• Không có kết quả nào được tìm thấy

PDF Agile Processes in Software Engineering and Extreme Programming

Nguyễn Gia Hào

Academic year: 2023

Chia sẻ "PDF Agile Processes in Software Engineering and Extreme Programming"


Loading.... (view fulltext now)

Văn bản

Juan Garbajosa Unibersidad ti Politekniko ti Madrid, Espania Xiaofeng Wang Libre nga Unibersidad ti Bozen-Bolzano, Italia. Lech Madeyski Wroclaw Unibersidad ti Siensia ken Teknolohia, Polonia Michele Marchesi DMI - Unibersidad ti Cagliari, Italia.

1 Introduction

We conducted a qualitative survey to present this new user story template to the COSMIC community to capture the opinion of COSMIC users in terms of expressiveness and its value. As can be seen, sizing user stories using the COSMIC method is not a difficult task.

2 Background


Section 4 presents the evaluation process conducted through the COSMIC community survey and its analysis. The model is created using the generic software model COSMIC, which is defined for four principles [8].

Fig. 2. The COSMIC measurement process [8]
Fig. 2. The COSMIC measurement process [8]

User Story Overview

The last part, which in a traditional template is responsible for expressing user feedback or expectations, is specific to the Nielsen heuristics that need to be fulfilled in the user story. The US05 template [15] is equivalent to the traditional template, but prioritizes first instead of last.

3 COSMIC User Story Standard

US03 “As a, I want/needso that. As a Manager, I want to create books, related to the author and the publishing company; then be notified of the operation status.

4 Evaluation


Please talk about your answer.”, the content analysis is divided into two groups, “Yes” and “No” answers. Please speak about your answer. The content analysis was also based on "Yes" and "No" answers to end their further discourses.

Table 2. Respondents distribution into groups.
Table 2. Respondents distribution into groups.


US01 As a librarian, I want to register a new book so that it is available for reserve and/or loan. 2 US06 As a librarian, I want to remove an author 2 US07 As a librarian, I want to list all authors 3 US08 As a librarian, I want to update an author, so that I.

5 Threats to Validity

US01 As a librarian, I want to register a new book, linked to author and publisher; then be informed about the operation status. 3 US07 As a librarian, I want to list all authors 3 US08 As a librarian, I want to update an author; then let yourself be informed.

Table 7. Example using CUSS
Table 7. Example using CUSS

6 Conclusion and Future Work

We present an evaluation of the approach to measure how the use of annotations improves the quality of the requirements. In this section, we evaluate the approach to measure the extent to which it aids in understanding mockups according to Wohlin et al.

Fig. 1. Mockup of an e-commerce application.
Fig. 1. Mockup of an e-commerce application.

Analysis and Verification in Agile Development: A Controlled Experiment

Therefore, we believe that BDD could be suitable for security verification with STPA for security analysis in agile development. We propose a possible way to use BDD with STPA for security verification in agile development.

2 Related Work

For security verification in agile development, a high productivity of security test cases promotes high security. Using BDD for security verification, we note the importance of communication between developers and business analysts.

3 STPA Integrated BDD for Safety Analysis and Verification (STPA-BDD)

To investigate the effect of using BDD for security verification, we design a controlled experiment that refers to a set of TDD experiments. We correct the trigger event to pass the test cases to meet the safety requirement. a).

Fig. 1. STPA-BDD concept
Fig. 1. STPA-BDD concept

4 Experiment Design (We follow the guideline by Wohlin et al. [32].)

  • Goal
  • Context
  • Hypotheses
  • Variables
  • Pilot Study
  • Experiment Operation

In our experiment, the participants test the user stories in the STPA security report and deliver security test cases. After the 1st session, the participants record the NIUS and the time in the operation report.

Table 1. Medians of the student’s background
Table 1. Medians of the student’s background

5 Analysis

Descriptive Analysis

In Figure 5(a), we can see six noteworthy values ​​that BDD outperforms UAT: (4) Test cases have clear documentation. From Figure 5(b), five noteworthy values ​​show that BDD is better than UAT: (6) Developers consider security requirements thoroughly and initially.

