Abstract
Secured software development must employ a security mindset across software engineering practices. Software security must be considered during the requirements phase so that it is included throughout the development phase. Do the requirements gathering team get the proper input from the technical team? This paper unearths some of the data sources buried within software development phases and describes the potential approaches to understand them. Concepts such as machine learning and deep learning are explored to understand the data sources and explore how these learnings can be provided to the requirements gathering team. This knowledge system will help bring objectivity in the conversations between the requirements gathering team and the customer's business team. A literature review is also done to secure requirements management and identify the possible gaps in providing future research direction to enhance our understanding. Feature engineering in the landscape of software development is explored to understand the data sources. Experts offer their insight on the root cause of the lack of security focus in requirements gathering practices. The core theme is statistical modeling of all the software artifacts that hold information related to the software development life cycle. Strengthening of some traditional methods like threat modeling is also a key area explored. Subjectivity involved in these approaches can be made more objective.
Similar content being viewed by others
References
Othmane LB, Chehrazi G, Bodden E, Tsalovski P, Brucker AD (2016) Time for addressing software security issues: prediction models and impacting factors. Springer nature. Data Sci Eng 2:107–124
Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker A, Miseldine P (2015) Factors impacting the effort required to x security vulnerabilities. In: Proceedings of information security conference (ISC 2015), Trondheim, Norway, pp 102–119
Gray AR, MacDonell SG (1997) Comparison of techniques for developing predictive models of software metrics. Inf Softw Technol 39:425–437
Wen J, Li S, Lin Z, Hu Y, Huang C (2012) Systematic literature review of machine learning based software development effort estimation models. Inf Softw Technol 54:41–59
Zhang F, Khomh F, Zou Y, Hassan A (2012) An empirical study on factors impacting bug fixing time. In: 19th Researching conference on reverse engineering (WCRE), Kingston, Canada, pp 225–234
Menzies T, Butcher A, Marcus A, Zimmermann T, Cok D (2011) Local versus global models for effort estimation and defect prediction. In: Proceedings of the 2011 26th IEEE/ACM international conference on automated software engineering. ASE '11, Washington, DC, pp 343–351
Menzies T, Greenwald J, Frank A (2006) Data mining static code attributes to learn defect predictors. IEEE Trans Software Eng 33(1):2–13
Hewett R, Kijsanayothin P (2009) On modeling software defect repair time. Empir Softw Eng 14(2):165
Ben Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker AD, Miseldine P (2015) Factors impacting the effort required to fix security vulnerabilities. In: International conference on information security, Springer Cham, pp 102–119
Bener A, Misirli A, Caglayan B, Kocaguneli E, Calikli G (2015) Lessons Learned from software analytics in practice. The art and science of analyzing software data, 1st edn. Elsevier, Waltham, pp 453–489
Hamill M, Goseva-Popstojanova K (2014) Software faults fixing effort: analysis and prediction. Technical Report 20150001332, NASA Goddard Space Flight Center, Greenbelt, MD USA
Menzies EKT, Mendes E (2015) Transfer learning in effort estimation, empirical software engineering. Empir Softw Eng 20:813–843
Javier Lopez, Chris J. Mitchell (Eds.) (2015) Factors impacting the Effort required to fix security vulnerabilities an industrial case study. In: 18th international conference, ISC 2015 Trondheim, Norway, September 9–11, 2015 Proceedings
Bener A, Misirli AT, Caglayan B, Kocaguneli E, Calikli G (2015) Lessons learned from software analytics in practice. Elsevier, The art and science of analyzing software data, pp 453–489
Misirli AT, Bener AB (2014) Bayesian networks for evidence-based decision-making in software engineering. IEEE Trans Software Eng 40(6):533–554
Ghaffarian SM, Shahriari HR (2017) Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput Surv 50(4):1–36
