• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.921-932
• /
• 2015

We proposed a new scoring system on software vulnerabilities, which calculates quantitatively the severity of software vulnerabilities. The proposed scoring system consists of metrics for vulnerability severity and scoring equations; the metrics are designed to measure the severity of a software vulnerability considering the prevalence of the vulnerability, the risk level of the vulnerability, the domestic market share of the software and the frequency of the software. We applied the proposed scoring system to domestically reported software vulnerabilities, and discussed the effectiveness of the scoring system, comparing it with CVSS and CWSS. We also suggested the prospective utilization areas of the proposed scoring system.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.47-52
• /
• 2005

In this paper we describe SLA metrics and software architecture for newly upcoming IP TV service. Firstly we show the general description for IP TV. This consists of brief description of IP TV, the general figure of configuration and elements of IP TV network and communication protocol stack of IP TV data transmission for deriving communication quality parameter. And we propose SLA metrics depending on quality measurement point. According to the measurement point the measurable SLA metrics are different. The total view of the IP TV SLA measurement and management architecture is shown. When the quality measurement point is the routers that consist of internet node, the IP media NMS is the quality collection system. And when the quality measurement point is the IP TV STB(Set-Top Box), the IP media collector and Quality Collection Server are the quality collection system. And we show the software block diagram of IP TV SLA processing system and the other related network management systems.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10b
• /
• pp.241-243
• /
• 2003

소프트웨어 프로젝트가 더욱 다양화되고 복잡화 되면서 성공적인 프로젝트 수행을 위해서는 프로세스 개선활동이 필수적이라는 인식이 급속히 확산되고 있다. 성공적인 프로세스 개선을 위해서는 프로세스 개선활동을 지원하기 위한 측정활동이 병행되어야 한다. 그러나 실무에서는 측정지표(Metrics)를 활용하는 것에 많은 어려움을 갖고 있는 것이 현실이다. 따라서 본 논문에서는 정량적인 프로세스 및 프로젝트 관리를 위한 효과적인 측정지표 및 활용방안을 수립함으로써 측정활동 체계를 확립하고 실무에 적용할 수 있도록 가이드 하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.8
• /
• pp.65-75
• /
• 2016

In this paper, we present a novel approach to help MSR researchers obtain necessary data with a tool, termed General Purpose Extractor for Source code (GPES). GPES has a single function extracts high-quality data, e.g., the version history, abstract syntax tree (AST), changed code diff, and software quality metrics. Moreover, features such as an AST of other languages or new software metrics can be extended easily given that GPES has a flexible data model and a component-based design. We conducted several case studies to evaluate the usefulness and effectiveness of our tool. Case studies show that researchers can reduce the overall cost of data analysis by transforming the data into the required formats.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.33-39
• /
• 2024

In a previous study we proceeded to the remodularization architecture based on classes and packages using the Formal Concept Analysis (FCA)[13] [14] [30]. we then got two possible remodularized architectures and we explored the issue of redistributing classes of a package to other packages, we used an approach based on Oriented Graph to determine the packages that receive the redistributed classes and we evaluated the quality of a remodularized software architecture by metrics [31] [28] [29]. In this paper, we will address the issue of the efficiency of the Oriented Graph in the remodularization of software architectures compared to the Formal Concept Analysis FCA method. The formal method of FCA concept is not popularized among scientists as opposed to the use of the labeled directed graph. It is for this reason that our directed graph approach is more effective in its simplicity and popularity.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.284-296
• /
• 2021

