Product-Focused Software Process Improvement

ML pipelines, as key components of ML systems, shall be developed following quality assurance techniques. Unfortunately, it is often the case in which they present maintainability issues, due to the experimentatal nature of data collection and ML model construction. To address this problem, this work in progress proposes initial metrics to measure the presence of code smells in ML pipelines. These metrics reflect good software engineering practices for code quality of ML pipelines.

Process mining is one of the research disciplines belonging to the field of Business Process Management (BPM). The central idea of process mining is to use real process execution logs in order to discover, model, and improve business processes. There are multiple approaches to modeling processes with the most prevalent one being the procedural models like Petri nets and BPMN models. However, procedural models can be difficult to use for processes like software processes that are highly variable and can have a high number of different branches and exceptions. In these cases, it may be better to use declarative models, because declarative models do not aim to model the end-to-end process step by step, but they constrain the behavior of the process using rules thus allowing for more flexibility in the process executions. The goal of this paper is to introduce the main principles of declarative process mining (i.e., process mining based on declarative models) and to show which state-of-the-art declarative process mining techniques have been implemented in the RuM toolkit and in the Declare4Py Python library.

The technology inside modern vehicles is rapidly growing and poses newer security risks, as vehicle communication protocols are not yet fully secured and vulnerable to attacks. Consequently, the implementation of automotive cybersecurity systems has gained more attention. Controller Area Network (CAN) is one of the most studied communication protocols in the literature and lacks inherent cybersecurity measures. Several works proposed Intrusion Detection Systems (IDSs) using Machine Learning (ML) and Deep Learning (DL) algorithms to identify attacks on the CAN bus. Exploiting ML or DL techniques in a multi-class approach makes it possible to know the attack typology and to support developers’ decisions to integrate concrete design methods in the software automotive development life-cycle. However, most automotive IDSs are tested on data sets that contain raw CAN messages without the possibility of decoding these messages to understand how the attack was generated. Based on these gaps, a Multi-class Random Forest for Automotive Intrusion Detection (MaREA) is presented, and a new Synthetic Automotive Hacking Dataset (SA-Hacking Dataset) is generated with a Database for CAN (DBC) file. First, the model is validated on the Car-Hacking dataset and compared with two other works in the literature that used the same classifier and dataset for the multi-class approach. Then, the Random Forest model is tested by concatenating the Survival Analysis Dataset and the SA-Hacking Dataset. The proposed approach presented better-quality results for both the Car-Hacking dataset and the aforementioned concatenated dataset.

Technical debt is a collection of design decisions that, when taken together over time, make the system challenging to maintain and develop. Technical debt impacts the quality of applications by generating structural weaknesses that translate into slowness and functional deficiencies at the development level. Identifying debts in your code, architecture, and infrastructure is of paramount importance and requires an in-depth analysis that requires effort in terms of time and resources. To date, there are several reliable tools for calculating debt in code, but this study aims to forecast the impact developers have on debt in source code. We propose an approach, based on the use of different Machine Learning and Deep Learning classifiers capable of predicting just in time, if the change that the developer is making will have a low, medium, or high impact on the debt. To conduct the experiments, three open-source Java systems available on Github were selected, and for each of these, the entire history was collected in terms of changes, quality metrics and indicators strictly connected to the presence of technical debt. The results obtained are satisfactory, showing the effectiveness of the proposed method.

The constant advancement of technology has revolutionized the healthcare industry, introducing new opportunities for improved medical services. Desktop applications have emerged as a versatile platform for enhancing healthcare delivery, providing efficient access to medical information and services. In this paper, we explore the development of a desktop application tailored specifically as a side application to a non-invasive anemia detection system, to allow patients and physicians to easily interact. By leveraging our expertise in software engineering principles and collaborating closely with medical experts, we present a comprehensive framework that incorporates advanced features, security protocols, and intuitive user interfaces, ensuring a reliable and secure desktop application that enables doctors to remotely monitor patients’ hematological parameters extracted from the mobile application on the patients’ smartphone.

This paper addresses classical simulations in the assessment of quantum computing performance. It emphasises the significance of these simulations in understanding quantum systems and exploring the potential of quantum algorithms. The challenges posed by the exponential growth of quantum states and the limitations of full-state simulations are addressed. Various approximation techniques and encoding methods are pointed out to enable simulations of larger quantum systems, and advanced simulation strategies tailored to specific goals are also discussed. This work focuses on the feasibility of classical simulation in decision processes regarding the development of software solutions, extending the assessment beyond high-performance computing systems to include standard hardware. This opportunity can foster the adoption of classical simulations of quantum algorithms to a wider range of users.

This work presents an approach based on Long short-term memory (LSTM) for estimating the bug-fixing time in the bug triage process. Existing bug-fixing time predictor approaches underutilize useful semantic information and long-term dependencies between activities in the bug-fixing sequence. Therefore, the proposed approach is a deep learning-based model that converts activities into vectors of real numbers based on their semantic meaning. It then uses LSTM to identify long-term dependencies between activities and classifies sequences as having either short fixing time or long fixing time. The evaluation on bug reports from the Eclipse project shows that this approach performs slightly better than the current best in the literature, boasting improved metrics such as accuracy, precision, f-score, and recall.

Code obfuscation techniques serve to obscure proprietary code, and there are several types. Various tools, such as reverse engineering, are used to reconstruct obfuscated code. To make the analysis and decoding of obfuscated code more difficult, obfuscation techniques can be combined in cascades. Artificial Intelligence (AI) can be used to recombine old codes with each other and make it more difficult to decrypt them. In this paper, the focus is precisely on the increased complexity of the process of reconstructing proprietary code if it is generated with the aid of AI, and consequently on the increasing difficulty for antiviruses in detecting this new type of malware.

