIM to industrial business strategy models. Herein, we evaluate the impact of HoRIM on the review process and the improvement process of GQM+Strategies grids using two experiments. The review experiment confirms that HoRIM identifies about 1.5 more horizontal relations than an ad hoc review. The modification experiment where four researchers evaluated the validity of improved grids by the ranking method suggests that HoRIM effectively modifies GQM+Strategies grids.

Software developments involving multiple organizations such as Open Source Software (OSS)-based projects tend to have numerous defects when one organization develops and another organization edits the program source code files. Developments with complex file creation, modification history (origin), and software architecture (functional layer) are increasing in OSS-based development. As an example, we focus on an Android smart phone and a VirtualBox development project, and propose new visualization techniques for product metrics based on file origin and functional layers. One is the Metrics Area Figure, which can express duplication of edits by multiple organizations intuitively using overlapping figures. The other is Origin City, which was inspired by Code City. It can represent the scale and other measurements, while simultaneously stacking functional layers as 3D buildings. The contributions of our paper are to propose new techniques, implement them as web applications, and share the results of our questionnaire. Our proposed techniques are useful not only to visualize the measured metrics, but also to improve the product quality.

The recovery of traceability links to requirements from a functional model created through analysis/design is crucial to understand existing systems for reuse, improvement or maintenance. Functional and non-functional requirements generally are implicitly interpreted and non-systematically woven into a functional model by analysts/designers. Traditional traceability link recovery methods focusing on terminology or syntactic structure, however, have a recovery limit because such interpretation and weave are not paid enough attention. This paper presents a novel idea to decompose such a functional model into model components in order to accurately trace a components to requirements especially non-functional requirements. We call such the decomposition traceability link mining. A screen transition model is adopted as the functional model because of the focus on usability.

In software and IT systems engineering, personal characteristics are expected to impact performance and attitude. To clarify the optimal composition in a team of students in academic education, we researched the relationship between student personality characteristics and learning effectiveness of teams using the Five Factor and Stress theory (FFS). The results taken from a Project-based Learning (PBL) course at Waseda University showed that educational effectiveness is highest when a team consists of management and anchor types without leadership types. In addition to FFS, we are currently adopting the Five Factor Model (FFM), which is a well-accepted personal characteristic model, to dig deeper the relationship in different courses on IT systems and software development conducted at various universities. Preliminary results show that although individual characteristics are not strongly correlated to learning effectiveness, there are a few strong team correlations. As our future work, we plan to acquire more data and investigate relationship between FFS measurements and FFM ones in terms of learning effectiveness.

Previous studies have researched how developer experience affects code quality, but they ignore work difficulty, although experienced developers are more likely to work on the more complex parts of a project. To examine work difficulty, we focus on revised files. Using product metrics, we evaluate file complexity in each type of file origin. Specifically, we analyze three large commercial projects (each project has about 250,000 LOC) executed by the same organization to analyze the relationship between previous project experience and developer's work. Although experienced developers do not always work on more complicated files, they introduce fewer defects, especially if the difference in work difficulty is not significant.

Although working in teams is an effective method for students to learn skills necessary for information systems, the optimal combination of team members to maximize the learning effectiveness has yet to be clarified. This study investigates the relationship between the combination of students' personality characteristics and learning effectiveness in three information system lecture courses. Two Five Factor Model (FFM) questionnaires were used to determine each student's personality characteristic. For each course, which has different styles, several different relationships are found. This study should assist educators in maximizing students' learning effectiveness in information systems courses involving teamwork.

Today's development environment has changed drastically; the development periods are shorter than ever and the number of team members has increased. Consequently, controlling the activities and predicting when a development will end are difficult tasks. To adapt to changes, we propose a generalized software reliability model (GSRM) based on a stochastic process to simulate developments, which include uncertainties and dynamics such as unpredictable changes in the requirements and the number of team members. We assess two actual datasets using our formulated equations, which are related to three types of development uncertainties by employing simple approximations in GSRM. The results show that developments can be evaluated quantitatively. Additionally, a comparison of GSRM with existing software reliability models confirms that the approximation by GSRM is more precise than those by existing models.

Bodies of Knowledge (BOK) contains the relevant knowledge for a discipline. BOK must embody the consensus reached by the community for which this BOK will be of application. This consensus is a prerequisite for the adoption of the BOK by the community. In this paper, we utilize a combinations of Software Engineering Body of Knowledge (SWEBOK), models representation, and design science methodology in order to describe the software engineering knowledge context (SEC). SWEBOK serves as backbone taxonomy, while models representation provides a context of representation. In the process of develop of this paper science design methodology was used to provide fundamental knowledge in software engineering (SE).

Software stakeholders, including developers, managers, and end users, require high quality software products. Several works have aimed to identify software quality, but the quality of software products is often not comprehensively, specifically, or effectively defined because previous approaches have focused on certain quality aspects. Moreover, the evaluation results of quality metrics often depend on software stakeholders so that it is often hard to compare quality evaluation results across software products. ISO/IEC has tried to define evaluation methods for the quality of software products and provide common standards, called the SQuaRE (Systems and software Quality Requirements and Evaluation) series including ISO/IEC 25022:2016 and ISO/IEC 25023:2016. However, the SQuaRE series include ambiguous metrics so that it is not always easy to apply the series to products and compare results. In this paper, we propose a SQuaRE-based software quality evaluation framework, which successfully concretized many product metrics and quality in use metrics originally defined in the SQuaRE series1. Through a case study targeting a commercial software product, we confirmed that our framework is concretely applicable to the software package/service product.

Design Patterns provide solutions to problems that are notably prevailing in software engineering. The paper targets the importance of design patterns, but also aims on how design patterns uncover and fortify good object oriented principles. A design pattern called Bout was discovered to maintain sessions for a specific period of time. The design is a generic solution to implementing web portals by storing session data of clients on the server. The Bout pattern comprises the design principle of Singleton and Prototype patterns, thus guaranteeing a more reusable design. The Bout pattern is documented in the Gang of Four pattern description template. The Bout pattern was tested with a Job Portal system with additional patterns, Factory Method, Decorator and Observer, with significant improvement in object oriented design metrics. Metrics which showed a significant enhancement were Depth of Inheritance Tree and McCabe Cyclomatic Complexity. The reusability of black box components was analyzed for the Job Portal system which shows a momentous rise in the metrics. The source code was analyzed for modularity traits such as size, complexity, cohesion and coupling, which in turn determines the class quality, package quality and hence the modularity index. These quality metrics showed a symbolic upswing with Bout pattern and supporting patterns. Thus software designers can enhance the quality of distributed systems with the exercising of Bout pattern.

To improve practical IT education, many Japanese universities are implementing project-based learning (PBL). Although a previous study examined the relationship between educational effectiveness and the scatter of personal characteristics, the relationship between educational effectiveness and the combination of personal characteristics in a team, which is important to optimize the team composition for PBL, has yet to be examined. Herein, we use the five factor and stress theory to measure personal characteristics and classify students enrolled in a PBL class at Waseda University into four types-leadership, management, tugboat, and anchor. Then, knowledge and skills questionnaires are used to measure educational effectiveness. The results show that educational effectiveness is highest when a team consists of management and anchor types without leadership types. The results are preliminary, because the practical usefulness of our results is limited as the experiment of the paper targeted only one PBL course of one university. For that reason, we need to collect data from other PBL course at the same or other university.

<p>現在、小学生のプログラミング知識や能力を評価する指標として様々なものが存在するが、いずれも特定の対象に特化しており汎用性に乏しく、継続的に用いることが難しい。そこで我々は、 包括的かつ実効性を伴うルーブリック形式の評価基準を提案する。本基準の項目作成にあたって は我々が主催するワークショップにおけるアンケート結果および複数の既存の評価基準を取り 入れ、達成目標の設定はブルームの教育目標分類を参考にした。本基準は様々なプログラミング 教育機会において網羅的かつ一律的に生徒の学習効果を評価し学習計画を策定することに役立 つといえる。</p>

To improve practical IT education, many Japanese universities are implementing project-based learning (PBL). Although a previous study examined the relationship between educational effectiveness and the scatter of personal characteristics, the relationship between educational effectiveness and the combination of personal characteristics in a team, which is important to optimize the team composition for PBL, has yet to be examined. Herein, we use the five factor and stress theory to measure personal characteristics and classify students enrolled in a PBL class at Waseda University into four types-leadership, management, tugboat, and anchor. Then, knowledge and skills questionnaires are used to measure educational effectiveness. The results show that educational effectiveness is highest when a team consists of management and anchor types without leadership types. The results are preliminary, because the practical usefulness of our results is limited as the experiment of the paper targeted only one PBL course of one university. For that reason, we need to collect data from other PBL course at the same or other university.

In software development, defects are inevitable. To improve reliability, software reliability growth models are useful to analyze projects. Selecting an expedient model can also help with defect predictions, but the model must be well fitted to all the original data. A particular software reliability growth model may not fit all the data well. To overcome this issue, herein we use multistage modeling to fit defect data. In the multistage model, an evaluation is used to divide the data into several parts. Each part is fitted with its own growth model, and the separate models are recombined. As a case study, projects provided by a Japanese enterprise are analyzed by both traditional software reliability growth models and the multistage model. The multistage model has a better performance for data with a poor fit using a traditional software reliability growth model.

Test Driven Development as well as the documentation of tests and their architecture are today an important pillar of software quality assurance. The change of requirements during the implementation phase entails a need to change tests as well as the test documentation of the software. Since unit tests are specified in the implementation language, an interdisciplinary readable documentation must be maintained, which is structurally easier to comprehend and also make the test transparent for persons who are not involved into code writing. This leads to additional effort, costs and possibly inconsistencies between the test and its documentation. This gap in the workflow could be closed by Tanni - a domain specific language, which allows the specification of test cases in the form of interdisciplinary readable tables without requiring programming skills. Based on them executable test code for the respective unit test framework is generated. This merges specification and documentation of unit test cases to one step of work. By this the mentioned additional effort, costs and imminent inconsistencies can be reduced. The Language Workbench Meta Programming System from JetBrains serves as a technological base and is enabler for further positive effects which possibly could be gained by using the described language.

Static-type systems are a major topic in programming language research and the software industry because they should reduce the development time and increase the code quality. Additionally, they are predicted to decrease the number of defects in a code due to early error detection. However, only a few empirical experiments exist on the potential benefits of static-type systems in programming activities. This paper describes an experiment that tests whether static-type systems help developers create solutions for certain programming tasks. The results indicate that although the existence of a static-type system has no positive impact when subjects code a program from scratch, it does allow more errors in program debugging to be fixed.

Test Driven Development as well as the documentation of tests and their architecture are today an important pillar of software quality assurance. The change of requirements during the implementation phase entails a need to change tests as well as the test documentation of the software. Since unit tests are specified in the implementation language, an interdisciplinary readable documentation must be maintained, which is structurally easier to comprehend and also make the test transparent for persons who are not involved into code writing. This leads to additional effort, costs and possibly inconsistencies between the test and its documentation. This gap in the workflow could be closed by Tanni - a domain specific language, which allows the specification of test cases in the form of interdisciplinary readable tables without requiring programming skills. Based on them executable test code for the respective unit test framework is generated. This merges specification and documentation of unit test cases to one step of work. By this the mentioned additional effort, costs and imminent inconsistencies can be reduced. The Language Workbench Meta Programming System from JetBrains serves as a technological base and is enabler for further positive effects which possibly could be gained by using the described language.

In software development, defects are inevitable. To improve reliability, software reliability growth models are useful to analyze projects. Selecting an expedient model can also help with defect predictions, but the model must be well fitted to all the original data. A particular software reliability growth model may not fit all the data well. To overcome this issue, herein we use multistage modeling to fit defect data. In the multistage model, an evaluation is used to divide the data into several parts. Each part is fitted with its own growth model, and the separate models are recombined. As a case study, projects provided by a Japanese enterprise are analyzed by both traditional software reliability growth models and the multistage model. The multistage model has a better performance for data with a poor fit using a traditional software reliability growth model.

Static-type systems are a major topic in programming language research and the software industry because they should reduce the development time and increase the code quality. Additionally, they are predicted to decrease the number of defects in a code due to early error detection. However, only a few empirical experiments exist on the potential benefits of static-type systems in programming activities. This paper describes an experiment that tests whether static-type systems help developers create solutions for certain programming tasks. The results indicate that although the existence of a static-type system has no positive impact when subjects code a program from scratch, it does allow more errors in program debugging to be fixed.

