DOCSLIB.ORG

A Validation of Cognitive Complexity As a Measure of Source Code Understandability

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Institute of Software Technology University of Stuttgart Universitätsstraße 38 D–70569 Stuttgart Bachelorarbeit A Validation of Cognitive Complexity as a Measure of Source Code Understandability Marvin Muñoz Barón Course of Study: Softwaretechnik Examiner: Prof. Dr. Stefan Wagner Supervisor: Marvin Wyrich, M.Sc. Commenced: April 30, 2019 Completed: October 30, 2019 Abstract Understanding source code is an integral part of the software development process. There have been numerous attempts to describe source code metrics that correlate with understandability, but few are empirically evaluated and those that are, show no meaningful support for their purpose. A recent effort is cognitive complexity, a measure specifically described as a metric for understand- ability. The primary goal of this study was to find evidence towards determining the validity of cognitive complexity as a measure of source code understandability. To achieve this, we planned and executed a systematic literature search to find source code snippets that were evaluated in terms of understandability in previous studies. The cognitive complexity of these snippets was then correlated with the measures of understandability used in the studies. The literature search identified data from 14 studies spanning over 324 code snippets and approximately 24,400 individual human evaluations, which were used in the correlation analysis. The results show that for most of the measures from existing studies, cognitive complexity significantly correlates with source code understandability. The mean of the significant correlations was 0.654 for comprehension time and 0.411 for subjective ratings of understandability, readability, and confidence by the study participants. The correlation with the correctness of the comprehension tasks showed mixed results, with some significant positive and some significant negative correlations. Overall, the evidence gathered in this study shows significant support for the validity of cognitive complexity. As faras we know, cognitive complexity is the first solely code-based metric that correlates with source code understandability in a meaningful way. 3 Contents 1 Introduction 15 1.1 Source Code Understandability .......................... 15 1.1.1 Definitions ................................. 16 1.1.2 Measuring Understandability ........................ 17 1.1.3 Related Work ................................ 18 1.2 Cognitive Complexity ............................... 19 2 Methods 23 2.1 Systematic Literature Search ........................... 23 2.1.1 Search Strategy ............................... 24 2.1.2 Search Methods ............................... 27 2.1.3 Search Results ............................... 32 2.2 Data Analysis ................................... 39 2.2.1 Preparation ................................. 39 2.2.2 Correlation ................................. 41 3 Results 43 3.1 Time ........................................ 45 3.2 Correctness .................................... 46 3.3 Ratings ....................................... 47 3.4 Physiological Factors ............................... 48 3.5 Other Variables .................................. 49 4 Discussion 51 4.1 Systematic Literature Search ........................... 51 4.2 Findings ...................................... 51 4.3 Threats to Validity ................................. 53 5 Conclusion 55 Bibliography 57 5 List of Figures 1.1 Understandability and related attributes as described by Boehm et al. [BBL76] .. 16 2.1 Summarized overview of the literature search process ............... 25 2.2 Google Scholar search process ........................... 28 2.3 ACM Digital Library search process ........................ 29 2.4 IEEE Xplore search process ............................ 30 2.5 Elsevier ScienceDirect search process ....................... 30 2.6 Flowchart with the general search process steps and the corresponding data artifacts 31 2.7 Sankey diagram showing the results of the literature search ............ 33 2.8 Sankey diagram showing the results of snowballing ................ 33 2.9 Pie chart showing the type of comprehension task used in the studies ....... 34 2.10 Pie chart with the programming languages used in the studies ........... 35 2.11 Histogram showing the number of published understandability studies by year .. 35 2.12 Area chart showing the types of measures used in studies over time ........ 36 2.13 Histogram showing the programming languages used in studies over time .... 36 2.14 Point chart showing the aggregation of understandability values .......... 41 3.1 Interpreted Pearson correlation for time ...................... 45 3.2 Interpreted Spearman correlation for time ..................... 