Johannes Holvitie

Technical Debt and the Effect of Agile Software Development Practices on It - An Industry Practitioner Survey

A major reason for the popularity of agile and lean software methods is their capability to function in resource scarce and requirement erratic environments. Both of these characteristics cause accumulation of technical debt, something that is the end result of either intentional or unintentional decisions. The ability of these methods to function with technical debt indicates that they contain components with inherent technical debt management capabilities. This study conducts a survey on industry practitioners to discover what is their level of technical debt knowledge, how does technical debt manifest in their projects and which of the applied components of agile software development -- both processes and practices -- are sensitive to technical debt. This paper contributes to the technical debt discussion by showing differences in assumed and indicated technical debt knowledge. Furthermore, components closest to implementation and its maintenance are perceived to have the most positive effects on technical debt management. Finally, the most encountered instances of technical debt are caused by architectural inadequacies, they are internal legacy, and increase in size as a result of continued implementation.

DebtFlag : technical debt management with a development environment integrated tool

In this paper, we introduce the DebtFlag tool for capturing, tracking and resolving technical debt in software projects. DebtFlag integrates into the development environment and provides developers with lightweight documentation tools to capture technical debt and link them to corresponding parts in the implementation. During continued development these links are used to create propagation paths for the documented debt. This allows for an up-to-date and accurate presentation of technical debt to be upheld, which enables developer conducted implementation-level micromanagement as well as higher level technical debt management.

Towards a diversification framework for operating system protection

In order to use resources of a computer, malware has to know the interfaces provided by the operating system. If we make these critical interfaces unique by diversifying the operating system and user applications, a piece of malware can no longer successfully interact with its environment. Diversification can be considered as a computer-specific secret. This paper discusses how this API diversification could be performed. We also study how much work would be needed to diversify the Linux kernel in order to hide the system call interface from malware.

Top management support in software cost estimation: A study of attitudes and practice in Finland

Purpose – A cost estimate is considered to have a high impact on software project success. Because of this, different methodologies for creating an accurate estimate have been studied over decades. Many methodologies produce accurate results, when used properly. However, software projects still suffer from inaccurate estimates. The disparity may result from organisational hindrances. This paper focuses on top management support (TMS) for software cost estimation (SCE). The purpose of this paper is to identify current practices and attitudes of top management involvement in SCE, and to analyse the relationship between these two and project success. Design/methodology/approach – A list of 16 TMS practices for SCE has been developed. A survey was conducted to capture the frequency of use and the experienced importance of support practices. Data has been collected from 114 software professionals in Finland. Correlations between the frequency of use, attitudes and project success were analysed. Findings – Top ...

Breaking the Programming Language Barrier: Using Program Visualizations to Transfer Programming Knowledge in One Programming Language to Another

The transition from one programming language to another is an issue, which usually needs to be addressed in programming curricula, as the learning is typically started with syntactically easier languages. This study explores the possibility to use a short interactive tutorial with visualization exercises to ease the transition from Python to Java. In the experiment, the students first took a pre-test to measure their earlier programming knowledge with Python. After that, they used the tutorial with visualization exercises for 45 minutes. The tutorial and the exercises were designed to underline the syntactical and structural differences between Python and Java. Finally, the students answered to post-test, which contained questions similar to pre-test, but in Java. The results indicate, that the students were able to obtain similar program comprehension skills in Java that they previously had with Python. Moreover, the students seem to think that using such tutorials is highly beneficial in the transition. Hence, we conclude, that ViLLE can be effectively used to ease the transition from one language to another.

A Survey on Aims and Environments of Diversification and Obfuscation in Software Security

Diversification and obfuscation methods are promising approaches used to secure software and prevent malware from functioning. Diversification makes each software instance unique so that malware attacks cannot rely on the knowledge of the programs execution environment and/or internal structure anymore. We present a systematic literature review on the state of-the-art of diversification and obfuscation research aiming to improve software security between 1993 and 2014. As the result of systematic search, in the final phase, 209 related papers were included in this study. In this study we focus on two specific research questions: what are the aims of diversification and obfuscation techniques and what are the environments they are applied to. The former question includes the languages and the execution environments that can benefit from these two techniques, while the second question presents the goals of the techniques and also the type of attacks they mitigate.