Personas are fictional characters used to understand users' requirements. Many researchers have proposed persona development methods from quantitative data (data-driven personas development). However, it is not assumed that personas in these works are used continuously and these personas cannot reflect on unpredictable changes in users. It is difficult to plan reliable strategies in a web service because users' preference dynamically changes. To develop more suitable personas for decision-making in a web service, this paper proposes Iterative Data-Driven Development of Personas (ID3P). In particular, to detect an unpredictable change in users' characteristics, our proposal includes an iterative process where the personas are quantitatively evaluated and revised in each iteration. Moreover, it provides a quantitative evaluation of business strategies based on GQM+Strategies and personas. To verify our proposal, we applied it to Yahoo!JAPAN's web service called Netallica.

Personas are fictional characters used to understand users' requirements. Many researchers have proposed persona development methods from quantitative data (data-driven personas development). However, it is not assumed that personas in these works are used continuously and these personas cannot reflect on unpredictable changes in users. It is difficult to plan reliable strategies in a web service because users' preference dynamically changes. To develop more suitable personas for decision-making in a web service, this paper proposes Iterative Data-Driven Development of Personas (ID3P). In particular, to detect an unpredictable change in users' characteristics, our proposal includes an iterative process where the personas are quantitatively evaluated and revised in each iteration. Moreover, it provides a quantitative evaluation of business strategies based on GQM+Strategies and personas. To verify our proposal, we applied it to Yahoo!JAPAN's web service called Netallica.

This chapter discusses common pitfalls and their countermeasures in software quality measurements and evaluations based on research and practical achievements. The pitfalls include negative Hawthorne effects, organization misalignment, uncertain future, and self-certified quality. Corresponding countermeasures include goal-oriented multidimensional measurements, alignment visualization and exhaustive identification of rationales, prediction incorporating uncertainty and machine learning-based measurement improvement, and standard/pattern-based evaluation.

Traceability is important knowledge for improving the artifacts of software and systems and processes related to them. Even in a single system, various kinds of artifacts exist. Various kinds of processes also exist, and each of them relates to different kinds of artifacts. Traceability over them has thus large diversity. In addition, developers in each process have different types of purposes to improve their artifacts and process. Research results in traceability have to be categorized and analyzed so that such a developer can choose one of them to achieve his/her purposes. In this paper, we report on the results of Systematic Literature Review (SLR) related to software and systems traceability. Our SLR is preliminary one because we only analyzed articles in ACM digital library and IEEE computer society digital library. We found several interesting trends in traceability research. For example, researches related to creating or maintaining traceability are larger than those related to using it or thinking its strategy. Various kinds of traceability purposes are addressed or assumed in many researches, but some researches do not specify purposes. Purposes related to changes and updates are dominant.

Monitoring the results of software reliability growth models (SRGMs) helps evaluate project's situations. SRGMs are used to measure the reliability of software by analyzing the relations between the number of detected bugs and the detected time to predict the number of remaining bugs within the software. For example, development managers apply a SRGM to the number of detected bugs and the detected time to predict the number of remaining bugs. Sometimes the SRGM results cause managers to make incorrect decisions because the results are temporary snapshots that change as a development progresses. We propose a method to help evaluate a project's qualities by monitoring the results of SRGM applications. We collected the number of detected bugs and the detected time in the test phases for cloud services provided by e-Seikatsu Co., Ltd. to real estate businesses. The datasets contain about 34 cloud service features. The evaluation found that our method provides correct answers for 29 features and incorrect answers for 5 features.

Monitoring the results of software reliability growth models (SRGMs) helps evaluate project's situations. SRGMs are used to measure the reliability of software by analyzing the relations between the number of detected bugs and the detected time to predict the number of remaining bugs within the software. For example, development managers apply a SRGM to the number of detected bugs and the detected time to predict the number of remaining bugs. Sometimes the SRGM results cause managers to make incorrect decisions because the results are temporary snapshots that change as a development progresses. We propose a method to help evaluate a project's qualities by monitoring the results of SRGM applications. We collected the number of detected bugs and the detected time in the test phases for cloud services provided by e-Seikatsu Co., Ltd. to real estate businesses. The datasets contain about 34 cloud service features. The evaluation found that our method provides correct answers for 29 features and incorrect answers for 5 features.

To achieve overall business goals, GQM+Strategies is one approach that aligns business goals at each level of an organization to strategies and assesses the achievement of goals. Strategies are based on rationales ( contexts and assumptions). Because extracting all rationales is an important process in the GQM+Strategies approach, we propose the Context-Assumption-Matrix ( CAM), which refines the GQM+Strategies model by extracting rationales based on analyzing the relationships between stakeholders, and the process of using GQM+Strategies with CAM effectively. To demonstrate the effectiveness of the CAM and the defined process, we conducted three experiments involving students majoring in information sciences at two different Japanese universities. Moreover, we applied the GQM+Strategies approach with CAM to the Recruit Sumai Company in Japan. The results reveal that compared to GQM+Strategies alone, GQM+Strategies with CAM can extract rationales of the same quality more efficiently and exhaustively.

To achieve overall business goals, GQM+Strategies is one approach that aligns business goals at each level of an organization to strategies and assesses the achievement of goals. Strategies are based on rationales ( contexts and assumptions). Because extracting all rationales is an important process in the GQM+Strategies approach, we propose the Context-Assumption-Matrix ( CAM), which refines the GQM+Strategies model by extracting rationales based on analyzing the relationships between stakeholders, and the process of using GQM+Strategies with CAM effectively. To demonstrate the effectiveness of the CAM and the defined process, we conducted three experiments involving students majoring in information sciences at two different Japanese universities. Moreover, we applied the GQM+Strategies approach with CAM to the Recruit Sumai Company in Japan. The results reveal that compared to GQM+Strategies alone, GQM+Strategies with CAM can extract rationales of the same quality more efficiently and exhaustively.

To achieve overall business goals, GQM+Strategies is one approach that aligns business goals at each level of an organization to strategies and assesses the achievement of goals. Strategies are based on rationales ( contexts and assumptions). Because extracting all rationales is an important process in the GQM+Strategies approach, we propose the Context-Assumption-Matrix ( CAM), which refines the GQM+Strategies model by extracting rationales based on analyzing the relationships between stakeholders, and the process of using GQM+Strategies with CAM effectively. To demonstrate the effectiveness of the CAM and the defined process, we conducted three experiments involving students majoring in information sciences at two different Japanese universities. Moreover, we applied the GQM+Strategies approach with CAM to the Recruit Sumai Company in Japan. The results reveal that compared to GQM+Strategies alone, GQM+Strategies with CAM can extract rationales of the same quality more efficiently and exhaustively.

To achieve overall business goals, GQM+Strategies is one approach that aligns business goals at each level of an organization to strategies and assesses the achievement of goals. Strategies are based on rationales (contexts and assumptions). Because extracting all rationales is an important process in the GQM+Strategies approach, we propose the Context-Assumption-Matrix (CAM), which refines the GQM+Strategies model by extracting rationales based on analyzing the relationships between stakeholders, and the process of using GQM+Strategies with CAM effectively. To demonstrate the effectiveness of the CAM and the defined process, we conducted three experiments involving students majoring in information sciences at two different Japanese universities. Moreover, we applied the GQM+Strategies approach with CAM to the Recruit Sumai Company in Japan. The results reveal that compared to GQM+Strategies alone, GQM+Strategies with CAM can extract rationales of the same quality more efficiently and exhaustively.

Although both visual and text environments have been used to teach programming, the most appropriate method for beginners is unknown. Herein we research the most suitable programming environment to introduce programming to beginners using Minecraft to provide different programming learning environments (Visual or Text) via ComputerCraftEdu as an extended function. The learning effects between these two environments are compared using a lecture course. The results show that a visual environment is more suitable to introduce programming to beginners.

Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them
forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers
a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.

To achieve the business objectives of an organization, the business goals and strategies must align. GQM+Strategies® is a method that aligns goals and strategies. By repeatedly defining lower-level goals and strategies, GQM+Strategies creates grids, which are specified from the initial set of goals and strategies, to link goals and strategies across different level units. Although the above approach can maintain consistency within a vertical refinement tree, horizontal relations at different branches may be missed. Herein we propose the Horizontal Relation Identification Method (HoRIM) to identify horizontal relations. HoRIM is an approach that detects the difference between the initial GQM+Strategies grid and a model obtained by applying Interpretive Structural Modeling (ISM) to the grid. ISM provides a hierarchical structure from the relation matrix that presents the relations between elements. An experiment confirms that HoRIM identifies about 1.5 times more horizontal relations than an ad hoc review. Additionally, an industrial application demonstrates the practical value of HoRIM.

To achieve the business objectives of an organization, the business goals and strategies must align. GQM+Strategies® is a method that aligns goals and strategies. By repeatedly defining lower-level goals and strategies, GQM+Strategies creates grids, which are specified from the initial set of goals and strategies, to link goals and strategies across different level units. Although the above approach can maintain consistency within a vertical refinement tree, horizontal relations at different branches may be missed. Herein we propose the Horizontal Relation Identification Method (HoRIM) to identify horizontal relations. HoRIM is an approach that detects the difference between the initial GQM+Strategies grid and a model obtained by applying Interpretive Structural Modeling (ISM) to the grid. ISM provides a hierarchical structure from the relation matrix that presents the relations between elements. An experiment confirms that HoRIM identifies about 1.5 times more horizontal relations than an ad hoc review. Additionally, an industrial application demonstrates the practical value of HoRIM.

Learning to programming language is difficult. One solution is to use a digital game, which increases motivation of first-time learners. In this paper, we were executing programming learning with MincraftEdu of sandbox game and ComputerCraftEdu of expansion function. In addition, learning method to programming has illustration-based programming and text-based programming in ComputerCraftEdu. We compare the programming way of illustration programming and text programming. In this result, there was a significant difference towards the illustration-based programming throughout the comparison. In this paper, we present the results.

Agile development is aimed at minimising overall risk and encouraging rapid and flexible response to specification changes by using an iterative process. Despite its iterative feature, studies on the effects of iteration length have been lacking. Currently, there is no established method to quantitatively determine the appropriate iteration length, and abortion of projects with an inappropriate iteration length has been reported. We therefore create a model of agile development that focuses on iteration length, and propose a method of simulating a particular project to estimate the appropriate iteration length. Furthermore, we simulate diverse situations using various parameters to understand the relationship between the iteration length and project constraints. Our results show that the appropriate iteration length depends on the condition of the project constraints
the larger the amount of uncertainty, the shorter the appropriate iteration length, while the higher the complexity of the project, the longer the iteration length should be.

Manual code inspections are intense and time-consuming activities to improve the maintainability and reusability of source code. Although automatic detection of high-risk source code file by metrics thresholds can help inspectors, determining the optimal thresholds is difficult Thus, we propose an iterative process to defin and improve GQM models with metrics thresholds to detect high-risk files Our process clarifie experts' viewpoints in the inspection and the measurement metrics using the GQM method, define how to interpret the metrics values, searches concrete thresholds for a specifi project by supervised learning using some of the file in the project as training data, and analyzes how to improve models and thresholds. We implemented our tool in R language and evaluated our process using a industrial project. Small-sized embedded C++ systems require only a few training data.

Agile development is aimed at minimising overall risk and encouraging rapid and flexible response to specification changes by using an iterative process. Despite its iterative feature, studies on the effects of iteration length have been lacking. Currently, there is no established method to quantitatively determine the appropriate iteration length, and abortion of projects with an inappropriate iteration length has been reported. We therefore create a model of agile development that focuses on iteration length, and propose a method of simulating a particular project to estimate the appropriate iteration length. Furthermore, we simulate diverse situations using various parameters to understand the relationship between the iteration length and project constraints. Our results show that the appropriate iteration length depends on the condition of the project constraints
the larger the amount of uncertainty, the shorter the appropriate iteration length, while the higher the complexity of the project, the longer the iteration length should be.

We propose a metamodel for handling security and privacy in cloud service development and operation. The metamodel is expected to be utilized for building a knowledge base to accumulate, classify and reuse existing cloud security and privacy patterns and practices in a consistent and uniform way. Moreover the metamodel and knowledge base are expected to be utilized for designing and maintaining architectures for cloud service systems incorporating security and privacy.