45 3.3 Interpreted Pearson correlation for correctness ................... 46 3.4 Interpreted Spearman correlation for correctness .................. 46 3.5 Interpreted Pearson correlation for ratings ..................... 47 3.6 Interpreted Spearman correlation for ratings .................... 47 3.7 Interpreted Pearson correlation for physiological factors .............. 48 3.8 Interpreted Spearman correlation for physiological factors ............. 48 3.9 Interpreted Pearson correlation for other variables ................. 49 3.10 Interpreted Spearman correlation for other variables ................ 49 7 List of Tables 2.1 Data sources included in the literature search and their URLs ........... 25 2.2 Inclusion and exclusion criteria ........................... 26 2.3 Data points for extraction from literature search results .............. 27 2.4 Relevant studies as identified by the literature search ................ 37 2.5 Data sets extracted from relevant studies ...................... 38 3.1 Descriptive measures of cognitive complexity for each of the data sets ...... 43 3.2 Raw correlation results for comprehension time. (*p<.05) ............. 45 3.3 Raw correlation results for correctness. (*p<.05) ................. 46 3.4 Raw correlation results for subjective ratings. (*p<.05) .............. 47 3.5 Raw correlation results for physiological measures. (*p<.05) ........... 48 3.6 Raw correlation results for other variables. (*p<.05) ................ 49 9 List of Code Snippets 1.1 Java greeting example with cyclomatic complexity calculation .......... 19 1.2 Sum of primes example ............................... 21 1.3 Get words example ................................. 21 2.1 Unaltered code snippet ............................... 40 2.2 Modified code snippet ................................ 40 2.3 SAV data conversion using R ............................ 41 11 Acronyms ACM Association for Computer Machinery. 26 DID data set identifier. 37 EDA electrodermal. 18 EEG electroencephalogram. 18 EiPE explain in plain English. 18 fMRI functional magnetic resonance imaging. 17 IEEE Institute of Electrical and Electronics Engineers. 26 LOC lines of code. 19 MCC McCabe’s Cyclomatic Complexity. 19 PL programming language. 37 PNo number of participants. 37 SNo number of code snippets. 37 13 1 Introduction Ever since the first computer programs were written, understanding what the purpose of asnippet of source code is has been an integral part of software development. Thirty years ago, program understanding was called the challenge for the 1990s [Cor89]. But even nowadays professional devel- opers spend more than 55% of their time on activities related to program comprehension [MML15; XBL+18]. Through static code analysis and code-oriented software measures, developers always seek to optimize ways to read and work with source code. Numerous metrics exist to assess software quality but none seem to significantly correlate with code understandability [FALK11; SBV+19]. A recent effort to find this missing link between software measures and understandability isthe newly introduced cognitive complexity measure, described by Campbell et al. as a metric for understandability [Cam18]. The goal of this work is to evaluate whether cognitive complexity correlates with measures for understandability from existing studies. Through a systematic literature search, code snippets of which the understandability was previously measured, were identified. Cognitive complexity was then calculated for these snippets and their values were correlated with the measured variables for understandability. To summarize, the main contributions of this work are: • The planning, execution, and results of a systematic literature search for studies that measure program comprehension from a human developer’s point of view. • A comprehensive analysis of cognitive complexity as a measure of source code understand- ability. To this end, 14 studies spanning over 324 code snippets and approximately 24,400 individual human evaluations were used to investigate the correlation of cognitive complexity with measures for understandability. Structure: This report is organized as follows. Chapter 1 introduces the core concepts of source code understandability, gives an overview of related works in the field, and describes the core metric of this work, cognitive complexity. In Chapter 2, the methodology of the literature search and correlation analysis is presented. Chapter 3 shows the results of the correlation analysis. A detailed discussion of these results and an explanation of any threats to the validity to this work follows in Chapter 4. Finally, Chapter 5 summarizes the contents of the thesis, provides a conclusion and directions for future research. 1.1 Source Code Understandability There have
Recommended publications
  • Disjunctions of Conjunctions, Cognitive Simplicity and Consideration Sets by John R