Fig. 4. Boxplot for PROD, THOR and FAUL
Fig. 4. Boxplot for PROD, THOR and FAUL

Hypothesis Testing

6 Threats to Validity

  • Internal Validity
  • Construct Validity
  • Conclusion Validity
  • External Validity

In BDD test-first, we write the failed test cases first and work to pass them all to boost encryption. We also refer to a study by Cleland-Huang and Rahimi, who successfully conducted an SCS project with graduate students [2]. Second, the simplicity of the tasks poses a threat.

7 Discussion and Conclusion

We manually went through each of the job advertisements and looked for soft skill requirements. We considered both the soft skills that are essential (mandatory requirements) and the soft skills that are considered a plus to get hired (nice to haves). China, Vietnam and Portugal have a moderate number of job advertisements that do not ask for soft skills (around 30% each).

The rest of the countries studied have less than half of their advertisements mentioning soft skills. Turner, R., Lowry, G.: The third dimension of the IS curriculum: the importance of soft skills for IT practitioners.

Table 1. Job advertisements collected from each country Country No. of ads % of the total ads
Table 1. Job advertisements collected from each country Country No. of ads % of the total ads

Practice: A Thematic Analysis with Distinct Domains and Languages

From the participants' projects, we collected information about their perception of the benefits experienced, difficulties encountered and their opinion about the quality improvement of the software attributed to the use of TDD. But for some of the programmers, they found that the transition to the TDD mindset is the most significant difficulty. 24] also investigated the TDD effects on both the internal and external quality of the software and the programmers' perception of the method.

Notably, there are few qualitative investigations that explore the effects of TDD from the perspective of developers [20,21]. In this study, we are also interested in exploring and knowing the opinion of developers regarding the use of TDD, its effects and other factors that imply in its application.

3 Empirical Study

However, we aim to capture perceptions and draw conclusions regardless of the programming language or application domain. We determined that each subject was responsible for defining the type and purpose of the application, and for choosing the programming language, the IDE and the unit testing tools. Regarding the type of project, 12 participants reported that their projects were part of their academic research; 3 participants developed part of the real projects they developed in the industry, and other 3 participants developed personal projects.

Thematic analysis (TA), proposed by Braun and Clarke [5], is a theoretically flexible approach to analyze qualitative data, widely used to organize and describe a set of data in rich detail, and also to interpret different aspects of research. topic. Thus, to carry out the analysis of the participants' responses, we performed a thematic analysis following the six steps proposed by Braun and Clarke [5]: (i) familiarization with the data; (ii) generating initial codes; (iii) searching for topics; (iv) revision and refinement of topics; (v) definition and naming of topics; and (vi) writing the final report.

Table 1. Projects characterization
Table 1. Projects characterization

4 Findings

In terms of development time, about 84% of projects took 9 to 72 hours to implement, taking production code and unit testing into account (see Figure 1). Unit Tests (n = 10) Test Quality (n = 8) "To define the scope of the tests, some tests required the implementation of more than one feature." [S8]. The quality of the code is another frequently mentioned benefit that is experienced by almost all participants.

This uncertainty made the whole process very slow, but I practically didn't have to change any of the tests - depending on the purpose of the test.”. I decided to use TDD to implement new software functionality.” [S3].

Fig. 1. Development time and total lines of code
Fig. 1. Development time and total lines of code

5 Discussion

As previously mentioned, one of the participants' difficulties was deciding whether or not to use mocks in their projects. In our study, we can deduce that the lack of practice is certainly one of the aspects that can affect productivity. Although baby steps are a key factor, we found that various developers initially struggle with setting the size of the steps.

Some participants realized that small steps could help reduce the complexity of the design. For example, one participant claimed that disengagement was an effect of using fake objects.

Table 7. Use of mock objects Question: Have you used mock objects in your project?
Table 7. Use of mock objects Question: Have you used mock objects in your project?