Students working in teams to complete software tasks is an effective method to learn necessary skills. Previously we examined the educational effectiveness as a function of personal characteristics, but the findings were inconclusive. Because we hypothesize that team discussions impact learning and are related to educational effectiveness, this study investigates the influence of team discussions on learning effectiveness in various types of software engineering education courses. Students' responses to questionnaires about how much students contribute to discussions indicate that learning effectiveness and the number of remarks during a discussion are related. Additionally, upon comparing two learning courses (a system development course and a IT management course), two antithetical results are elucidated. We expect that this research will help improve the effectiveness of educators leading student team discussions.

Because program behaviors of database applications depend on the data used, code coverages do not effectively test database applications. Additionally, test coverages for database applications that focus on predicates in Structured Query Language (SQL) queries are not useful if the necessary predicates are omitted. In this paper, we present two new database applications using Plain Pairwise Coverage (PPC) and Selected Pairwise Coverage (SPC) for SQL queries called Plain Pairwise Coverage Testing (PPCT) and Selected Pairwise Coverage Testing (SPCT), respectively. These coverages are based on pairwise testing coverage, which employs selected elements in the SQL SELECT query as parameters. We also implement a coverage calculation tool and conduct case studies on two open source software systems. PPCT and SPCT can detect many faults, which are not detected by existing test methods based on predicates in the query. Furthermore, the case study suggests that SPCT can detect faults more efficiently than PPCT and the costs of SPCT can be further reduced by ignoring records filtered out by the conditions of the query.

© 2016 IEEE.To improve practical IT education, many universities are implementing project-based learning (PBL). Although researchers have examined the relationship between projects and personality, they have not investigated the type of projects and team construction based on personality. We consider not to construct optimal team for the view of educational effectiveness if we do not understand the difference of each course characteristic. Herein the Five Factor & Stress theory is used to measure personal characteristics and classify students enrolled in two different PBL courses at a university into four types-leadership, management, tugboat, and anchor. Then knowledge and skills questionnaires are used to measure educational effectiveness. The results show that educational effectiveness is highest when a team consists of management and anchor types but not leadership types in the PBL course which teaches system development, and a team without management types is consisted in the PBL course which teaches IT management strategy.

When developers operate a service, both the business objectives and users' requirements must be satisfied. However, the interest between a business strategy and an action for the users is often unclear. Moreover, users' requirements that are inferred from user data analysis may not correspond with users' real requirements. In this paper, we propose the GO-MUC method (Goal-oriented Measurement for Usability and Conflict) and apply it to Yahoo! Crowdsourcing. The GO-MUC method can develop a strategy considering requirements of both the user and the business. Our results validate this method; this method can find an interest between the business side and users side and plan more effective and user-friendly strategies to resolve a conflicting interest.

Students working in teams to complete software tasks is an effective method to learn necessary skills. Previously we examined the educational effectiveness as a function of personal characteristics, but the findings were inconclusive. Because we hypothesize that team discussions impact learning and are related to educational effectiveness, this study investigates the influence of team discussions on learning effectiveness in various types of software engineering education courses. Students' responses to questionnaires about how much students contribute to discussions indicate that learning effectiveness and the number of remarks during a discussion are related. Additionally, upon comparing two learning courses (a system development course and a IT management course), two antithetical results are elucidated. We expect that this research will help improve the effectiveness of educators leading student team discussions.

When developers operate a service, both the business objectives and users' requirements must be satisfied. However, the interest between a business strategy and an action for the users is often unclear. Moreover, users' requirements that are inferred from user data analysis may not correspond with users' real requirements. In this paper, we propose the GO-MUC method (Goal-oriented Measurement for Usability and Conflict) and apply it to Yahoo! Crowdsourcing. The GO-MUC method can develop a strategy considering requirements of both the user and the business. Our results validate this method; this method can find an interest between the business side and users side and plan more effective and user-friendly strategies to resolve a conflicting interest.

We propose a metamodel for handling security and privacy in cloud service development and operation. The metamodel is expected to be utilized for building a knowledge base to accumulate, classify and reuse existing cloud security and privacy patterns and practices in a consistent and uniform way. Moreover the metamodel and knowledge base are expected to be utilized for designing and maintaining architectures for cloud service systems incorporating security and privacy.

Bodies of Knowledge (BOK), contain the relevant knowledge for a disciplines as example Software Engineering (SE), System Information (SI), Information Technology (IT), Computer Science (CS), Medicine, Economics, and others areas of knowledge. BOK describes relevant knowledge for a discipline, and will need show the consensus in the Knowledge Areas (KA), and related disciplines. The development of this consensus is a prerequisite to the adoption of coherent skills development in the education context, and continuing professional programs both in public and private organizations.
In this context a systematic mapping study (SMS), it was performed to evaluate quantity and types of primary studies in an area of interest. SMS will be used as the research method within this research. The research method proposed will allow to sort and classify the information referent to the topics of this research.
This paper is an attempt to analyze existing proposals on BOK contents, structure, and make a proposal what the kind of contents it should have, and how it should be structured so that this consensus among all parties can be described and best achieved. In the same way the relevance, and useful of the BOK in the curricular design for the innovation, and the industry context is present.

Because program behaviors of database applications depend on the data used, code coverages do not effectively test database applications. Additionally, test coverages for database applications that focus on predicates in Structured Query Language (SQL) queries are not useful if the necessary predicates are omitted. In this paper, we present two new database applications using Plain Pairwise Coverage (PPC) and Selected Pairwise Coverage (SPC) for SQL queries called Plain Pairwise Coverage Testing (PPCT) and Selected Pairwise Coverage Testing (SPCT), respectively. These coverages are based on pairwise testing coverage, which employs selected elements in the SQL SELECT query as parameters. We also implement a coverage calculation tool and conduct case studies on two open source software systems. PPCT and SPCT can detect many faults, which are not detected by existing test methods based on predicates in the query. Furthermore, the case study suggests that SPCT can detect faults more efficiently than PPCT and the costs of SPCT can be further reduced by ignoring records filtered out by the conditions of the query.

Bodies of Knowledge (BOK), contain the relevant knowledge for a disciplines as example Software Engineering (SE), System Information (SI), Information Technology (IT), Computer Science (CS), Medicine, Economics, and others areas of knowledge. BOK describes relevant knowledge for a discipline, and will need show the consensus in the Knowledge Areas (KA), and related disciplines. The development of this consensus is a prerequisite to the adoption of coherent skills development in the education context, and continuing professional programs both in public and private organizations.
In this context a systematic mapping study (SMS), it was performed to evaluate quantity and types of primary studies in an area of interest. SMS will be used as the research method within this research. The research method proposed will allow to sort and classify the information referent to the topics of this research.
This paper is an attempt to analyze existing proposals on BOK contents, structure, and make a proposal what the kind of contents it should have, and how it should be structured so that this consensus among all parties can be described and best achieved. In the same way the relevance, and useful of the BOK in the curricular design for the innovation, and the industry context is present.

We propose a metamodel for handling security and privacy in cloud service development and operation. The metamodel is expected to be utilized for building a knowledge base to accumulate, classify and reuse existing cloud security and privacy patterns and practices in a consistent and uniform way. Moreover the metamodel and knowledge base are expected to be utilized for designing and maintaining architectures for cloud service systems incorporating security and privacy.

We propose a method to compare software products developed by the same company in the same domain. Our method, which measures the time series of the number of detected faults, employs software reliability growth models (SRGMs). SRGMs describe the relations between faults and the time necessary to detect them. Although several researchers have studied cross project defect predictions to determine defect locations using the features of previous software product's code such as lines of codes and complexities, past works on SRGMs did not compare products or develop comparison methods. Herein we propose a method to compare SRGMs across products. To provide managers and developers insight on advances of its products, our method is applied to the datasets for nine projects developed by Sumitomo Electric Industries, Ltd. SRGMs based on person hours are between 13% and 97% more precise than those based on calendar time.

Quality measured and evaluated based on organization-specific quality models cannot be compared to the quality of other software products. To alleviate this problem, ISO/IEC defined international standards called the SQuaRE (Systems and software Quality Requirements and Evaluation) series for comprehensive quality measurement and evaluation; however, these standards include ambiguous measurements, making them difficult to apply. Herein an initial comprehensive quality measurement framework, which includes a clear measurement plan based on ISO/IEC 25022 and 25023, is proposed. A case study confirms the usefulness of the framework. As future work, we will introduce the framework to various domains. And then, we revise and refine measurements and evaluation plans to improve feasibility and usefulness.

We propose a method to compare software products developed by the same company in the same domain. Our method, which measures the time series of the number of detected faults, employs software reliability growth models (SRGMs). SRGMs describe the relations between faults and the time necessary to detect them. Herein we propose a method to compare SRGMs across products. To provide managers and developers insight on advances of its products, our method is applied to the datasets for nine projects developed by Sumitomo Electric Industries, Ltd.

We propose a method to compare software products developed by the same company in the same domain. Our method, which measures the time series of the number of detected faults, employs software reliability growth models (SRGMs). SRGMs describe the relations between faults and the time necessary to detect them. Although several researchers have studied cross project defect predictions to determine defect locations using the features of previous software product's code such as lines of codes and complexities, past works on SRGMs did not compare products or develop comparison methods. Herein we propose a method to compare SRGMs across products. To provide managers and developers insight on advances of its products, our method is applied to the datasets for nine projects developed by Sumitomo Electric Industries, Ltd. SRGMs based on person hours are between 13% and 97% more precise than those based on calendar time.

Software development requires the protection of privacy. However, a body of knowledge does not exist for the development of privacy-aware software. Based on a literature survey, this paper introduces various studies that address knowledge regarding the development of privacy-aware software, and describes the current status and future direction toward building a knowledge base for privacy-aware software development.

An information system can store personal information of its primary users such as shopping histories, and some third party wants or happens to know such information. Because the system usually provides its privacy policy and its users have to give their consent to it, they sometimes have to partially give up the protection of their privacy. On the other hand, a chance of a third party to know such information is too limited if the policy is too defensive. We proposed a method to explore trade-offs between protection of such information and access permissions for a third party, and exemplified it. In this method, operation logs of a system are focused. The structure of each log is then modelled for analysing what kinds of information can be accessed by a third party. Access limitations of each third party are explored so as to balance the protection of privacy information against access right of third parties.

We propose a method to compare software products developed by the same company in the same domain. Our method, which measures the time series of the number of detected faults, employs software reliability growth models (SRGMs). SRGMs describe the relations between faults and the time necessary to detect them. Herein our method is extended to classify past projects for comparison to current projects to help managers and developers decide when to end the test phases or release a project. Past projects are classified by three parameters: lines of code, number of test cases, and test density. Then SRGM is applied. Our extended method is applied to the datasets for nine projects developed by Sumitomo Electric Industries, Ltd. Classification by test density produces the best results.

Software developments involving multiple organizations such as OSS (Open Source Software)-based projects tend to have numerous defects when one organization develops and another organization edits the program source code files. Developments with complex file creation, modification history (origin), and software architecture (functional layer) are increasing in OSS-based development. As an example, here we focus on an Android smart phone development project and propose new visualization techniques for product metrics based on the file origin and functional layers. One is the Metrics Area Figure, which can express duplication of edits by multiple organizations intuitively using overlapping figures. The other is Origin City, which was inspired by Code City. It can represent the scale and other measurements, while simultaneously stacking functional layers as 3D buildings.

To support program comprehension, maintenance, and evolution, metamodels are frequently used during program reverse engineering activities to describe and analyze constituents of a program and their relations. Reverse engineering tools often define their own metamodels according to the intended purposes and features. Although each metamodel has its own advantages, its limitations may be addressed by other metamodels. Existing works have evaluated and compared metamodels and tools, but none have considered all the possible characteristics and limitations to provide a comprehensive guideline for classifying, comparing, reusing, and extending program metamodels. To aid practitioners and researchers in classifying, comparing, reusing, and extending program metamodels and their corresponding reverse engineering tools according to the intended goals, we establish a conceptual framework with definitions of program metamodels and related concepts. Then this framework is used to provide a comprehensive taxonomy, named Program Metamodel TAxonomy (ProMeTA), which incorporates newly identified characteristics into those stated in previous works, which were identified via a systematic literature survey on program metamodels, while keeping the orthogonality of the entire taxonomy. Additionally, we validate the taxonomy in terms of its orthogonality and usefulness through the classification of popular metamodels.