Shin Y, Williams L (2013) Can traditional fault prediction models be used for vulnerability prediction? Empir Softw Eng 18(1):25–59
Shin Y, Williams L (2011) An initial study on the use of execution complexity metrics as indicators of software vulnerabilities. In: Proceedings of the 7th international research shop on software engineering for secure systems (SESS'11). ACM, pp 1–7
Bosu A, Carver JC, Hafiz M, Hilley P, Janni D (2014). Identifying the characteristics of vulnerable code changes: an empirical study. In: Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering, pp 257–268
Long F, Rinard M (2016) Automatic patch generation by learning correct code. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 298–312
Yamaguchi F, Lottmann M, Rieck K (2012) Generalized vulnerability extrapolation using abstract syntax trees. In: Proceedings of the 28th annual computer security applications conference, pp 359–368
Charu CA, Wang H (2010) A survey of clustering algorithms for graph data. In: Managing and mining graph data. Springer, pp 275–301
Cheng H, Yan X, Han J (2014) Mining graph patterns. Frequent pattern mining. Springer, Cham, pp 307–338
Foggia P, Percannella G, Vento M (2014) Graph matching and learning in pattern recognition in the last 10 years. Int J Pattern Recognit Artif Intell 28(01):1450001
Peng H, Mou L, Li G, Liu Y, Zhang L, Jin Z (2015) Building program vector representations for deep learning. In: International conference on knowledge science, engineering and management, Springer, Cham, pp 547–553
Younis A, Malaiya Y, Anderson C, Ray I. (2016) To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit. In: Proceedings of the sixth ACM conference on data and application security and privacy, pp 97–104
Shar LK, Briand LC, Tan HBK (2014) Web application vulnerability prediction using hybrid program analysis and machine learning. IEEE Trans Dependable Secure Comput 12(6):688–707
Chorowski J (2012) Learning understandable classier models. Ph.D., Dissertation, University of Louisville. Codenomicon
Freitas AA (2014) Comprehensible classification models: a position paper. ACM SIGKDD Explor Newsl 15(1):1–10
Van Assche A, Blockeel H (2007) Seeing the forest through the trees: Learning a comprehensible model from an ensemble. European Conference on machine learning. Springer, Berlin, pp 418–429
Riaz M, King J, Slankas J, Williams L (2014) Hidden in plain sight: Automatically identifying security requirements from natural language artifacts. In: 2014 IEEE 22nd international requirements engineering conference (RE). IEEE, pp 183–192
Thushan G (2018) Intuitive guide to latent Dirichlet allocation. https://towardsdatascience.com/light-on-math-machine-learning-intuitive-guide-to-latent-dirichlet-allocation-437c81220158. Accessed 10 Dec 2020
Deb R, Roy S (2020) Dynamic vulnerability assessments of software-defined networks. Innov Syst Softw Eng 16:45–51. https://doi.org/10.1007/s11334-019-00337-3
Kassab M, Mazzara M, Lee J et al (2018) Software architectural patterns in practice: an empirical study. Innov Syst Softw Eng 14:263–271. https://doi.org/10.1007/s11334-018-0319-4
Althar RR, Samanta D (2020) Building Intelligent Integrated Development Environment for IoT in the Context of Statistical Modeling for Software Source Code. In: Kumar R, Sharma R, Pattnaik PK (eds) Multimedia technologies in the Internet of Things environment Studies in big data, vol 79. Springer, Singapore. https://doi.org/10.1007/978-981-15-7965-3-7
Gomathy V, Padhy N, Samanta D et al (2020) Malicious node detection using heterogeneous cluster based secure routing protocol (HCBS) in wireless adhoc sensor net researches. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-01797-3
Idani A, Ledru Y, Vega G (2020) Alliance of model-driven engineering with a proof-based formal approach. Innov Syst Softw Eng 16:289–307. https://doi.org/10.1007/s11334-020-00366-3
Given-Wilson T, Jafri N, Legay A (2020) Combined software and hardware fault injection vulnerability detection. Innov Syst Softw Eng 16:101–120. https://doi.org/10.1007/s11334-020-00364-5
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Althar, R.R., Samanta, D. The realist approach for evaluation of computational intelligence in software engineering. Innovations Syst Softw Eng 17, 17–27 (2021). https://doi.org/10.1007/s11334-020-00383-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11334-020-00383-2