Improving software quality by managing technical debt and uncovering security vulnerabilities

通过管理技术债务和发现安全漏洞来提高软件质量

• 批准号: RGPIN-2021-04232
• 负责人: Codabux, Zadia
• 金额: $ 1.75万
• 依托单位: University of Saskatchewan
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=749794
• 关键词: Improving; software; quality; managing; technical

Software is of paramount importance to the success of almost every business, industry, and individual. It is imperative that quality software products are developed. However, to achieve short-term objectives such as a faster release of the software or lower development cost, software practitioners often take shortcuts during software development. Such workarounds are known as technical debt. If not properly managed, in the long-term, technical debt can lead to disastrous consequences such as increased maintainability cost, lower developer productivity, increased number of defects, and software deterioration (decay). Technical debt management typically consists of identification, assessment (cost and impact), and prioritization. This is usually followed by activities such as refactoring or reengineering of the code. While software quality with a focus on software defects has a rich research history, technical debt research has gained momentum over the last decade. The long-term objective of this research is to better manage technical debt by (1) investigating the design decisions that led to technical debt for more sustainable decisions in the future, (2) using technical debt, more specifically, code and architectural smells to uncover software vulnerabilities, and (3) analyzing developers' behavior to create developers' profiles by understanding their strengths and weaknesses concerning technical debt, for better resource allocation and customized training.  This research will train HQPs in various specialized skills: data mining, statistical analysis, machine learning, and empirical studies, to contribute to the ever-growing ICT sector in Canada, which had projected a shortage of 200 000 ICT professionals by 2020. By enabling the production of better quality software and with an increasing number of highly skilled HQPs, Canada will attract more companies to establish themselves here. This will boost the Canadian economy by increasing revenues in the ICT sector, which accounts for 4.8% of the 2019 national GDP. In addition, we will work closely with the local companies in Saskatchewan to help them improve their software quality.

软件对于几乎每个企业，行业和个人的成功至关重要。必须开发优质的软件产品。但是，为了实现短期目标，例如软件的更快发布或更低的开发成本，软件从业人员在软件开发过程中通常会采取快捷方式。这样的解决方法称为技术甲板。如果无法正确管理，从长远来看，技术甲板可能会导致灾难性的后果，例如提高维护成本，降低开发人员生产率，缺陷的数量增加和软件定义（衰减）。技术债务管理通常包括识别，评估（成本和影响）和优先级。这通常是随后进行的活动，例如重构或重新设计代码。尽管专注于软件缺陷的软件质量具有丰富的研究历史，但在过去的十年中，技术甲板研究的势头已获得动力。 The long-term objective of this research is to better manage technical deck by (1) investigating the design decisions that led to technical deck for more sustainable decisions in the future, (2) using technical deck, more specifically, code and architectural smells to uncover software vulnerabilities, and (3) analyzing developers' behavior to create developers' profiles by understanding their strengths and weaknesses concerning technical deck, for better resource allocation and customized training.这项研究将以各种专业技能培训HQP：数据挖掘，统计分析，机器学习和经验研究，为加拿大不断增长的ICT领域做出贡献，该领域预计到2020年，该领域的不足将短缺200万ICT专业人员。通过促进质量更好的软件的生产，并以越来越多的高质量的HQP吸引加拿大的公司来吸引更多的公司，以吸引更多的公司。这将通过增加ICT行业的揭示来促进加拿大经济，占2019年国家GDP的4.8％。此外，我们将与萨斯喀彻温省的当地公司紧密合作，以帮助他们提高软件质量。