Andreas Mauczka

Adopting Code Reviews for Agile Software Development

Code reviews have many benefits, most importantly to find bugs early in the development phase and to enforce coding standards. Still, it is widely accepted that formal code reviews are time-consuming and the practical applicability in agile development is controversial. This work presents a continuous differential-based method and tool for code reviews. By using a continuous approach to code reviews, the review overhead can be reduced and the effectiveness and applicability in agile environments shall be improved.

Predicting Code Change by Using Static Metrics

Maintenance of software is risky, potentially expensive – and inevitable. The main objective of this study is to examine the relationship of code change, referred to as maintenance effort, with source-level software metrics. This approach varies from the typical approach of evaluating software metrics against failure data and provides a different angle on the validation of software metrics. The goal of this study is to show through exhaustive data mining that a relation between software metrics and code change exists. Once this connection is established, a set of software metrics is identified, which will be used in further studies to predict code change in problematic modules identified by the software metrics at an early development stage.

Applying Continuous Code Reviews in Airport Operations Software

Code reviews are an integral part of the development of a dependable system such as for airport operations. It is commonly accepted that code reviews are an effective quality assurance technique even if a rigorous application is also a high cost factor. For large software systems a formal method may be inapplicable throughout the whole code base. In this study an airport operational database (AODB) is developed with the application of a more lightweight approach to code reviews. A continuous, distributed and change-based process is applied by the development team and evaluated in comparison to team walkthroughs (IEEE-1028) as a baseline method. The application showed to be highly useful, equally effective as the baseline, but more efficient especially for the preparation, execution and rework effort. The results show that continuous code reviews also support the understanding of the code base and the concept of collective ownership. Such processes may not completely substitute a more formal and effortful technique. Especially for reviewing critical design aspects or complex items a traditional approach is still more appropriate. The main outcome is that such lightweight code reviews may be used together with more formal approaches to ensure a high coverage and that the degree of formalism should be adopted to the criticality of the item under review.

Mining security changes in FreeBSD

Current research on historical project data is rarely touching on the subject of security related information. Learning how security is treated in projects and which parts of a software are historically security relevant or prone to security changes can enhance the security strategy of a software project. We present a mining methodology for security related changes by modifying an existing method of software repository analysis. We use the gathered security changes to find out more about the nature of security in the FreeBSD project and we try to establish a link between the identified security changes and a tracker for security issues (security advisories). We give insights how security is presented in the FreeBSD project and show how the mined data and known security problems are connected.

Dataset of developer-labeled commit messages

Current research on change classification centers around automated and semi-automated approaches which are based on evaluation by either the researchers themselves or external experts. In most cases, the persons evaluating the effectiveness of the classification schemes are not the authors of the original changes and therefore can only make assumptions about the intent of the changes. To support validation of existing labeling mechanisms and to provide a training set for future approaches, we present a survey of source code changes that were labeled by their original authors. Seven developers from six different project applied three existing classification schemes from current literature to enrich their own changes with meta-information, so the intent of the changes becomes more evident. The final data set consists of 967 classified changes and is available as an SQLite database as part of the MSR data set.

Incremental reengineering and migration of a 40 year old airport operations system

This report describes the challenges and experiences with the incremental re-engineering and migration of a 40 year old airport operations system. The undocumented COBOL legacy system has to be replaced within given constraints such as limited downtime. A 3-step technical strategy is derived and successfully applied to the re-engineering task in this project. The incremental approach and resulting parallel operations of both systems are the most significant technical drivers for complexity in this environment. Furthermore, this report describes the process for planning, analyzing and designing a replacement system that is backed by strong user acceptance. The user interface design task of taking the system from VT100 to a web interface was a critical success factor, as well as live testing with actual production data and actual user interactions. Other aspects such as training and end user documentation are discussed.

A Task-Based Code Review Process and Tool to Comply with the DO-278/ED-109 Standard for Air Traffic Managment Software Development: An Industrial Case Study

Software reviews are one of the most efficient quality assurance techniques in software engineering. They are required for the enhancement of the software quality in early phases of the development process and often used in development of safety critical systems. In the field of software engineering for Air Traffic Management (ATM) the standard DO-278/ED-109 requires the rigorous application of code reviews and fully traceable reporting of the results. This case study presents a process and an IDE-integrated tool that complies with the requirements of the standard.

Opportunities for industry-university collaboration: A case study from Mozambique

Standing research regarding collaborations between universities and the public/private sector highlights promising benefits for both stakeholders involved. However, as of now, such collaboration is still rare and needs therefore further investigation. This qualitative case study takes up two main purposes. Firstly, it explores Information Technology (IT) needs and challenges in Mozambique for governmental institutions and universities. Secondly, it examines obstacles, which prevent industry-university collaboration within the context of education in computer science. The focus of this research is to solve industrys problems through increased collaborations with universities, thus strengthening the overall development of the country. Methods of data collection, interviews, observations, and a document analysis were used to gain an insight to the research field. The presented results in this research paper indicate that a lack of Internet and computational resources, project management and limited available funds have been challenging for both sides, governments and universities. Furthermore, current low-tech paper-based systems and insufficient IT skills are obstacles to overcome as well. It is suggested that increased industry-university collaborations, with the support of a university based academic-industrial board, could significantly contribute towards mitigating these challenges in Mozambique.

Nationwide PKI testing: ensuring interoperability of OCSP server and client implementations early during component tests

Interoperability issues between different implementations in large-scale systems is one of the major reasons for increased effort during system test. This paper addresses this problem in the context of the Online Certificate Status Protocol (OCSP) in a Public Key Infrastructure (PKI), which is part of the certificate verification process of many components. The high interconnection of OCSP clients and server increases the complexity of system tests to ensure interoperation. This paper provides a component based testing method for clients and servers using OCSP exemplified by testing PKI components of a nationwide IT infrastructure. The method ensures high interoperability requirements of large-scale infrastructures during component tests and reduces efforts for test execution.