    Disjunctions of Conjunctions, Cognitive Simplicity and Consideration Sets by John R

    Disjunctions of Conjunctions, Cognitive Simplicity and Consideration Sets by John R. Hauser Olivier Toubia Theodoros Evgeniou Rene Befurt Daria Silinskaia February 2009. Forthcoming Journal of Marketing Research, 2009. John R. Hauser is the Kirin Professor of Marketing, MIT Sloan School of Management, Massa- chusetts Institute of Technology, E40-179, One Amherst Street, Cambridge, MA 02142, (617) 253-2929, fax (617) 253-7597, [email protected]. Olivier Toubia is the David W. Zalaznick Associate Professor of Business, Columbia Business School, Columbia University, 522 Uris Hall, 3022 Broadway, New York, NY, 10027, (212) 854- 8243, [email protected]. Theodoros Evgeniou is an Associate Professor of Decision Sciences and Technology Manage- ment, INSEAD, Boulevard de Constance 77300, Fontainebleau, FR, (33) 1 60 72 45 46, theo- [email protected]. Rene Befurt is at the Analysis Group, 111 Huntington Avenue, Tenth Floor, Boston, MA 02199, 617-425-8283, [email protected]. Daria Silinskaia is a doctoral student at the MIT Sloan School of Management, Massachusetts Institute of Technology, E40-170, One Amherst Street, Cambridge, MA 02142, (617) 253-2268, [email protected]. We would like to thank Daniel Bailiff (AMS), Simon Blanchard (PSU), Robert Bordley (GM), Anja Dieckmann (GfK), Holger Dietrich (GfK), Min Ding (PSU), Steven Gaskin (AMS), Patricia Hawkins (GM), Phillip Keenan (GM), Clarence Lee (MIT), Carl Mela (Duke), Andy Norton (GM), Daniel Roesch (GM), Matt Seleve (MIT), Glen Urban (MIT), Limor Weisberg and Kaifu Zhang (INSEAD) for their insights, inspiration, and help on this project. This paper has benefited from presentations at the Analysis Group Boston, the Columbia Business School, Digital Business Conference at MIT, Duke University, General Motors, the London Business School, Northeastern University, the Marketing Science Conference in Vancouver, B.C., and the Seventh Triennial Choice Symposium at the University of Pennsylvania.
  • Write Your Own Rules and Enforce Them Continuously

    Write Your Own Rules and Enforce Them Continuously

    Ultimate Architecture Enforcement Write Your Own Rules and Enforce Them Continuously SATURN May 2017 Paulo Merson Brazilian Federal Court of Accounts Agenda Architecture conformance Custom checks lab Sonarqube Custom checks at TCU Lessons learned 2 Exercise 0 – setup Open www.dontpad.com/saturn17 Follow the steps for “Exercise 0” Pre-requisites for all exercises: • JDK 1.7+ • Java IDE of your choice • maven 3 Consequences of lack of conformance Lower maintainability, mainly because of undesired dependencies • Code becomes brittle, hard to understand and change Possible negative effect • on reliability, portability, performance, interoperability, security, and other qualities • caused by deviation from design decisions that addressed these quality requirements 4 Factors that influence architecture conformance How effective the architecture documentation is Turnover among developers Haste to fix bugs or implement features Size of the system Distributed teams (outsourcing, offshoring) Accountability for violating design constraints 5 How to avoid code and architecture disparity? 1) Communicate the architecture to developers • Create multiple views • Structural diagrams + behavior diagrams • Capture rationale Not the focus of this tutorial 6 How to avoid code and architecture disparity? 2) Automate architecture conformance analysis • Often done with static analysis tools 7 Built-in checks and custom checks Static analysis tools come with many built-in checks • They are useful to spot bugs and improve your overall code quality • But they’re
  • Exploring Message-Induced Ambivalence and Its Correlates

    Exploring Message-Induced Ambivalence and Its Correlates

    Exploring Message-Induced Ambivalence and Its Correlates: A Focus on Message Environment, Issue Salience, and Framing Dissertation Presented in Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the Graduate School of The Ohio State University By Jay D. Hmielowski, M.A. Graduate Program in Communication The Ohio State University 2011 Dissertation Committee: Dave Ewoldsen R. Kelly Garrett R. Lance Holbert (Chair) Erik Nisbet 0 Copyright By Jay D. Hmielowski 2011 1 Abstract Scholars across the social sciences (psychology and political science) have recently started to broaden the approach to concept of attitudes. These scholars have focused on the concept of attitudinal ambivalence, which is defined as people holding both positive and negative attitudes toward attitude objects. However, communication scholars have generally ignored this concept. Recently, communication scholars have emphasized the importance of looking at the complementary effects of consuming divergent messages on people‘s attitudes and beliefs. Although studies have started to look at the complementary effects of media, it is necessary to examine the relationship between the complexity of a person‘s communication environment and the complexity of their attitudes. Therefore, this study begins the process connecting the complexity of people‘s communication environment and the complexity of their attitude structures. The major goal of this dissertation is to look at the generation of ambivalence by looking at four important factors: a) the relationship between specific media outlets relative to the generation of potential ambivalence, b) how different individual difference variables moderate the relationship between different media outlets and the generation of ambivalence, c) pinpointing the message variables that may lead people to the generation of ambivalence, and d) how media, ambivalence fit into a larger communication process focused on different political outcome variables.
  • Empirical Study of Vulnerability Scanning Tools for Javascript Work in Progress