Manual code inspections are intense and time-consuming activities to improve the maintainability and reusability of source code. Although automatic detection of high-risk source code file by metrics thresholds can help inspectors, determining the optimal thresholds is difficult Thus, we propose an iterative process to defin and improve GQM models with metrics thresholds to detect high-risk files Our process clarifie experts' viewpoints in the inspection and the measurement metrics using the GQM method, define how to interpret the metrics values, searches concrete thresholds for a specifi project by supervised learning using some of the file in the project as training data, and analyzes how to improve models and thresholds. We implemented our tool in R language and evaluated our process using a industrial project. Small-sized embedded C++ systems require only a few training data.

Software developments involving multiple organizations such as OSS (Open Source Software)-based projects tend to have numerous defects when one organization develops and another organization edits the program source code files. Developments with complex file creation, modification history (origin), and software architecture (functional layer) are increasing in OSS-based development. As an example, here we focus on an Android smart phone development project and propose new visualization techniques for product metrics based on the file origin and functional layers. One is the Metrics Area Figure, which can express duplication of edits by multiple organizations intuitively using overlapping figures. The other is Origin City, which was inspired by Code City. It can represent the scale and other measurements, while simultaneously stacking functional layers as 3D buildings.

We propose a method to compare software products developed by the same company in the same domain. Our method, which measures the time series of the number of detected faults, employs software reliability growth models (SRGMs). SRGMs describe the relations between faults and the time necessary to detect them. Herein our method is extended to classify past projects for comparison to current projects to help managers and developers decide when to end the test phases or release a project. Past projects are classified by three parameters: lines of code, number of test cases, and test density. Then SRGM is applied. Our extended method is applied to the datasets for nine projects developed by Sumitomo Electric Industries, Ltd. Classification by test density produces the best results.

Although different programming environments have been developed to teach programming to beginners, the programming environment most suitable for introductory education is unknown in terms of the programming method such as text or visual. This study applies programming learning using a digital game, Minecraft, to compare the learning effect of text-based and visual-based programming in the LUA programming environment provided by a Minecraft extension. Both methods have certain learning effects, but visual-based programming has more significance than text-based programming on the attitude toward programming, indicating that visual-based programming is superior to text-based programming in introductory education.

Software development requires the protection of privacy. However, a body of knowledge does not exist for the development of privacy-aware software. Based on a literature survey, this paper introduces various studies that address knowledge regarding the development of privacy-aware software, and describes the current status and future direction toward building a knowledge base for privacy-aware software development.

To support program comprehension, maintenance, and evolution, metamodels are frequently used during program reverse engineering activities to describe and analyze constituents of a program and their relations. Reverse engineering tools often define their own metamodels according to the intended purposes and features. Although each metamodel has its own advantages, its limitations may be addressed by other metamodels. Existing works have evaluated and compared metamodels and tools, but none have considered all the possible characteristics and limitations to provide a comprehensive guideline for classifying, comparing, reusing, and extending program metamodels. To aid practitioners and researchers in classifying, comparing, reusing, and extending program metamodels and their corresponding reverse engineering tools according to the intended goals, we establish a conceptual framework with definitions of program metamodels and related concepts. Then this framework is used to provide a comprehensive taxonomy, named Program Metamodel TAxonomy (ProMeTA), which incorporates newly identified characteristics into those stated in previous works, which were identified via a systematic literature survey on program metamodels, while keeping the orthogonality of the entire taxonomy. Additionally, we validate the taxonomy in terms of its orthogonality and usefulness through the classification of popular metamodels.

Although different programming environments have been developed to teach programming to beginners, the programming environment most suitable for introductory education is unknown in terms of the programming method such as text or visual. This study applies programming learning using a digital game, Minecraft, to compare the learning effect of text-based and visual-based programming in the LUA programming environment provided by a Minecraft extension. Both methods have certain learning effects, but visual-based programming has more significance than text-based programming on the attitude toward programming, indicating that visual-based programming is superior to text-based programming in introductory education.

Manual code inspections are intense and time-consuming activities to improve the maintainability and reusability of source code. Although automatic detection of high-risk source code file by metrics thresholds can help inspectors, determining the optimal thresholds is difficult Thus, we propose an iterative process to defin and improve GQM models with metrics thresholds to detect high-risk files Our process clarifie experts' viewpoints in the inspection and the measurement metrics using the GQM method, define how to interpret the metrics values, searches concrete thresholds for a specifi project by supervised learning using some of the file in the project as training data, and analyzes how to improve models and thresholds. We implemented our tool in R language and evaluated our process using a industrial project. Small-sized embedded C++ systems require only a few training data.

The studies of Repository Mining have been actively conducted. However, it is difficult to search projects with specified languages, development scale, purposes and so on. In this paper, we propose RepositoryProbe, a dataset creation support tool fot the study of repository mining. It makes easier to search and collect the projects in project hosting service on the web, and supports the creation of datasets. In addition, it can collect the social metrics, the amount of development activities.

Existing techniques for crawling Javascript-heavy Rich Internet Applications tend to ignore user interactions beyond mouse clicking, and therefore often fail to consider potential mouse, keyboard and touch interactions. We propose a new technique for automatically finding and exercising such interactions by analyzing and exercising event handlers registered in the DOM. A basic form of gesture emulation is employed to find states accessible via swiping and tapping. Testing the tool against 6 well-known gesture libraries and 5 actual RIAs, we find that the technique discovers many states and transitions resulting from such interactions, and could be useful for cases such as automatic test generation and error discovery, especially for mobile web applications.

Existing techniques for crawling Javascript-heavy Rich Internet Applications tend to ignore user interactions beyond mouse clicking, and therefore often fail to consider potential mouse, keyboard and touch interactions. We propose a new technique for automatically finding and exercising such interactions by analyzing and exercising event handlers registered in the DOM. A basic form of gesture emulation is employed to find states accessible via swiping and tapping. Testing the tool against 6 well-known gesture libraries and 5 actual RIAs, we find that the technique discovers many states and transitions resulting from such interactions, and could be useful for cases such as automatic test generation and error discovery, especially for mobile web applications.

Traceability links between requirements and source code are helpful in software reuse and maintenance tasks. However, manually recovering links in a large group of products requires significant costs and some links may be overlooked. Here, we propose a semi-automatic method to recover traceability links between requirements and source code in the same series of large software products. In order to support differences in representation between requirements and source code, we recover links by using the configuration management log as an intermediary. We refine the links by classifying requirements and code elements in terms of whether they are common to multiple products or specific to one. As a result of applying our method to real products that have 60KLOC, we have recovered valid traceability links within a reasonable amount of time. Automatic parts have taken 13 minutes 36 seconds, and non-automatic parts have taken about 3 hours, with a recall of 76.2% and a precision of 94.1%. Moreover, we recovered some links that were unknown to engineers. By recovering traceability links, software reusability and maintainability will be improved.

Traceability links between requirements and source code are helpful in software reuse and maintenance tasks. However, manually recovering links in a large group of products requires significant costs and some links may be overlooked. Here, we propose a semi-automatic method to recover traceability links between requirements and source code in the same series of large software products. In order to support differences in representation between requirements and source code, we recover links by using the configuration management log as an intermediary. We refine the links by classifying requirements and code elements in terms of whether they are common to multiple products or specific to one. As a result of applying our method to real products that have 60KLOC, we have recovered valid traceability links within a reasonable amount of time. Automatic parts have taken 13 minutes 36 seconds, and non-automatic parts have taken about 3 hours, with a recall of 76.2% and a precision of 94.1%. Moreover, we recovered some links that were unknown to engineers. By recovering traceability links, software reusability and maintainability will be improved.

Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the "aspect test template" to observe the internal processing and the "test case template". Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

ソフトウェアの成果物，および開発プロセスの情報などを対象に分析を行うリポジトリマイニングの研究が盛んに行われている．しかし，数多くの公開されているプロジェクトから，分析の対象とする規模，言語，用途などを満たすプロジェクトを探すことは困難な作業である．そこで我々は，リポジトリマイニングのためのデータセット作成支援ツール，RepositoryProbeを提案する．本ツールではGitHub上で特定の条件を指定して検索を行うことで，目的のプロジェクト群を容易に見つけ出すことを可能にする．また，GitHub上での開発者の活動量のデータや，外部ツールで取得したソフトウェアメトリクスなどのデータを組み合わせて出力することで，データセットの構築を支援する．

我々は初学者がプログラミングを学習する際に，障害1) 言語の構成要素，障害2) 教育ツールの動作デバイス，障害3) 教育ツールのユーザインタフェースにおいて，3点の障害があると考えている．我々が調査した限りでは，全ての障害を取り除いたプログラミング教育ツールは存在していない．<BR>本論文では，特徴1) 可愛いと感じるぬいぐるみロボットおよびダンボール製ロボットをプログラムで操作する機能，特徴2) Androidスマートフォンおよびタブレット上で動作する，特徴3) 絵文字および日本語をベースにした新しいプログラミン言語を提供するという3点の特徴を備えたプログラミング教育ツールまねっこダンスを提案する．まねっこダンスの有用性を評価するため，国立情報学研究所のオープンハウスと早稲田大学のオープンキャンパスにて，高校生29名と一般参加者13名，主に中高生295名からアンケート調査を行ったところ，プログラミング学習の動機付け，プログラミングの印象改善，手続き・くり返し・条件分岐に関する理解の促進の効果が見られた．

Traceability links between requirements and source code are helpful in software reuse and maintenance tasks. However, manually recovering links in a large group of products requires significant costs and some links may be overlooked. Here, we propose a semi-automatic method to recover traceability links between requirements and source code in the same series of large software products. In order to support differences in representation between requirements and source code, we recover links by using the configuration management log as an intermediary. We refine the links by classifying requirements and code elements in terms of whether they are common to multiple products or specific to one. As a result of applying our method to real products that have 60KLOC, we have recovered valid traceability links within a reasonable amount of time. Automatic parts have taken 13 minutes 36 seconds, and non-automatic parts have taken about 3 hours, with a recall of 76.2% and a precision of 94.1%. Moreover, we recovered some links that were unknown to engineers. By recovering traceability links, software reusability and maintainability will be improved.

Webアプリケーションは大規模化にともないテストコードの作成コストが増大しているうえ，保守コストが膨大であるという問題がある．特に，Webアプリケーションは他のアプリケーションよりも仕様変更の頻度が高く，また，アサーションの記述に関して構造化する手法が存在していないため，可読性および変更容易性の低下により，保守コストが増大しがちである．本稿では，Webアプリケーションの頻繁な仕様変更に対応可能なページオブジェクトデザインパターンを利用した保守性の高い内部DSLおよび，内部DSLに基づくテストコードを自動生成するテスティングフレームワークDePoTを提案する．DePoTはテストコードの自動生成によりテストコードの作成コストを削減して，また，ページオブジェクトデザインパターンと内部DSLにより保守コストを削減する．我々は被験者実験によって人手でテストコードを記述する従来手法との比較を通して，DePoTの有用性を確認した．The sizes of web applications are increasing, thus, development costs to write test code for web applications are also increasing. Moreover, specification changes of web applications are frequently occured and there are no method to modularize assertions of test code. Such situation poses high maintenance costs by decreasing understandability and changeability. We propose a novel testing framework for web applications, named DePoT, which provides an internal DSL on the basis of the Page Object design pattern. DePoT reduces the development costs of test code by generating a skeleton test code using the internal DSL and reduces the maintenance costs of test code by using the Page Object design pattern and the internal DSL. We evaluate DePoT by comparing traditional testing methods.

Test case prioritization is a technique to improve software testing. Although a lot of work has investigated test case prioritization, they focus on white box testing or regression testing. However, software testing is often outsourced to a software testing company, in which testers are rarely able to access to source code due to a contract. Herein a framework is proposed to prioritize test cases for black box testing on a new product using the test execution history collected from a similar prior product and the Ant Colony Optimization. A simulation using two actual products shows the effectiveness and practicality of our proposed framework.

Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement-or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

Traceability links between requirements and source code can assist in software maintenance tasks. There are some automatic traceability recovery methods. Most of them are similarity-based methods recovering links by comparing representation similarity between requirements and code. They cannot work well if there are some links independent of the representation similarity. Herein to cover weakness of them and improve the accuracy of recovery, we propose a method that extends the similarity-based method using two techniques: a log-based traceability recovery method using the configuration management log and a link recommendation from user feedback. These techniques are independent of the representation similarity between requirements and code. As a result of applying our method to a large enterprise system, we successfully improved both recall and precision by more than a 20 percent point in comparison with singly applying the similarity-based method (recall: 60.2% to 80.4%, precision: 41.1% to 64.8%).