6 Conclusion, Limitations and Future Work

Aniche, M.F., Ferreira, T.M., Gerosa, M.A.: Regarding novice test-driven development practitioners: a qualitative analysis of opinions in an agile conference. Deng, C., Wilson, P., Maurer, F.: FitClipse: a fit-based eclipse plug-in for executable acceptance test-driven development. Gupta, A., Jalote, P.: An experimental evaluation of the effectiveness and efficiency of the test-driven development.

Panˇcur, M., Ciglariˇc, M.: Impact of test-driven development on productivity, code and tests: a controlled experiment. Scanniello, G., Romano, S., Fucci, D., Turhan, B., Juristo, N.: Student and professional perceptions of test-driven development: a focus group study.

Application Security Testing Tools

An Action Research at Telenor Digital

When it comes to security, the decision to implement static analysis tools should be guided. Using a static analysis tool does not automatically improve code security. Various studies have investigated why developers do not use static analysis tools to find bugs, e.g.

4] evaluated the use of a commercial static analysis tool to improve security in an industrial environment. Other researchers have also conducted independent quantitative evaluation of static analysis tools regarding their performance in detecting security weaknesses.

3 Case Study

  • Evaluating Static Analysis Tools
  • Performance Metrics
  • Results of Tools’ Evaluation
  • Interview
  • Practices and Demography
  • Experience with Static Analysis Tools and Security
  • Perceptions of the Developers About SAST Tools

True Positive (TP): The number of cases where the tool correctly reports the error targeted by the test case. False Positive (FP): The number of cases where the tool reports an error with a type that is the target of the test case, but the error is reported in code without errors. For example, Wagner and Sametinger [24] modified this metric by accepting the detection of tools in the "non-error" part of the code as valid as long as they are reported in the target CWE file.

The highest detection rate is 4.17% for FindSecBugs, while the commercial tool only detected 1.23% of vulnerabilities. Tool setting and preparation for work. Developers dread the effort of getting a third-party SAST tool to work seamlessly in their development and build environments.

Fig. 1. Bad source and bad sink method for XSS - CWE80
Fig. 1. Bad source and bad sink method for XSS - CWE80

4 Discussions and Implications

These would be possible if the tools are able to point out real issues, if it is possible to flag a piece of code that should not be scanned, if it is automated and easy to use, if it is not cognitively demanding to interact with the tool, and whether the tools report in a way that developers understand. From the perspective of the security group at Telenor Digital, the study was valuable in providing both qualitative and quantitative insights and driving future decisions. This is confirmed through the use of third-party consultants by some of the teams at Telenor Digital to perform penetration testing for their applications [9].

It is very important to make developers aware of the strengths and weaknesses of the tools early on so that they can have a realistic expectation. However, it is very helpful when developers are part of the decision making so that they know the capabilities of the tools.

5 Limitations

6 Conclusion

The context of the experiment consists of undergraduate students (subjects) and a Java application (object). Thus, it is accepted that there is no statistically significant effect of treatment on the specification of acceptable test scenarios. In this part, we discuss the six questions of the questionnaire that we used in the experiment.

21] strategic flexibility (or agility) consists of four distinct categories: (1) speed and change of competitive priorities, (2) range of strategic options, (3) speed of movement from one business to another, and (4) variety of potential new businesses. The authors indicate that "the result of iterations are adopted practices and not elements of the delivered product"[24]. The common use of agile methods in our data set suggests that many of the companies represented by the participants had (perhaps a lot of) experience in using agile methods.

There may be systematic differences in the non-measured characteristics of the agile and the non-agile software projects.

Fig. 1. Fit table report sample [11].
Fig. 1. Fit table report sample [11].

Hình ảnh

Table 1. Examples of user stories templates.
Table 2. Respondents distribution into groups.
Fig. 1. Mockup of an e-commerce application.
Fig. 2. Descripted mockups using our Colloquial DSL.

Tài liệu tham khảo

Tài liệu liên quan

This working paper reviews: (a) some of the evidence for the link between telecommunications and the internet and economic growth; (b) the likely impact of the new ICTs on