The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Continuous assurance extends the concept of continuous integration into the software assurance space. The goal is to naturally integrate the security assessment of software into the software development workflow. The Software Assurance Marketplace (SWAMP) [1] was established to support continuous assurance, helping to simplify and automate the process of running code analysis tools, especially static...
This paper presents a new approach for identifying unknown and/or unwanted states within a system of systems (SoS) architecture using a graphical representation of the event-based modeling language, Monterey Phoenix. The paper demonstrates how the graphical modeling tool can create a single model that contains a mix of human, system, and environmental events, all of which contain event attributes...
Open source software systems are based on the principle of open collaboration for innovation and production. They highly depend on volunteer developers contributions for their existence and continuity; attracting new volunteer developers is crucial for the OSS community sustainability. However, new developers might be hesitant to join and participate to a project due to many obstacles such as lack...
The software supply chain is a source of cybersecurity risk for many commercial and government organizations. Public data may be used to inform automated tools for detecting software supply chain risk during continuous integration and deployment. We link data from the National Vulnerability Database (NVD) with open version control data for the open source project OpenSSL, a widely used secure networking...
In the early 1990s, the Modified Condition/Decision Coverage (MC/DC) criterion was suggested as a structural white-box testing approach, but it can also be used for black-box specification-based testing. Practical application of MC/DC for specification-based testing has its own unique features and sometimes is quite different from code-based applications. However, MC/DC as a black-box approach has...
We present the Configurable Advanced Verification of Software (CAVS), a prototype tool that automatically generates an efficient set of test cases from descriptions of required interface behavior based on Unified Modeling Language (UML) artifacts. The input to CAVS consists of enhanced UML activity diagrams that define the required behavior of a software component as observed on its interfaces. CAVS...
Software in medical devices can be used in many ways to improve patient outcomes. Little contemporary data exists to document the actual practices used by software professionals for software engineering activities while building Software intensive medical devices. A carefully constructed survey has the potential to: 1) remedy the deficiency of lack of data and 2) to identify the software engineering...
Accurate, precise, and unambiguous definitions of software weaknesses (bugs) and clear descriptions of software vulnerabilities are vital for building the foundations of cybersecurity. The Bugs Framework (BF) comprises rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate, secondary and tertiary causes, consequences, and sites....
Use case analysis has been widely adopted in modern software engineering due to its strength in capturing the functional requirements of a system. It is often done with a UML use case model that formalizes the interactions between actors and a system in the requirements elicitation iteration, and with architectural alternatives explored and user interface details specified in the following analysis...
The gap between design and implementation always exists because changes happen frequently throughout software development process, along with rapid release cycles, and accompanied by time constraints and limited resources. The focus of our work is to reduce this gap for service-oriented projects. We proposed an approach which considers both technical strategies and agile methods, trying to streamline...
The number of software-driven features within a modern automotive powertrain rises significantly. With increasing number of features, also the risk of undesired interactions between those features rises drastically. This leads to new challenges with regard to efficiency in testing such automotive features. Automated Feature-Interaction-Testing significantly increases the efficiency of such feature...
There are over a billion devices running the Android operating system. It is being used globally in personal, public, private and government organizations. Device and application availability, often overlooked in research, is a huge component to globally maintaining healthy applications and personal communications. Published research into Android application availability threats and vulnerabilities...
The National Institute of Standards and Technology Network of Things (NoT) concept offers a framework to build a living NoT architecture using a graph theoretic approach. This architectural model captures system state dynamics in a way NoT typically supported in static architectural frameworks.
Test engineers are often faced with the challenge of selecting test cases that maximize the chance of discovering faults while working with a limited budget. Combinatorial testing is an effective test case selection strategy to address this challenge. The basic idea is to select test cases that ensure that all possible combinations of settings from two (or more) inputs are accounted for, regardless...
Successfully developing and delivering multi-year, multi-person software projects remains a highly challenging task. Software engineering researchers have spent considerable energy investigating ways to improve this situation by developing various processes, techniques, and tools over the last five decades. Understanding trends in the current state of the practice is crucial to identifying the challenges...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.