• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.147-155
• /
• 2010

It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.24 no.4
• /
• pp.49-55
• /
• 2024

Code smells, used by Kent Beck, indicate potential quality issues and suggest the need for refactoring. This paper evaluates code smells in the LEA codebase, focusing on categorization and associated metrics. The research analyze LEA_core.c and LEA.cpp, highlighting differences in code quality and complexity. And metrics such as LOC, NOM, NOA, CYCLO, MAXNESTING, and FANOUT are used to assess size, complexity, coupling, encapsulation, inheritance, and cohesion. In the result of research, LEA_core.c is found to be more complex and challenging to maintain compared to LEA.cpp. In future work, we will develop automated tools for real-time code smell detection and refactoring suggestions

• International Journal of Internet, Broadcasting and Communication
• /
• v.16 no.3
• /
• pp.184-191
• /
• 2024

The focus of this paper is secure code development and maintenance. When it comes to safe code, it is most important to consider code readability and maintainability. This is because complex code has a code smell, that is, a structural problem that complicates code understanding and modification. In this paper, the goal is to improve code quality by detecting and removing smells existing in code. We target the encryption and decryption code SEED.c and evaluate the quality level of the code using several metrics such as lines of code (LOC), number of methods (NOM), number of attributes (NOA), cyclo, and maximum nesting level. We improved the quality of SEED.c through systematic detection and refactoring of code smells. Studies have shown that refactoring processes such as splitting long methods, modularizing large classes, reducing redundant code, and simplifying long parameter lists improve code quality. Through this study, we found that encryption code requires refactoring measures to maintain code security.

• Journal of Information Processing Systems
• /
• v.16 no.4
• /
• pp.915-934
• /
• 2020

Software refactoring is a process to restructure an existing software code while keeping its external behavior the same. Currently, various refactoring techniques are being used to develop more readable and less complex codes by improving the non-functional attributes of software. Refactoring can further improve code maintainability by applying various techniques to the source code, which in turn preserves the behavior of code. Refactoring facilitates bug removal and extends the capabilities of the program. In this paper, an exhaustive review is conducted regarding bad smells present in source code, applications of specific refactoring methods to remove that bad smell and its effect on software quality. A total of 68 studies belonging to 32 journals, 31 conferences, and 5 other sources that were published between the years 2001 and 2019 were shortlisted. The studies were analyzed based on of bad smells identified, refactoring techniques used, and their effects on software metrics. We found that "long method", "feature envy", and "data class" bad smells were identified or corrected in the majority of studies. "Feature envy" smell was detected in 36.66% of the total shortlisted studies. Extract class refactoring approach was used in 38.77% of the total studies, followed by the move method and extract method techniques that were used in 34.69% and 30.61% of the total studies, respectively. The effects of refactoring on complexity and coupling metrics of software were also analyzed in the majority of studies, i.e., 29 studies each. Interestingly, the majority of selected studies (41%) used large open source datasets written in Java language instead of proprietary software. At the end, this study provides future guidelines for conducting research in the field of code refactoring.

• Journal of Applied Reliability
• /
• v.16 no.1
• /
• pp.48-55
• /
• 2016

Purpose: The purpose of this study is to identify the object-oriented metrics which have strong impact on the reliability and fault-proneness of software products. The reliability and fault-proneness of software product is closely related to the design properties of class diagrams such as coupling between objects and depth of inheritance tree. Methods: This study has empirically validated the object-oriented metrics to determine which metrics are the best to predict fault-proneness. We have tested the metrics using logistic regressions and artificial neural networks. The results are then compared and validated by ROC curves. Results: The artificial neural network models show better results in sensitivity, specificity and correctness than logistic regression models. Among object-oriented metrics, several metrics can estimate the fault-proneness better. The metrics are CBO (coupling between objects), DIT (depth of inheritance), LCOM (lack of cohesive methods), RFC (response for class). In addition to the object-oriented metrics, LOC (lines of code) metric has also proven to be a good factor for determining fault-proneness of software products. Conclusion: In order to develop fault-free and reliable software products on time and within budget, assuring quality of initial phases of software development processes is crucial. Since object-oriented metrics can be measured in the early phases, it is important to make sure the key metrics of software design as good as possible.

• 한국IT서비스학회:학술대회논문집
• /
• 2002.11a
• /
• pp.203-208
• /
• 2002

$RESORT^{TM}$ 품질 솔루션은 Java 언어로 작성된 소프트웨어로부터 품질을 측정하고 평가하기 위한 자바 품질 메트릭스 자동화 도구로서 $RESORT^{TM}-Java$ 제품군 중 하나이다. 본 논문에서는 System/Package/Class 단위로 Java Code의 Product Metrics등을 측정하여 소프트웨어 품질을 평가하는데 사용되는 도구들을 기술한다. 이 도구들은 5 종류의 소프트웨어 메트릭스 솔루션을 제공한다: OO Metrics, Package Metrics, Halstead Metrics, Quality Metrics, System Level Metrics. 소프트웨어 메트릭스는 전체 개발 비용의 60% 이상을 차지하는 유지보수의 비용을 줄이고, 고품질의 소프트웨어를 개발하기 위해서 반드시 필요하다. 또한, 소프트웨어의 생산성을 높일 수 있을 뿐 아니라 신뢰성 향상, 그리고 유지보수에 대한 효율성을 향상시킬 수 있다.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.6
• /
• pp.79-86
• /
• 2009

In this paper, it has the performance metrics and the utility evaluation of the collusion codes about multimedia fingerprinting code based on BIBD and then the tracing algorithm of all colluders is proposed. Among the collusion codes, the bit stream of "all 0" or "all 1" are generated, also same collusion code and bit reversed code with user's fingerprinting code are generated. Thus there was occurred some problems, in which a colluder is deciding to anti-colluder or anti-colluder is deciding to colluder. In this paper, for the performance metrics and the utility evaluation of the collude codes, the experiment onto the total solution is processed by the logical collusion operation added with a partially processed averaging attack in the past papers. The proposed performance metrics and the utility evaluation about the collusion code generated from multimedia fingerprinting code based on BIBD is operated. Through the experiment, it confirmed that the ratio of colluder tracing is 100%.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.79-86
• /
• 2016

Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.8
• /
• pp.65-75
• /
• 2016

In this paper, we present a novel approach to help MSR researchers obtain necessary data with a tool, termed General Purpose Extractor for Source code (GPES). GPES has a single function extracts high-quality data, e.g., the version history, abstract syntax tree (AST), changed code diff, and software quality metrics. Moreover, features such as an AST of other languages or new software metrics can be extended easily given that GPES has a flexible data model and a component-based design. We conducted several case studies to evaluate the usefulness and effectiveness of our tool. Case studies show that researchers can reduce the overall cost of data analysis by transforming the data into the required formats.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.4 no.4
• /
• pp.346-351
• /
• 2003

In spite of the size and complexity of software becomes large and complicated, the demand of rapid development, cost reduction, good productivity and good quality software is increasing in these days. Many methods were proposed for efficient software development such as various Case tools. Metrics, Process improvement model (CMM, SPICE, ISO9000) and etc. However, most of them we useful to manage the whole projects rather than an individual programming. In this paper, we introduced a system for quality assessment and complexity metrics for Java programs to assess the individual programmer's quality rather than team's quality. This system shows not only the metrics value for quality assessment but also the source code and the soucture of classes simultaneously.