The importance of software security technologies has been gaining attention due to the increase in services on the Internet. Various technologies regarding software security have been developed. However, we believe knowledge regarding software security is not integrated; therefore, we have been developing a knowledge base for secure software development. We previously proposed a learning model that associates artifacts created in secure software development with knowledge in the knowledge base as design rationale. However, only a few case studies that addressed a full life cycle for secure software development have been reported. To mitigate this lack in reported case studies, Okubo et al. created a common task regarding software security. In this study, we developed a case base of secure software development whose artifacts are associated with the knowledge base using this common task as a case.

Because developers significantly impact software development projects, many researchers have studied developers as a means to improve the quality of software. However, most works have examined developers in a single project, and research involving multiple projects has yet to be published. Herein we propose an analysis method which investigates whether an evaluation of developers based on individual experience is feasible when targeting more than one project by the same organization transversely. Our method deals with the logs of the version control system and the bug tracking system. To support this method, we also propose two models to evaluate developer, the defect removal overhead rate (DROR) and developer's experience point (EXP). The results reveal the following. 1) DROR cannot be used to compare different projects in the same organization. 2) There is certainly a difference in DROR's between experienced and inexperienced developers. 3) EXP should be a useful model to evaluate developers as the number of projects increases. The data obtained from our method should propose the personnel distribution measures within the development framework for future developments, which might lead to improve the quality of software.

An ecosystem is the expansion of a software product line architecture to include systems outside the product which interact with the product. We model here the architecture of a cloud-based ecosystem, showing security patterns for its main components. We discuss the value of this type of models.

There is a significant challenge that how to predict the possible release date of the target software having enough reliability in agile development where incremental development and small software releases are key characteristics. Existing approaches targeting agile development usually use release backlogs for predicting and setting delivery windows; however these do not consider the reliability of software for release date prediction so that there is a possibility that software at the predicted release date have poor reliability. Previously we proposed a generalized software reliability model (GSRM) based on a stochastic process and compared it with other models to evaluate recent software developments. However, we, did not directly evaluate the accuracy of the predicted release time by model. In this paper, towards prediction of release dates in agile development, we focus on the release dates of open source software (OSS) developments and the number of detected issues (faults) since OSS developments comply well with the definition of the agile development in terms of incremental process and frequent releases We define the accuracy of the predicted release time using the given development terms and the number of issues. Additionally, we propose a method to evaluate the accuracy of the predicted release time. In the best case, GSRM shows only 0.572% Error Rate, which corresponds to a predicted release date of two days prior to the actual release date. We believe that our method should be applicable to agile developments too.

The importance of software security technologies has been gaining attention due to the increase in services on the Internet. Various technologies regarding software security have been developed. However, we believe knowledge regarding software security is not integrated; therefore, we have been developing a knowledge base for secure software development. We previously proposed a learning model that associates artifacts created in secure software development with knowledge in the knowledge base as design rationale. However, only a few case studies that addressed a full life cycle for secure software development have been reported. To mitigate this lack in reported case studies, Okubo et al. created a common task regarding software security. In this study, we developed a case base of secure software development whose artifacts are associated with the knowledge base using this common task as a case.

Although many methods have been suggested to automatically recover traceability links in software development, they do not cover all link combinations (e.g., links between the source code and test cases) because specific documents or artifact features (e.g., log documents and structures of source code) are used. In this paper, we propose a method called the Connecting Links Method (CLM) to recover transitive traceability links between two artifacts using a third artifact. Because CLM uses a different artifact as a document, it can be applied to kinds of various data. Basically, CLM recovers traceability links using the Vector Space Model (VSM) in Information Retrieval (IR) methods. For example, by connecting links between A and B and between B and C, CLM retrieves the link between A and C transitively. In this way, CLM can recover transitive traceability links when a suggested method cannot. Here we demonstrate that CLM can effectively recover links that VSM is hard using Open Source Software.

In recent years, importance on software security technologies has been recognized and various types of technologies have been developed. On the other hand, in spite of recognition of necessity of providing cases that deal with full life cycle for secure software development, only few are reported. This paper describes a case-based management system (CBMS) that consists of an artifact management system and a knowledge-based management system (KBMS) to manage cases for secure software development. The former manages the artifacts created in secure software life cycle. The latter manages software security knowledge. The case-based management system also manages association between artifacts and software security knowledge and supports both visualization among software security knowledge and between artifacts and software security knowledge. We conducted an experiment to evaluate the system. We describe the effectiveness and future work of the system. (C) 2015 The Authors. Published by Elsevier B.V

An ecosystem is the expansion of a software product line architecture to include systems outside the product which interact with the product. We model here the architecture of a cloud-based ecosystem, showing security patterns for its main components. We discuss the value of this type of models.

Although many methods have been suggested to automatically recover traceability links in software development, they do not cover all link combinations (e.g., links between the source code and test cases) because specific documents or artifact features (e.g., log documents and structures of source code) are used. In this paper, we propose a method called the Connecting Links Method (CLM) to recover transitive traceability links between two artifacts using a third artifact. Because CLM uses a different artifact as a document, it can be applied to kinds of various data. Basically, CLM recovers traceability links using the Vector Space Model (VSM) in Information Retrieval (IR) methods. For example, by connecting links between A and B and between B and C, CLM retrieves the link between A and C transitively. In this way, CLM can recover transitive traceability links when a suggested method cannot. Here we demonstrate that CLM can effectively recover links that VSM is hard using Open Source Software.

In software development, software reliability growth models (SRGMs) often provide values that do not meet expectations; sometimes the results of the SRGM and the actual data disagree and other times the SRGM overestimates the expected values. The former often occurs in model curves and the predicted number of faults. For example, the software reliability growth curve cannot describe the situation where developers stop testing multiple times because the equations in SRGMs cannot treat such information. The latter can arise when the total number of expected faults is 100, but the SRGM indicates 1000. If developers encounter such situations, they often doubt the SRGM results and hesitate using SRGMs for predictions. In this study, we apply two different cases of SRGM. Two projects of Fujitsu Labs Ltd. are analyzed using SRGM either for the entire dataset or each test phase. Based on the results and interviews with the developers, we found that the model using separate test phases provides a better fit because faults counted in each test phase have different viewpoints and the deviation between SRGM and expectations indicates a problem with development.

Learning to programming language is difficult. One solution is to use a digital game, which increases motivation of first-time learners. In this paper, we were executing programming learning with MincraftEdu of sandbox game and ComputerCraftEdu of expansion function. In addition, learning method to programming has illustration-based programming and text-based programming in ComputerCraftEdu. We compare the programming way of illustration programming and text programming. In this result, there was a significant difference towards the illustration-based programming throughout the comparison. In this paper, we present the results.

Software extension is a fundamental challenge in software engineering which involves extending the functionalities of a software module without modifying it. Many modern software developers choose to adapt third-party extension platform to further improve customizability. As the project evolves, the requirements may change to include third-party extension support. However to design and to implement such platform is no trivial task, and should happen at the beginning of the project. In this paper, we have shown the four types of extensions that are often made to object-oriented software, namely Member Access Extension, Subclass Extension, Event-based Extension and Data Extension. And proposed a language-independent platform design that can be applied to an existing software project to support such third-party extensions. The platform exercises design patterns to implement its features. We also developed an Eclipse plugin that helps developers introduce the platform to existing Java software via semi-automatic code manipulation. We further conducted a comparative experiment to test our tool with volunteers from Waseda University and noticed a significant decrease of required effort.

In software development, software reliability growth models (SRGMs) often provide values that do not meet expectations; sometimes the results of the SRGM and the actual data disagree and other times the SRGM overestimates the expected values. The former often occurs in model curves and the predicted number of faults. For example, the software reliability growth curve cannot describe the situation where developers stop testing multiple times because the equations in SRGMs cannot treat such information. The latter can arise when the total number of expected faults is 100, but the SRGM indicates 1000. If developers encounter such situations, they often doubt the SRGM results and hesitate using SRGMs for predictions. In this study, we apply two different cases of SRGM. Two projects of Fujitsu Labs Ltd. are analyzed using SRGM either for the entire dataset or each test phase. Based on the results and interviews with the developers, we found that the model using separate test phases provides a better fit because faults counted in each test phase have different viewpoints and the deviation between SRGM and expectations indicates a problem with development.

Software extension is a fundamental challenge in software engineering which involves extending the functionalities of a software module without modifying it. Many modern software developers choose to adapt third-party extension platform to further improve customizability. As the project evolves, the requirements may change to include third-party extension support. However to design and to implement such platform is no trivial task, and should happen at the beginning of the project. In this paper, we have shown the four types of extensions that are often made to object-oriented software, namely Member Access Extension, Subclass Extension, Event-based Extension and Data Extension. And proposed a language-independent platform design that can be applied to an existing software project to support such third-party extensions. The platform exercises design patterns to implement its features. We also developed an Eclipse plugin that helps developers introduce the platform to existing Java software via semi-automatic code manipulation. We further conducted a comparative experiment to test our tool with volunteers from Waseda University and noticed a significant decrease of required effort.

本稿では,2013 年 9 月にドイツ・レーゲンスブルクにおいて開催されたセキュリティの国際会議 ARES への参加について報告する.筆者らが本会議に参加した目的は,ソフトウェアのセキュリティパターンに関する研究発表を行なうとともに,ソフトウェアのセキュリティに関する共通問題の調査を行なうことである.ARES ではセキュリティモデルやソフトウェアセキュリティのセッションにおいて,対象となるソフトウェアのデータセットが扱われていたが,共通問題として扱われているものはなかった.この他本会議ではセキュリティ全般が幅広く扱われており,新しい分野への対応も早い.今回はモバイルや制御系,航空交通管理 (ATM) のセキュリティなどのテーマのセッションが見られた.

Do open source software projects provide and maintain tests? What metrics are correlated with the test success? This paper answers these questions by executing tests of 452 open source software projects in GitHub and measuring 13 metrics from 77 projects. Only 117 projects passed all test cases. Additionally, the results are correlated with the comment density, public documented API density, and test coverage.

特定の品質要求を満足するためのプログラムコードはしばしば、プログラムの基本的なモジュール構成に対して横断的に散らばることが知られている。そのような横断的関心事のモジュール化を通じて保守性を維持あるいは高めることに有効な技術として、アスペクト指向プログラミング(Aspect-Oriented Programming:AOP)がある。本稿では、AOPの実行性能や品質向上に関する応用として、マルチコア環境における単体テスト実行時間の短縮を目的とした単体テストフレームワークJUnitのAspectJ(Java言語用のAOP処理系)によるマルチスレッド化と、ロボット制御プログラムの低消費電力化を目的としたハードウェア制御方式やアルゴリズムのAspectC(C言語用のAOP処理系)による追加および変更の事例をそれぞれ報告する。

Design models are often developed using UML class diagrams. Based on past questionnaire surveys reported by Lange and Nugroho, we assumed that the existence of highly responsible classes indicate that a class diagram was created through the proper consideration of the structure of the system. Thus, we analyzed the structure of UML design class diagrams. Specifically, we measured our novel metrics (the amount of highly responsible classes in class diagrams), and investigate the correlations between our metrics and the structural validity of design. In this study, we propose two viewpoints to distinguish large values which indicate high responsibility. Additionally, we conducted the evaluation experiment using 65 design class diagrams, which were originally submitted to a Robot Contest on the domain of embedded systems and evaluated by software development experts based on structural validity. Then the correlations between our novel metrics and the experts' qualitative assessment were analyzed.

After a legacy system is re-engineered, it is important to perform compatibility testing so as to identify the differences and reduce the introduced bugs. We can first apply symbolic execution to obtain an exhaustive set of test cases, then use them to check the compatibility of the old system and the new one. However there may be a lot of failed test cases which are a mix of erroneous and allowable incompatibilities. To locate the causes of failures detected during the testing, we apply multiple statistical bug localization techniques. We are able to localize 90% of the incompatibilities in 10% of the code for an industrial application with around 20k lines by Tarantula. And we identify the characteristics of failure causes which are difficult to be detected by statistical bug localization.