With the advancement of quantum computing technology, a pressing need arises to assess its potential implications on existing systems and infrastructures. In this paper, we delve into the interplay between quantum computing and 5G technology, with a specific focus on its profound impact on cryptography and the emergence of post-quantum techniques. We analyse the potential vulnerabilities quantum computers pose to conventional cryptographic algorithms employed in 5G networks. Our research investigates the challenges and opportunities that arise at the intersection of quantum computing and 5G, ultimately aiming to contribute to the development of secure and future-proof communication systems.

Speech impairments can be extremely debilitating for individuals in many areas of their lives. Speech therapy is a field that aims to solve these disorders by taking into account multiple factors and following patients over an extended period of time. Technology can represent a powerful support system for people affected by these impairments; more specifically, Artificial intelligence (AI) can come in handy when it comes to monitoring therapies and helping children perform daily exercises to improve their condition. This research work aims at illustrating how a smart voice assistant, Amazon Alexa, and a web application called “e-SpeechT” can seamlessly work together to support every phase of speech therapy. In particular, it explores how the AI algorithms that characterize these systems can improve the overall interaction paradigm and their medical feasibility.

Early advancements in quantum computing have opened up new possibilities to tackle complex problems across various fields, including mathematics, physics, and healthcare. However, the technology required to construct systems where different quantum and classical software components collaborate is currently lacking. To address this, substantial progress in service-oriented quantum computing is necessary, empowering developers to create and operate quantum services and microservices that are comparable to their classical counterparts. The main objective of this work is to establish the essential technological infrastructure for integrating an Enterprise Service Bus (ESB). This integration enables developers to implement quantum algorithms through independent and automatable services, thereby facilitating the collaboration of quantum and classical software components. Additionally, this work has been validated through a practical case using Zato, a platform that supports service-oriented architectures. By achieving this goal, developers can harness the power of quantum computing while benefiting from the flexibility, scalability, and efficiency of service-oriented computing. This integration opens up new possibilities for developing advanced quantum applications and tackling real-world challenges across various domains.

The emerging paradigm of Quantum computing has the potential to transform the established way-of-working in several scientific and industrial fields if the open challenges of applying quantum computing systems for real-world applications are addressed. One of the major challenges is that the quantum computing systems accessible for industrial and commercial users have very few qubits. Several research initiatives are being proposed to work around this constraint. We investigate the amenable scope and limits of a hybrid platform where classical computing works in tandem with quantum computing to address practical problems. Instead of focusing on quantum supremacy or specialized academic problems, this paper proposes a framework where generalized industrial applications can be solved using hybrid computing systems with limited qubit capacity using a decomposition technique that can be modified to any decision-support procedure.

The emergence of quantum computing proposes a revolutionary paradigm that can radically transform numerous scientific and industrial application domains. The ability of quantum computers to scale computations implies better performance and efficiency for certain algorithmic tasks than current computers provide. However, to gain benefit from such improvement, quantum computers must be integrated with existing software systems, a process that is not straightforward. In this paper, we investigate challenges that emerge when building larger hybrid classical-quantum computers and introduce the Quantum Algorithm Card (QAC) concept, an approach that could be employed to facilitate the decision making process around quantum technology.

An Automated Driving System (ADS) must undergo comprehensive safety testing before receiving a road permit. Since it is not clear what exactly constitutes sufficient safety for an ADS, one could assume that an ADS is safe enough if it is at least as safe as a Human Driven Vehicle (HDV). Simulation-based testing is a cost-effective way to check the safety of an ADS. My goal is to develop an approach to compare the safety behavior of ADS and HDV using simulation. This comparison aims to quantify the advantages and disadvantages of ADS compared to HDV. Additionally, I aim to develop a process for selecting specific scenarios that contribute to building trust in the accuracy and reliability of simulation results. This involves defining performance criteria against which the behavior of an ADS in the simulator is compared to that of a HDV. Furthermore, I aim to translate the performance advantages or disadvantages observed in simulated ADS behavior into real-world safety-critical traffic scenarios.

Motivation: Technical debt is a metaphor that describes not-quite-right code introduced for short-term needs. Developers are aware of it and admit it in source code comments, which is called Self-Admitted Technical Debt (SATD). Therefore, SATD indicates weak code that developers are aware of. Problem statement: Inspecting source code is time-consuming; automatically inspecting source code for its vulnerabilities is a crucial aspect of developing software. It helps practitioners reduce the time-consuming process and focus on vulnerable aspects of the source code. Proposal: Accurately identify and better understand the semantics of self-admitted technical debt (SATD) by leveraging NLP and NL-PL approaches to detect vulnerabilities and the related SATD. Finally, a CI/CD pipeline will be proposed to make the vulnerability discovery process easily accessible to practitioners.

Metamorphic Testing (MT) address the test oracle problem, which arises when there are no practical means to verify the outputs of the System Under Test (SUT). Instead of just verifying individual input-output combinations, MT assesses the relations between pairs of these combinations during consecutive SUT executions; these relations are known as Metamorphic Relations (MRs). MRs delineate how outputs should adapt based on input changes. Automating MR generation is challenging because of the intrinsic connection between MRs and the SUT’s domain. Furthermore, the relevance of MRs can be contingent upon specific data. Motivated by this, our research focuses on facilitating the generation and selection of MRs, defining their applicability by establishing constraints and shedding light on the factors influencing MR outcomes. Our goal is to equip testers with methods and tools that optimise the application of the MT approach.