Exploring the clustering of software vulnerability disclosure notifications across software vendors

This exploratory empirical paper investigates annual time delays between vulnerability disclosure notifications and acknowledgments by means of network analysis. These delays are approached through a potential clustering effect of vulnerabilities across software vendors. The analysis is based on a projection from bipartite vendor-vulnerability structures to one-mode vendor-vendor networks, while the hypothesized clustering effect is approached with a conventional community detection algorithm. According to the results, (a) vulnerabilities cluster across vendors, (b) which also explains a portion of the time delays, although (c) the clustering is not stable annually. The computed network (d) clusters can be also interpreted by reflecting these against common software security attack surfaces. The results can be used to contemplate (e) practical means with which the efficiency of vulnerability disclosure could be improved.

Software implementation knowledge management with technical debt and network analysis

Modern, fast-phased, iterative and incremental software development constantly struggles with limited resources and a plethora of frequently changing requirements. This environment often requires the development projects to intentionally - for example through implementing quick-and-dirty - or unintentionally - for example through misinterpretation of requirements - deviate from the optimal product state. While most of the deviation is caught through practices like customer reviews, the remainder stays hidden in the product. The undocumented remainder is difficult to remove, it expands uncontrollably and it negatively affects development as deviations are unexpectedly encountered and overcome. The term technical debt describes this process of accumulating hidden work. Management of technical debt can be expected to be a major factor in software development efficiency and sustainability and as such it should be an integral part of the software implementations knowledge management. In addition to being difficult to capture, the continuous evolution of the implementation makes maintenance of gained information a challenge. This paper discusses applying technical debt management for software implementations including the entry points for knowledge discovery, network analysis for overcoming the maintenance challenges as well as the pursued outcomes.

Technical debt and agile software development practices and processes: An industry practitioner survey

Abstract Context: Contemporary software development is typically conducted in dynamic, resource-scarce environments that are prone to the accumulation of technical debt. While this general phenomenon is acknowledged, what remains unknown is how technical debt specifically manifests in and affects software processes, and how the software development techniques employed accommodate or mitigate the presence of this debt. Objectives: We sought to draw on practitioner insights and experiences in order to classify the effects of agile method use on technical debt management, given the popularity and perceived success of agile methods. We explore the breadth of practitioners’ knowledge about technical debt; how technical debt is manifested across the software process; and the perceived effects of common agile software development practices and processes on technical debt. In doing so, we address a research gap in technical debt knowledge and provide novel and actionable managerial recommendations. Method: We designed, tested and executed a multi-national survey questionnaire to address our objectives, receiving 184 responses from practitioners in Brazil, Finland, and New Zealand. Results: Our findings indicate that: 1) Practitioners are aware of technical debt, although, there was under utilization of the concept, 2) Technical debt commonly resides in legacy systems, however, concrete instances of technical debt are hard to conceptualize which makes it problematic to manage, 3) Queried agile practices and processes help to reduce technical debt; in particular, techniques that verify and maintain the structure and clarity of implemented artifacts (e.g., Coding standards and Refactoring) positively affect technical debt management. Conclusions: The fact that technical debt instances tend to have characteristics in common means that a systematic approach to its management is feasible. However, notwithstanding the positive effects of some agile practices on technical debt management, competing stakeholders’ interests remain a concern.

Internal Interface Diversification as a Security Measure in Sensor Networks

More actuator and sensor devices are connected to the Internet of Things (IoT) every day, and the network keeps growing, while software security of the devices is often incomplete. Sensor networks and the IoT in general currently cover a large number of devices with an identical internal interface structure. By diversifying the internal interfaces, the interfaces on each node of the network are made unique, and it is possible to break the software monoculture of easily exploitable identical systems. This paper proposes internal interface diversification as a security measure for sensor networks. We conduct a study on diversifiable internal interfaces in 20 IoT operating systems. We also present two proof-of-concept implementations and perform experiments to gauge the feasibility in the IoT environment. Internal interface diversification has practical limitations, and not all IoT operating systems have that many diversifiable interfaces. However, because of low resource requirements, compatibility with other security measures and wide applicability to several interfaces, we believe internal interface diversification is a promising and effective approach for securing nodes in sensor networks.