In order to improve the training of IT professionals, practical courses in the form of project-based learning (PBL), which teach practical skills for systems acquisition and provisioning and for project management, are being implemented in various universities. For example, a course has been offered at Waseda University since 2011 in cooperation with the Japanese governmental bodies and IT companies. This course consists of three lectures per day for five days (each lecture has 90 minutes) and the number of students attending this course is 26 in 2011, 17 in 2012 and 39 in 2013. In this course, students mainly learn the management of software intensive systems development projects from the viewpoint of the provider such as requirements analysis and architectural design.
There is a study investigating the relationships between the variation in the personality profile of paired students and their academic performance in Pair Programming [1]. However, in practical courses on software intensive business systems, we do not yet have an established method for determining what kind of personal characteristics and team compositions are most beneficial to obtaining the maximal educational effectiveness.
In this study, we use the Five Factors and Stress (FFS) theory [2] to quantify the personal characteristics and we ask students to answer same questionnaire before and after the course to measure how improved their knowledge and skills. This questionnaire consists of about 40 questions and each student answers them in six degrees. As example of the questions, there is "Can you analyze requirements?". In many cases, the business of acquiring and providing software intensive systems is carried out as a team-based activity. Therefore, to teach actual business concepts, we randomly compose teams regardless of personal characteristics. The number of teams formed was 6, 4 and 8 for 2011, 2012 and 2013, respectively. This is an additional study of our paper [3] and as significant differences, we add the data of the course of 2013 in Waseda University and we analyze the data through 3 years (2011 - 2013).
We investigate the relationships between personal characteristics and educational effectiveness to reveal the common tendency. Through t-test and boxplot, we clearly see that variations in the team members' personal characteristics have an effect on educational effectiveness. Large variation team acquires approximately 1.5 times higher educational effectiveness than small one. From this result, it is better for a team to have members with different characteristics in FFS theory for acquiring more knowledge and skills through course. We expect that in similar practical courses, we can also obtain the desirable educational effectiveness if we can compose a team with the suitable characteristics as based on our findings.

GQM+Strategies is an approach that aligns business goals at each level of an organization to strategies to realize overall business goals and assesses the achievement of such goals. Strategies are extracted from business goals based on rationales (contexts and assumptions). Using the proposed approach, which refines the GQM+Strategies model by extracting rationales based on the analysis of the relationships between stakeholders, it is possible to extract rationales exhaustively and to reconsider the GQM+Strategies model even if the business environment changes. © Springer-Verlag Berlin Heidelberg 2014.

In practical courses on software-intensive business systems, students work in teams to acquire practical skills in systems acquisition and provisioning. However, we do not yet have an established method to determine the optimal team composition to achieve maximum educational effectiveness. In this study, we quantitatively and qualitatively investigate how personal characteristics and the learning process of team members affect educational effectiveness by examining a university course in which students work in teams on a realistic project in a classroom setting. We use the Five Factors and Stress (FFS) theory and the modified grounded theory approach (M-GTA) to measure the personal characteristics and to identify the learning process of each team member. Additionally, we compare the learning process of a team with a high educational effectiveness to one with a low educational effectiveness based on number of topics about the learning process and the kind of topics. As a result, we find that it is better for a team to have members with different personal characteristic as defined by FFS theory in order for the students to acquire more knowledge and skills through the course. Additionally, teams that focus on fewer learning process topics acquire more knowledge and skills. We expect that our findings will help increase the educational effectiveness in similar practical courses.

Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

Development environments have changed drastically, development periods are shorter than ever and the number of team members has increased. Especially in open source software (OSS), a large number of developers contribute to OSS. OSS has difficulties in predicting or deciding when it will be released. In order to assess recent software developments, we proposed a generalized software reliability model (GSRM) based on a stochastic process, and compared GSRM with other models. In this paper, we focus on the release dates of OSS and the growth of faults (issues).

Organizational patterns are known as the basis for Agile software development movement. Patterns usually form a network having relationships among them to support users understand and utilize patterns efficiently and effectively. However little is known about the nature of pattern networks, such as how are organizational patterns different from other patterns from the viewpoint of centrality. To clarify such characteristics, we mine a network consisting 285 patterns including 15 organizational patterns from an existing online pattern repository called Portland Pattern Repository. By applying network analysis techniques to the mined network, we revealed several interesting characteristics of the pattern network and organizational patterns such as that the degree centrality seems to somewhat reflect the commonness and generality of the corresponding pattern.

The challenge of validating Asynchronous JavaScript and XML (Ajax) applications lies in actual errors exposed in a user environment. Several studies have proposed effective and efficient testing techniques to identify executable faults. However, the applications might have faults that are not executed during testing, but might cause actual errors in a user environment. Although we have investigated static methods for finding "potential faults" that seem to cause actual errors if executed, developers need to confirm whether or not the potential faults are actually executable. Herein, we propose a mutation-based testing method implemented in a tool called JSPreventer. Even if the potential faults are not easily executable in a given environment, our method mutates the applications until they are executable using two delay-based mutation operators to manipulate the timing of the applications handling interactions. Thus, JSPreventer provides executable evidences of the not-easily-executable faults for developers, if it reveals actual errors by testing the mutated applications. We applied our method to real-world applications and found actual errors that developers could debug to improve their reliability. Therefore, JSPreventer can help developers validate reliable real-world Ajax applications.

Although design is an extremely important activity in software development, it is subjective because it depends on the designers' knowledge and skills. Every designer has her or his own strategies to solve design problems. Herein we model the design process as an ordered sequence of logical actions of "Create", "Delete", and "Modify" applied to the elements of a UML class diagram, and propose an automatic approach to collect information about the design process to elucidate design strategies. The strategies considered are top-down, bottom-up, breadthfirst, depth-first, and opportunistic. By mining the ordered sequences of actions for frequent patterns and analyzing the position and distribution of the actions in the sequence, we obtained two types of relationships in the design process: micro-patterns and macro-patterns. Then we evaluated our approach with two case studies. The first one, which occurred over a short time frame with seven subjects, identified the strategies used, while the second, which involved three subjects over a long period, revealed that there is not a universal strategy, but a combination of strategies.

It is important for project stakeholders to identify the states of projects and quality of products. Although metrics are useful for identifying them, it is difficult for project stakeholders to select appropriate metrics and determine the purpose of measuring metrics. We propose an approach that defines the measured metrics by GQM method, and supports identifying tendency in projects and products based on Trend Pattern. Additionally, we implement a tool as a Jenkins Plugin which to visualizes an evaluation results based on GQM method. We perform an experiment with OSS and industrial case study with two software development projects. In our experiment, we can identify the problem and project tendency. In our industrial case study, we can also identify the problem that project contains. As our future work, we will adopt our approach and GQM Plugin to software development project continuously to assess their effectiveness in the long term.1.

There is an issue when security measures are implemented and tested while using agile software development techniques such as Behavior Driven Development (BDD). We need to define the necessary levels of security and the privacy behaviors and acceptance criteria for the BDD. A method for defining the acceptance criteria (BehaveSafe) by creating a threat and countermeasure graph called the T&C graph is proposed in this paper. We have estimated the efficiency of our method with a web based system.

It is important for project stakeholders to identify the states of projects and quality of products. Although metrics are useful for identifying them, it is difficult for project stakeholders to select appropriate metrics and determine the purpose of measuring metrics. We propose an approach that defines the measured metrics by GQM method to identify tendency in projects and products based on Trend Pattern. Additionally, we implement a tool as a Jenkins Plugin to visualize an evaluation results based on GQM method. We perform an industrial case study, which objects are two software development projects. In our industrial case study, we can identify the problem that product contains. As our future work, we will adopt our approach and GQM Plugin to software development project continuously to assess their effectiveness in the long term.

Static analysis tools such as bug pattern tools are useful to detect bugs early in software development. However, existing tools sometimes yield so many warnings that developers tend to ignore such warnings.
To deal with this problem, we propose a gamified tool for motivating developers to remove such warnings. Our tool employs the gamification technique that calculates points by counting removed warnings with respect to each developer and each team. The points give developers feedback and urge them to compete with each other. We confirmed that developers removed about 150% warnings with our tool in comparison with the case where they did not use our tool through an experiment.

Many program tasks require continuous modification of similar program elements, which is burdensome on programmers because continuous modifications are time consuming and some modifications are easily overlooked. To resolve this issue, we developed a tool, named SimilarHighlight, which extracted all possible matching elements via similarity patterns from recently modified elements using a sub syntax tree comparison. SimilarHighlight suggests similar program elements that may be modified during the next modification. Potential elements are highlighted and their text can be immediately selected by shortcut keys. Evaluations indicate that SimilarHighlight can improve programming productivity. Currently, SimilarHighlight supports C, C#, JAVA, JavaScript, and PHP, but in the future we will expand it to other languages.

Development environments have changed drastically, development periods are shorter than ever and the number of team members has increased. These changes have led to difficulties in controlling the development activities and predicting when the development will end. Especially, quality managers try to control software reliability and project managers try to estimate the end of development for planing developing term and distribute the manpower to other developments. In order to assess recent software developments, we propose a generalized software reliability model (GSRM) based on a stochastic process, and simulate developments that include uncertainties and dynamics. We also compare our simulation results to those of other software reliability models. Using the values of uncertainties and dynamics obtained from GSRM, we can evaluate the developments in a quantitative manner. Additionally, we use equations to define the uncertainty regarding the time required to complete a development, and predict whether or not a development will be completed on time. We compare GSRM with an existing model using two old actual datasets and one new actual dataset which we collected, and show that the approximation curve generated by GSRM is about 12% more precise than that generated by the existing model. Furthermore, GSRM can narrow down the predicted time range in which a development will end to less than 40% of that obtained by the existing model.

ソフトウェアパターンの収集サイトPortland Pattern Repository(以下PPR)にネットワーク分析の手法を適用し,パターンの参照関係の位置をしめす指標である中心性を算出し,パターン間の参照関係の構造的特徴を明らかにした.また,PPRに記載されている各パターンの履歴情報についてデータ分析を行った.分析の結果,使用頻度の高いと思われるパターンは次数中心性が高い傾向がみられた.このことは適用するパターンの検討や新たなパターンの抽出に有用であると考えられる.

欠陥の発見におけるソフトウェア信頼性モデルについて,確率過程を用いた一般化されたモデルを提案する.開発での様々な不確定要素と開発の時間変化をモデルに組み込み、定量的に開発工程を扱えるようにする.これにより,開発の時間変化や不確定要素を考慮した開発の予測が行える.特に多くの既存モデルでは扱っていない,時間変化に関して複数のタイプを例として扱い,実際の開発との比較を行う.本発表では既存のソフトウェア信頼性モデルと提案するモデルを比較し,提案するモデルでのシミュレーション結果を示し,時間変化と不確定要素について考察を行う.

バグローカリゼーションとは,ソフトウェアテスティングで得られる情報からコード内のバグの位置を推定する手法で,近年その有用性が注目を浴びている.しかし,既存のバグローカリゼーションツールでは,単一のプログラミング言語および単一のSuspiciousness算出式にしか対応していない.そこで,我々は複数のプログラミング言語に対応し, Suspiciousness算出式が容易に変更可能なバグローカリゼーションフレームワークを提案する.複数のプログラミング言語に対してそれぞれのSuspiciousness算出式を適用し,比較を行うことで本手法の有用性を確認する.

In practical lectures on software intensive business systems, we do not yet have an established method for determining what kind of personal characteristics and team compositions are most beneficial to obtaining the maximal educational effectiveness. Here, we propose a framework for analyzing the effects of personal characteristics of team members on educational effectiveness. We also apply the framework to an actual practical lecture. As a result, we find that it is better for a team to have members with a similar degree of tendency of conservative for acquiring more knowledge and skills and the team members have similar characteristics of progressive or conservative. It is expected that in similar practical lectures, we can also obtain the desired educational effectiveness if we can compose a team with the suitable characteristics as based on our findings.

Although many programming languages and test coverage criteria currently exist, most coverage measurement tools only support select programming languages and coverage criteria. Consequently, multiple measurement tools must be combined to measure coverage for software which uses multiple programming languages such as web applications. However, such combination leads to inconsistent and inaccurate measurement results.In this paper, we describe a consistent and flexible framework for measuring coverage supporting multiple programming languages, called Open Code Coverage Framework (OCCF). OCCF allows users to add new extensions for supporting programming languages and coverage criteria with low development costs. To evaluate the effectiveness of OCCF, sample implementation to support statement coverage and decision coverage for eight programming languages (C, C++, C#, Java, JavaScript, Python, Ruby and Lua) are demonstrated. Additionally, applications of OCCF for localizing faults and minimizing tests are shown. © 2013 IEEE.

Web applications are complex; they consist of many subsystems and run on various browsers and platforms. This makes it difficult to conduct adequate integration testing to detect faults in the connections between subsystems or in the specific environments. Therefore, establishing an efficient integration testing method with the proper test adequacy criteria and tools is an important issue.
In this paper, we propose a new test coverage called template variable coverage. We also propose a novel technique for generating skeleton test code that includes accessor methods and improves the template variable coverage criterion, using a tool that we developed called POGen. Our experiments show that template variable coverage correlates highly with the capability to detect faults, and that POGen can reduce testing costs.