Quality Models are important element of the software industry to develop and implement the best quality product in the market. This type of model provides aid in describing quality measures, which directly enhance the user satisfaction and software quality. In software development, the inheritance technique is an important mechanism used in object-oriented programming that allows the developers to define new classes having all the properties of super class. This technique supports the hierarchy design for classes and makes an "is-a" association among the super and subclasses. This paper describes a standard procedure for validating the inheritance metric in Quality Model for Object-Oriented Design (QMOOD) by using a set of nine properties established by Weyuker. These properties commonly using for investigating the effectiveness of the metric. The integration of two measuring methods (i.e. QMOOD and Weyuker) will provide new way for evaluating the software quality based on the inheritance context. The output of this research shows the extent of satisfaction of the inheritance metric in QMOOD against Weyuker nine properties. Further results proved that Weyker's property number nine could not fulfilled by any inheritance metrics. This research introduces a way for measuring software that developed using object-oriented approach. The theoretical validation of the inheritance metric presented in this paper is a small step taken towards producing quality software and in providing assistance to the software industry.

• The Journal of Information Technology and Database
• /
• v.3 no.2
• /
• pp.97-118
• /
• 1996

Information systems quality engineering is one of the most problematic areas in practice and research, and needs cooperative efforts between practice and theory [Glass, 1996]. A model for evaluating the quality of system development process and ensuing success is proposed based on information processing theory of project unit design. A nomological net among a set of quality variables is identified from prior research in the areas of organization science, software engineering, and management information systems. More specifically, system development success was modelled as a function of project complexity, system development modelling environment, user participation, project unit structure, resource availability, and the level of iterative nature of development methodology. Based on the model developed from the information processing theory of project unit design in organization science. appropriate quality metrics for each variable in the proposed model are matched. In this way, a framework of relevant systems development and success quality metrics for controlling systems development processes and ensuing success is proposed. The causal relationships among the constructs in the proposed model are proposed as future empirical research for academicians and as managerial tools for quality managers. The framework and propositions help quality manager to select more parsimonious quality metrics for controlling information systems development processes and project success in an integrated way. Also this model can be utilized for evaluating software quality assurance programmes, which are developed and marketed by many vendors.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.79-86
• /
• 2016

Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.

• The KIPS Transactions:PartD
• /
• v.8D no.3
• /
• pp.247-256
• /
• 2001

Software is developing toward having more large scale and many functions day by day. Also, user’s requirements level for software is being high, especially, requirements for software quality is being high continuously. Methods which can satisfy such User’s requirements is being studied in various viewpoint. First of all, study about quality evaluation system and methodology is energetically in progress in viewpoint to improve quality of software by feed-back software quality evaluation result to developers. In this paper, we define metrics according to a system and developed quality measurement tables according to internal characteristics system of quality characteristics, subcharacteritics, internal characteristics for reliability between quality characteristics of international standard, ISO/IEC 9126 about software quality. And we propose evaluation results about development products using internal characteristics.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.751-770
• /
• 2018

Web applications are indispensable in the software industry and continuously evolve either meeting a newer criteria and/or including new functionalities. However, despite assuring quality via testing, what hinders a straightforward development is the presence of defects. Several factors contribute to defects and are often minimized at high expense in terms of man-hours. Thus, detection of fault proneness in early phases of software development is important. Therefore, a fault prediction model for identifying fault-prone classes in a web application is highly desired. In this work, we compare 14 machine learning techniques to analyse the relationship between object oriented metrics and fault prediction in web applications. The study is carried out using various releases of Apache Click and Apache Rave datasets. En-route to the predictive analysis, the input basis set for each release is first optimized using filter based correlation feature selection (CFS) method. It is found that the LCOM3, WMC, NPM and DAM metrics are the most significant predictors. The statistical analysis of these metrics also finds good conformity with the CFS evaluation and affirms the role of these metrics in the defect prediction of web applications. The overall predictive ability of different fault prediction models is first ranked using Friedman technique and then statistically compared using Nemenyi post-hoc analysis. The results not only upholds the predictive capability of machine learning models for faulty classes using web applications, but also finds that ensemble algorithms are most appropriate for defect prediction in Apache datasets. Further, we also derive a consensus between the metrics selected by the CFS technique and the statistical analysis of the datasets.