The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This tutorial provides developers with practical guidance for securely implementing Java Serialization. Java deserialization is a clear and present danger as its widely used both directly by applications and indirectly by Java subsystems such as RMI (Remote Method Invocation), JMX (Java Management Extension), JMS (Java Messaging System). Deserialization of untrusted streams can result in remote code...
Graphical user interfaces are important components of today's software. User interfaces often require checking correctness of user interactions. In web applications such checks can be a part of the JavaScript code. User interfaces in web applications can evolve, some elements can be removed and new elements can be added. To check JavaScript code covers all possible incorrect scenarios in user interactions...
Context: Conducting a Grounded Theory study is rigorous, demanding, and challenging. Misperceptions exist within the software engineering community. Objective: The purpose of this paper is to describe one extended participant observation Grounded Theory study for aiding new empirical researchers wanting to run similar research studies. Method: Following Constructivist Grounded Theory, we conducted...
Previous studies of Web page revisitation were only focused on long-term revisit ranging from hours to days. In this paper, we study the short-term revisit of less than one hour such as the revisit behavior during a small programming task. We first perform an exploratory study to observe the short-term revisit phenomenon. We then perform controlled experiments with our designed tool support as treatment...
Several automated program repair techniques have been proposed to reduce the time and effort spent in bug-fixing. While these repair tools are designed to be generic such that they could address many software faults, different repair tools may fix certain types of faults more effectively than other tools. Therefore, it is important to compare more objectively the effectiveness of different repair...
This award prompts me to reflect on how my team at Microsoft Research was able to bring research in formal methods and empirical software engineering into practice. How did I select the topics for my teams and my research? How did we conduct the research and which methods did we choose? How did we show progress, and equally important when did we decide to stop? I will also discuss the importance of...
Test cases are an essential tool in software quality assurance: they ensure that code behaves as specified in the requirement. However, writing test cases does not have only benefits, it comes with a cost: the programmer has to formulate the test cases and maintain them when the tested source code changes. Particularly for start-ups or small enterprises such costs become prohibitive, which often prefer...
The development and delivery of secure software is a challenging task, that gets even harder when the developer tries to adhere to both application and organization-specific security requirements translated into security guidelines. These guidelines serve as best practices or recommendations that help reduce application exposure to vulnerabilities, and provide hints about the application's adherence...
Jigsaw is a cooperative learning technique that consists in dividing the learning material into partial tasks. Each student in a jigsaw team will have to perform one of these partial tasks, which eventually will end up integrated by all of the team members. This paper presents a replication study with master students about the teaching of object-oriented design using the jigsaw technique. The original...
The cost of a change is high, but changes are an inevitable part of software development lifecycle, which comes to be recognized under a more general term: software evolution. To mitigate this problem, an approach to aspect-oriented change realization has been proposed earlier based on the idea of representing change by aspect. In many cases, software development relies on graphical modeling, mainly...
Internet code search is quite popular research area. StackOverflow allows developers to ask and answer questions about code. Previous approach to search code on StackOverflow uses tf-idf method that based on number of occurrences of words to recommend source code. This method has the disadvantage that variable or method identifiers are considered as normal words, even though identifiers are often...
One way to increase the reach of STEM exposure and education programs is through the use of online environments. There are numerous challenges in pursuing such a solution, however. Here we present an online EECS-themed curriculum we developed and ran in the summer of 2014 that introduced rising high school seniors to core concepts in EECS. The course placed significant emphasis on short, yet complex...
Children, even as they are learning to take their first steps are already developing a more intimate relationship with technology that we ever did. Sadly, their relationship with technology is primarily based around consumption, not creation and invention. The educational robotics curriculum for grades 2, 3 and 4 at The School at Columbia is designed to shift this paradigm by giving students access...
The importance of learning the C programming language in the engineering curriculum is a well-known fact among engineering students, faculty, programming language instructors and also software companies involved in campus placements. A strong conceptual awareness of C concepts provides a good foundation for learning other programming languages and also a better understanding of hardware since most...
The more complex the processes, the higher the need for process transparency through high-quality real-time data. The steady improvement of Internet-of-Things technologies, or of the recently phrased cyber physical systems, during the last years ensures this process transparency. Although these technologies are promising, the potential of IoT/CPS technologies is not yet fully applied in practice....
In this paper, we discuss the addition of automatic assignment of mentors during in-class lab work to an existing online platform for programing practice. SingPath is an web based tool for users to practice programming in several software languages. The platform started as a tool to provide students with online feedback on solutions to programming problems and expanded over time to support different...
One of the long running debates between programmers is whether camelCaseldentifiers are better than underscore_identifiers. This is ultimately a matter of programming language culture and personal taste, and to our best knowledge none of the camps has won the argument yet. It is our intuition that a solution exists which is superior to both the previous ones from the point of view of usability: the...
Workspace awareness tools facilitate coordination among developers in a team by informing them of emerging conflicts due to parallel development. Several such tools have been introduced recently. However, evaluating such (collaborative) tools through user studies is nontrivial because it depends on the group dynamics and their development behavior. In this paper, we present the challenges in evaluating...
While the advent of open source code search tools have made the source code of thousands of open source software (OSS) readily accessible, thereby increasing legitimate reuse, it has also opened up the possibility of unconscientious employees plagiarizing code from OSS repositories. Plagiarism in proprietary software would not only lead to costly lawsuits, but also undermine the credibility of the...
There are many good reasons for turning co-located projects distributed, likewise there are many good reasons for turning traditional projects agile. In both cases there are many obstacles to overcome and pitfalls to avoid and the combination of agile and distributed does not make this situation any better. In general Configuration Management works as the infrastructure of any software project and...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.