An artificial intelligence programming contest with game software is one of the most effective way of learning programming. Contestants can spontaneously learn programming to win in such contests. Although our previous work helps to hold artificial intelligence programming contests, its effectiveness is limited owing to an insufficient requirement analysis and uses of an unrefined design pattern.
In this paper, we report on ACM JavaChallenge 2012, that is an artificial intelligence programming contest. we elicit requirements on a contest with a goal-oriented requirements analysis and extend the state design pattern using Scala to hold JavaChallenge 2012. We evaluate JavaChallenge 2012 very highly by questionnaire investigation.

In practical lectures on software intensive business systems, we do not yet have an established method for determining what kind of personal characteristics and team compositions are most beneficial to obtaining the maximal educational effectiveness. Here, we propose a framework for analyzing the effects of personal characteristics of team members on educational effectiveness. We also apply the framework to an actual practical lecture. As a result, we find that it is better for a team to have members with a similar degree of tendency of conservative for acquiring more knowledge and skills and the team members have similar characteristics of progressive or conservative. It is expected that in similar practical lectures, we can also obtain the desired educational effectiveness if we can compose a team with the suitable characteristics as based on our findings.

Development environments have changed drastically in recent years. The development periods are shorter than ever and the number of team has increased. These changes have led to difficulties in controlling the development activities and predicting the end of developments. In order to assess recent software developments, we propose a generalized software reliability model based on a stochastic process, and simulate developments that include uncertainties and dynamics, such as unpredictable requirements changes, shortening of the development period, and decrease in the number of members. We also compare our simulation results to those of other software reliability models. Using the values of uncertainties and dynamics obtained from our model, we can evaluate the developments in a quantitative manner.

One of the greatest barriers on the way to the efficient creation, handling, and evolution of product lines is the complexity and scale of the underlying artifacts. In this context, the MAPLE/SCALE workshop focuses on the investigation of scalability issues and the application of model-driven concepts and techniques in software product line engineering (SPLE). The workshop explores how to handle product lines of realistic complexity and how to facilitate systematic and efficient product derivation. © 2013 Authors.

If traceability links between requirements and source code are not clarified when conducting maintenance and enhancements for the same series of software products, engineers cannot immediately find the correction location in the source code for requirement changes. However, manually recovering links in a large group of products requires significant costs and some links may be overlooked. Here, we propose a semi-automatic method to recover traceability links between requirements and source code in the same series of large software products. In order to support differences in representation between requirements and source code, we recover links by using the configuration management log as an intermediary. We refine the links by classifying requirements and code elements in terms of whether they are common or specific to the products. As a result of applying our method to real products that have 60KLOC, we have recovered valid traceability links within a reasonable amount of time. Automatic parts have taken 13 minutes 36 seconds, and non-automatic parts have taken about 3 hours, with a recall of 76.2% and a precision of 94.1%. Moreover, we recovered some links that were unknown to engineers. By recovering traceability links, software reusability will be improved, and software product line introduction will be facilitated. © 2013 ACM.

Workshops are sometimes known as effective ways to learn the human and social factors of software engineering. However, their effectiveness in learning agile development principles in particular has not yet been determined, despite the fact that numerous agile development workshops have been held over the years. In this paper, we analyze the effectiveness of agile development workshops through an experiment, and show that one of representative workshops is indeed effective at learning agile principles. Self-study is another commonly used method to learn something new. Therefore, we compare the effectiveness of workshops with that of self-study to better illustrate the effectiveness of agile development workshops. In our experiment, we examine 7 workshop subjects and 8 self-study subjects, and compare their scores on the agile mind check, which is a method used to measure their degree of mastery of agile principles. As a result, we demonstrate the effectiveness of agile development workshops, especially those that simulate actual experiences. We also show that one of workshops is more effective than self-study regarding the agile mind check score.

Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved. © 2013 IEEE.

When developing asynchronous JavaScript and XML (Ajax) applications, developers implement Ajax design patterns for increasing the usability of the applications. However, unpredictable contexts of running applications might conceal faults that will break the design patterns, which decreases usability. We propose a support tool called JSVerifier that automatically verifies interaction invariants; the applications handle their interactions in invariant occurrence and order. We also present a selective set of interaction invariants derived from Ajax design patterns, as input. If the application behavior breaks the design patterns, JSVerifier automatically outputs faulty execution paths for debugging. The results of our case studies show that JSVerifier can verify the interaction invariants in a feasible amount of time, and we conclude that it can help developers increase the usability of Ajax applications.

The development organization often changes during software development. Derivative developments, forks, and change of developers due to acquisition or open-sourcing are some conceivable situations. However, the impact of this change on software quality has yet to be elucidated. Herein we introduce the concept of origins to study the effects of organizational changes on software quality. A file's origin is defined as its creation and modification history. Using the concept of origins, we analyze two open source projects, OpenOffice and VirtualBox, which were each developed by a total of three organizations. We conduct statistical analysis to investigate the relationship between the origins, product metrics, the number of modifications, and defects. Results show that files that are created or modified by multiple organizations or by later organizations tend to be faultier due to the increase in complexity and modification frequency.

派生開発されてきたプロダクト群に対して,保守や拡張を行う際には,要求と実装の間でトレーサビリティが明確化されていることが望ましい.しかし,大規模なプロダクト群に対して,これらの作業を人手のみで行うことは困難である.我々は,構成管理ログを用いて,要求資産とソースコード,それぞれの共通性・可変性分析結果間の対応関係を分析し,その結果を利用することで,要求・実装間のトレーサビリティリンクを自動的に抽出する手法を提案する.提案手法を,一定規模の派生プロダクト群に適用した結果,実用的な時間内で,妥当なトレーサビリティリンクを抽出できた.

Although asynchronous technologies such as Ajax make Rich Internet Applications (RIAs) responsive, they can result in unexpected behavior due to nondeterministic client-side processing and asynchronous communication. One difficulty in understanding such erroneous behavior lies in the unpredictable contexts of the running system. Dynamic behavior analysis techniques do not help to verify the correctness of certain "blind spots" in the execution path. In this work, we present a static approach for extracting all possible state transitions described in source code from the RIAs. Our approach is based on the assumption that user, server and self interactions with the RIAs can change the states of the application. Our method consists of four steps: 1) using given specifications of Ajax relevant to interactions as rules, 2) creating a call graph, annotating interactions on it and extracting interaction controls, 3) abstracting the call graph to extract relationships among the interactions, and 4) refining the relationships with the interaction controls. By extracting the state machines of test scenarios of the correct and wrong behavior, it can help developers to pinpoint the statements in the source code that lead to the erroneous behavior. Our approach has been evaluated against a few experimental cases and we conclude that it can extract comprehensible state machines in a reasonable time. © 2012 IEEE.

Existing AOP tools, typified by AspectJ, are proposed as extensions of a single language. Therefore, most existing AOP tools cannot deal with cross-cutting concerns, which are scattered on many modules implemented in two or more languages. We propose a novel language-independent AOP framework named UniAspect. UniAspect translates programs written in various languages into a Unified Code Object, which is our common representation of source code. And it achieves the modularization of scattered cross-cutting concerns in multiple languages by weaving aspects through the Unified Code Object. In this paper, we introduce a case study of the implementation of logs in a web application that is implemented in Java and JavaScript. Its result shows that UniAspect achieves the modularization of these concerns by a single aspect. © 2012 ACM.

Although asynchronous technologies such as Ajax make Rich Internet Applications (RIAs) responsive, they can result in unexpected behavior due to nondeterministic client-side processing and asynchronous communication. One difficulty in understanding such erroneous behavior lies in the unpredictable contexts of the running system. Dynamic behavior analysis techniques do not help to verify the correctness of certain "blind spots" in the execution path. In this work, we present a static approach for extracting all possible state transitions described in source code from the RIAs. Our approach is based on the assumption that user, server and self interactions with the RIAs can change the states of the application. Our method consists of four steps: 1) using given specifications of Ajax relevant to interactions as rules, 2) creating a call graph, annotating interactions on it and extracting interaction controls, 3) abstracting the call graph to extract relationships among the interactions, and 4) refining the relationships with the interaction controls. By extracting the state machines of test scenarios of the correct and wrong behavior, it can help developers to pinpoint the statements in the source code that lead to the erroneous behavior. Our approach has been evaluated against a few experimental cases and we conclude that it can extract comprehensible state machines in a reasonable time.

There are various approaches to quantitatively and statically measuring the reusability of program source code
however, empirical demonstrations of the effectiveness of such approaches by considering actual reuse in actual development projects or of the magnitude of their effect on actual reusability have not been reported in depth. In this paper, we identified a set of metrics that are thought to be effective for measuring the reusability of C language program source code. Subsequently, for ten projects involved in development with existing software modification and adoption, during which conventional source code in an old project are extensively reused and adopted to a new project, we compared values of the static metrics identified and the reuse results before and after the development. Statistical analysis demonstrated that some of our metrics are effective for actual software development, and we accurately determined the magnitude of their effect on actual reusability. More concretely, it was found that when the percentage of files used outside the belonging directory is small and the number of function calls is small, the complexity of source code as the material of reuse and factors that are affected by the source code are limited, indicating high reusability. © 2012 Springer-Verlag.

Simulinkモデルは,ブロック線図としてプログラムを表現したモデルであり,制御系を中心として組込みソフトウェア開発において使われつつある.大規模なモデルや,同一ドメインで複数のモデルを扱う場合,クローンと呼ばれる重複箇所の存在がモデルの保守性を低下させる可能性がある.この問題解決に向けて,完全に一致するクローンを検出する手法が提案されているが,コピー&ペースト後に部分的に変更されたような非完全一致ながら類似性の高いクローン(ギャップを含むクローン)を十分に検出できなかった.そこで我々は,完全一致のクローンを検出する既存の手法と,多頻度グラフ検出アルゴリズムを組み合わせることで,非完全一致のモデルクローンをSimulinkモデル群から効率よく検出する手法を提案する.提案手法を検出ツールとして実装し,複数の具体的な制御モデルに適用した結果,非完全一致のクローンを検出可能なことを確認した.提案手法により検出した結果を記録し管理することで,効率的な保守を実現することが期待できる.

The activities of software analysis and design are important because they are the first steps in the software development. The objective of this paper is to identify the patterns that emerge during these activities. Identifying these patterns is important because we can imitate the patterns that increase our productivity and avoid the patterns that decrease our productivity. The patterns are made from sequences the logical actions "Create", "Delete" and "Rename" applied on the elements of the design diagrams. These actions are collected when creating UML class diagrams with the open source modeling tool ArgoUML. The patterns found are of two types: micro-pattens and macro-patterns. These patterns were related to different design strategies such as top down, breadth first.

Agile development refers to the group of software development methodologies based on an iterative and incremental process model. It divides the development period into short time frames called iterations and uses a body of knowledge obtained from past experience called practice to ensure agile software development Although the iteration length is an important factor in agile development however it has so far been decided by the qualitatively and it has been reported that projects with an inappropriate iteration length tends to be failed. We thus propose a new methodology for estimating an appropriate iteration length through the conduct on of a simulation based on project constraints. In this paper we first, propose a method of calculating an appropriate iteration length for a particular project to promote the easy use of agile development. Second, the relationship between the iteration length and project constraints was investigated by varying the parameters to create diverse situations. © 2012 IEEE.

The commonality and variability analysis of legacy software assets requires high costs in terms of personnel and time in extractive core asset development. We propose a technique for supporting the commonality and variability analysis, targeting the requirements and structural models of legacy software assets for the development of a feature diagram and a product line architecture (PLA). We analyze the commonality and variability of the sentences as requirements and classes as structural models by calculating similarities based on a vector space model. By using our technique, the costs in terms of personnel and time required for the analysis of legacy software assets can be reduced. Copyright 2012 ACM.

Test coverage is an important indicator of whether software has been sufficiently tested. However, there are several problems with the existing measurement tools for test coverage, such as their cost of development and maintenance, inconsistency, and inflexibility in measurement. We propose a consistent and flexible measurement framework for test coverage that we call the Open Code Coverage Framework (OCCF). It supports multiple programming languages by extracting the commonalities from multiple programming languages using an abstract syntax tree to help in the development of the measurement tools for the test coverage of new programming languages. OCCF allows users to add programming language support independently of the test-coverage-criteria and also to add test-coverage-criteria support independently of programming languages in order to take consistent measurements in each programming language. Moreover, OCCF provides two methods for changin the measurement range and elements using XPath and adding user code in order to make more flexible measurements. We implemented a sample tool for C, Java, and Python using OCCF. OCCF can measure four test-coverage-criteria. We also confirmed that OCCF can support C#, Ruby, Java Script, and Lua. Moreover, we reduced the lines of code (LOCs) required to implement measurement tools for test coverage by approximately 90% and the time to implement a new test-coverage-criterion by over 80% in an experiment that compared OCCF with the conventional non-framework-based tools.

Analysis patterns encapsulating recurrent analysis processes and results are reused for software analysis. Due to high cost of extracting analysis patterns from existing assets, analysis patterns are sometimes unavailable even though there are a lot of requirements and models as assets. Thus we propose a technique for extracting analysis patterns from existing requirements and corresponding analysis models described in the form of UML class diagrams. Our technique analyzes a set of requirements and corresponding analysis models in terms of structure and word similarity, and specifies commonality. By using our technique, it is possible to extract analysis patterns without high cost.

Design patterns are known for their usefulness to solve recurrent problems. Design patterns are a way of transmitting knowledge and experience by using proven, high quality solutions. A problem that emerges when using design patterns is that it is not clear how to measure the impact that has its application on the source code. The relationships between metrics and design patterns is not clear. We propose an experiment for measuring the usefulness of metrics and their success in predicting correct usage of design patterns. With this experiment we will explore which metrics capture best the relationship of design patterns quality of the source code. By using those metrics we will make predictions about the correct usage of the design patterns. In this experiment the selected metrics were not a good predictor, however it is a starting point to explore more metrics and their relationships with design patterns.

We present two common patterns for distributed systems: Enterprise Service Bus (ESB) and Distributed Publish/Subscribe (P/S). ESB defines a common bus structure that provides basic brokerage functions as well as a set of other appropriate services. The ESB has been used mostly for web services but it can be used for any distributed system. The P/S realizes a system structure where subscribers register to receive events produced by a publisher. The P/S has been described usually in a centralized environment and we emphasize here its distributed nature. These patterns are mainly intended for web services application and distributed systems architects and designers. In those applications, the ESB and the Distributed P/S are architectural units that need to be combined with other architectural units. © Copyright 2011 Carnegie Mellon University.

UML class diagrams representing the static structure of the relations between different concepts existing in a problem are widely used in model-based software development. However, no effective measures of a class diagram's understandability yet exist. We have devised quantitative measures of a class diagram's understandability and evaluated their validity. We obtained strong correlations between the domain experts' subjective evaluations of the understandability of a class diagram and the measurements of our methods. These results indicate that our measures can effectively quantify the understandability of class diagrams. © 2011 IEEE.

A good way to obtain secure systems is to build applications in a systematic way where security is an integral part of the lifecycle. The same applies to reliability. If we want a system which is secure and reliable, both security and reliability must be built together. If we build not only applications but also middleware and operating systems in the same way, we can build systems that not only are inherently secure but also can withstand attacks from malicious applications and resist errors. In addition, all security and reliability constraints should be defined in the application level, where their semantics is understood and propagated to the lower levels. The lower levels provide the assurance that the constraints are being followed. In this approach all security constraints are defined at the conceptual or application level. The lower levels just enforce that there are no ways to bypass these constraints. By mapping to a highly secure platform, e.g., one using capabilities, we can produce a very secure system. Our approach is based on security patterns that are mapped through the architectural levels of the system. We make a case for this approach and we present here three aspects to further develop it. These aspects include a metamodel for security requirements, a mapping of models across architectural levels, and considerations about the degree of security of the system. © 2011 IEEE.

2010 年 1 月 21 日，22 日の 2 日間に倉敷市芸文館 （岡山県倉敷市） にて開催したウインターワークショップ 2010・イン・倉敷 （WW2010） の概要について報告するThis paper reports on "Winter Workshop 2010 in Kurashiki (WW2010)" held at Kurashiki Geibunkan in Kurashiki City, Okayama Prefecture from January 21th to the 22th.

ソフトウェアの開発にあたり可用性や保守性，セキュリティに代表されるディペンダビリティを確保するために有効なアスペクト指向技術の研究ならびに実践の動向について，文献や会議を中心とした調査結果を報告する．本調査において技術の適用対象として，主として Web アプリケーション・エンタープライズアプリケーションを扱う．We report a result of a brief survey on progress in researches and practices in aspect-oriented software development (AOSD) technology for software dependability including availability, maintainability and security. Web/enterprise applications are the main target of the survey.

Among several diagrams defined in UML, the class diagram is particularly useful through entire software development process, from early domain analysis stages to later maintenance stages. However conventional UML environments are often inappropriate for collaborative modeling in physically remote locations, such as exchanging models on a public mailing list via email. To overcome this issue, we propose a new diagram notation, called "TCD" (Text-based uml Class Diagram), for describing UML class diagrams using ASCII text. Since text files can be easily created, modified and exchanged in anywhere by any computing platforms, TCD facilitates the collaborative modeling with a number of unspecified people. Moreover, we implemented model converters for converting in both directions between UML class diagrams described in the XMI form and those in the TCD form. By using the converters, the reusability of models can be significantly improved because many of UML modeling tools support the XMI for importing and exporting modeling data.

The spread of open-software services through the Internet increases the importance of security. A security pattern is one of the techniques in which developers utilize security experts' knowledge. Security patterns contain typical solutions about security problems. However there is a possibility that developers may apply security patterns in inappropriate ways due to a lack of consideration on dependencies among patterns. Application techniques of security patterns that consider such dependencies have not been proposed yet. In this paper, we propose an automated application technique of security patterns in model driven software development by defining applications procedures of security patterns to models as model transformation rules with consideration for pattern dependencies. Our technique prevents inappropriate applications such as the application of security patterns to wrong model elements and that in wrong orders. Therefore our technique supports developers apply security patterns to their own models automatically in appropriate ways.

Test coverage is an important indicator of whether software has been tested sufficiently. However, existing measurement tools for test coverage are associated with several problems such as their cost of development and maintenance, inconsistency and inflexibility in measurement. We propose a framework for consistent and flexible measurement of test coverage, called the Open Code Coverage Framework (OCCF), that supports multiple programming languages. OCCF extracts commonalities from multiple programming languages focusing on only small syntax differences in programming languages using an abstract syntax tree. OCCF provides guidelines to support several test coverage criteria. Moreover, OCCF let users expand features to add user-defined test coverage and new programming language. As a result, we reduced the lines of code required to implement measurement tools for test coverage by about 90%and the time to implement a special coverage criterion by80% or more in an experiment that compared OCCF with conventional tools developed individually without using the framework. © 2010 IEEE.

Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: Problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns. © 2011, IGI Global.

This chapter describes ongoing work on the use of patterns in the development of secure systems. The work reflects a collaboration among five research centers on three continents. Patterns are applied to all aspects of development, from domain analysis and attack modeling to basic design, and to all aspects of the systems under development, from the database and infrastructure to policies, monitoring, and forensics. The chapter, provides an overview of the method of development involving the full range of patterns, and describes many recent contributions from the many research threads being pursued within the collaboration. Finally, future directions of research in the use of patterns are described. © 2011, IGI Global.

It is possible to reasonably measure the security quality of individual security patterns. However, more interesting is to ask: Can we show that a system built using security patterns is secure in some sense? We discuss here some issues about evaluating the security of a system built using security patterns. We consider the use of threats and misuse patterns to perform this evaluation.

The spread of open-software services through the Internet increases the importance of security. A security pattern is one of the techniques in which developers utilize security experts' knowledge. Security patterns contain typical solutions about security problems. However there is a possibility that developers may apply security patterns in inappropriate ways due to a lack of consideration on dependencies among patterns. Application techniques of security patterns that consider such dependencies have not been proposed yet. In this paper, we propose an automated application technique of security patterns in model driven software development by defining applications procedures of security patterns to models as model transformation rules with consideration for pattern dependencies. Our technique prevents inappropriate applications such as the application of security patterns to wrong model elements and that in wrong orders. Therefore our technique supports developers apply security patterns to their own models automatically in appropriate ways.

The duplicated test code exists widely in source code. However duplicated test code decreases maintainability. We therefore extract and propose a pattern for reconstructing test code to remove the duplication. The pattern finds duplicated test code based on test coverage and helps to remove redundant test code. We contribute to advancement and the spread of the test technology by describing the patter.

We have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack or misuse is performed (what system units it uses and how)
it also provides ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and helps analyzing the attack once it has happened by indicating where can we find forensics data as well as what type of data. A catalog of misuse patterns is needed to let designers evaluate their designs with respect to possible threats. We present here a misuse pattern for a generic worm, which describes the essential and typical characteristics of this type of malware. We consider how to stop this malware and we also discuss some examples and variations.

FIT船井ベストペーパー賞, FITヤングリサーチャー賞

2009年1月23日〜4日の2日間に渡り宮崎市にて開催したウインターワークショップ2009・イン・宮崎(WW2009)の概要について報告する.

We will discuss here the theoretical, social, technological and practical issues related to quality aspects of software patterns including security and safety aspects. The workshop will provide the opportunity for bringing together researchers and practitioners, and for discussing the future prospects of this area. As for the workshop format, first, we will have short talks on what software patterns are, and how they are related to quality. Second, we will have accepted position paper presentations to expose the latest researches and practices on software patterns and quality. Finally, we will discuss several topics related to these presentations in small groups. Newcomers, interested researchers and practitioners are free to attend the workshop to facilitate their understandings, researches and practices on software patterns and quality.

There are a large number of security patterns encapsulating reusable solutions to recurrent security problems. However, catalogs of security patterns are not enough because the designer does not know when and where to apply them, especially in a large complex system. There is a need to conduct more precise classifications of security patterns. We analyze here ways to represent security patterns using specialized models for their precise classification. We define two new types of models, one that describes how a security pattern relates to several classification dimensions (Dimension Graph), and another that describes how security patterns relate to each other (Pattern Graphs). We show these ideas with examples from security patterns.

Detecting design patterns from object-oriented program source-code can help maintainers understand the design of the program. However the detection precision of conventional approaches based on the structural aspects of patterns is low due to the fact that there are several patterns with the same structure. To solve this problem, we propose an approach of design pattern detection using source-code of before the application of the design pattern. Our approach is able to distinguish different design patterns with similar structures, and help maintainers understand the design of the program more accurately. Moreover our technique reveals when and where the target pattern has been applied in an ordered series of revisions of the target program. Our technique is useful to assess what kinds of patterns increase what kinds of quality characteristics such as the maintainability.

Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.

Java Script is a popular scripting language that is particularly useful for client-side programming together with HTML/XML on the Web. As Java Script programs become more complex and large, separation of concerns at the implementation level is a significant challenge. Aspect orientation has been a well known concept to realize improved separation; however, existing mechanisms require modifications in the target modules for aspect weaving in Java Script (i.e., not "complete" separation). In this paper, we propose an Aspect-Oriented Java Script framework, named "AOJS", which realizes the complete separation of aspects and other core modules in Java Script. AOJS can specify function executions, variable assignments and file initializations in Java Script programs as the joinpoints of aspects. Moreover, AOJS guarantees the complete separation of aspects and core program modules by adopting a proxy-based architecture for aspect weaving. By utilizing these features, we confirmed that AOJS offers improved modifiability and extendability for Java Script programming.

2007 年 12 月 3－5 日名古屋にて開催された第 14 回アジア太平洋ソフトウェア工学国際会議(APSEC 2007)に関して，主催者側および参加者側からの見解を述べる．This paper gives our views on the 14th Asia-Pacific Software Engineering Conference (APSEC 2007) held at Nagoya on December 3-7, 2007.

近年のネットワーク接続の分散システムのオープン化とビジネスへの利用に伴い,セキュリティは益々重要になってきている。しかしながら,必ずしもシステムの設計・構築者がセキュリティの専門家であることはなく,セキュリティに強いシステムの設計が困難であった。専門家の知識をさまざまなシステムで利用可能にする技術として,パターンが有用である。セキュリティに関してもそれに関する知識を,広く利用可能にしたセキュリティパターンが,近年多数提案されてきており,安全なシステムを開発するための情報が整いつつある。本論文では,このセキュリティパターンに関する最新動向を整理し,今後の研究動向について考察する。