    Empirical Study of Vulnerability Scanning Tools for Javascript Work in Progress

    Empirical Study of Vulnerability Scanning Tools for JavaScript Work In Progress Tiago Brito, Nuno Santos, José Fragoso INESC-ID Lisbon 2020 Tiago Brito, GSD Meeting - 30/07/2020 Purpose of this WIP presentation ● Current work is to be submitted this year ● Goal: gather feedback on work so far ● Focus on presenting the approach and preliminary results Tiago Brito, GSD Meeting - 30/07/2020 2 Motivation ● JavaScript is hugely popular for web development ○ For both client and server-side (NodeJS) development ● There are many critical vulnerabilities reported for software developed using NodeJS ○ Remote Code Executions (Staicu NDSS’18) ○ Denial of Service (Staicu Sec’18) ○ Small number of packages, big impact (Zimmermann Sec’19) ● Developers need tools to help them detect problems ○ They are pressured to focus on delivering features Tiago Brito, GSD Meeting - 30/07/2020 3 Problem Previous work focused on: ● Tools for vulnerability analysis in Java or PHP code (e.g. Alhuzali Sec’18) ● Studying very specific vulnerabilities in Server-side JavaScript ○ ReDos, Command Injections (Staicu NDSS’18 and Staicu Sec’18) ● Studying vulnerability reports on the NodeJS ecosystem (Zimmermann Sec’19) So, it is still unknown which, and how many, of these tools can effectively detect vulnerabilities in modern JavaScript. Tiago Brito, GSD Meeting - 30/07/2020 4 Goal Our goal is to assess the effectiveness of state-of-the-art vulnerability detection tools for JavaScript code by performing a comprehensive empirical study. Tiago Brito, GSD Meeting - 30/07/2020 5 Research Questions 1. [Tools] Which tools exist for JavaScript vulnerability detection? 2. [Approach] What’s the approach these tools use and their main challenges for detecting vulnerabilities? 3.
  • New Frameworks for Evaluating Cognitive Complexity

    New Frameworks for Evaluating Cognitive Complexity

    NEWA FRAMEWORK FORFRAMEWORKS APPROACHING COGNITIVE DEMAND ON STUDENTFOR THINKING EVALUATING IN SCIENCE ASSESSMENT SYSTEMS COGNITIVE COMPLEXITY Frameworks for educators evaluating the cognitive complexity of assessment items in mathematics, science, and reading Throughout the country, state assessments in reading, mathematics, and science continue to play important roles in instructional improvement and accountability. State assessments must align to academic standards that are significantly more challenging than previous standards, reflecting the current knowledge and skill demands of postsecondary education and careers. They require a deeper understanding of subject matter, the ability to read more complex texts and materials, and the development and application of essential skills for collaboration, communication, inquiry, and problem solving. In short, new academic standards demand a more complex set of cognitive skills. Consequently, assessing student performance in these subjects is challenging and requires different kinds of assessments and assessment items. All statewide summative assessments must now require a range of cognitive demand. As Achieve has helped states design, develop, and evaluate state assessments, we’ve seen firsthand the challenge of assessing cognitively complex skills. Attempting to understand the cognitive complexity of assessment items is not new, but traditional frameworks now fall short because many are broad and content- agnostic. As new standards across all three content areas have become more reflective of the actual work students must do in each content area, understanding the cognitive complexity of the tasks that students complete requires content-specific frameworks. Achieve has developed three new frameworks - one each for mathematics, reading, and science - that can be used to evaluate the cognitive complexity of assessment tasks.
  • Cognitive Complexity and the Structure of Musical Patterns

    Cognitive Complexity and the Structure of Musical Patterns

    1 Cognitive complexity and the structure of musical patterns Jeffrey Pressing Department of Psychology University of Melbourne Parkville, Victoria Australia 3052 [email protected] Introduction Patterns are fundamental to all cognition. Whether inferred from sensory input or constructed to guide motor actions, they betray order: some are simple, others are more complex. Apparently, we can erect a simplicity-complexity dimension along which such patterns may be placed or ranked. Furthermore, we may be able to place the sources of patterns—such things as mental models, neural modules, growth processes, and learning techniques—along a parallel simplicity-complexity dimension. Are there psychological forces pushing us along this dimension? Seemingly so. The drive to simplify and regularize is seen in familiar Gestalt ideas of pattern goodness and Prägnanz, which hold in many situations. The drive towards complexity can be seen in the accretional processes of individual development, or the incremental sophistication of many cultural behaviours such as systems of musical design (e.g. musical harmonies in mid to late 19th century Europe), or new scientific methodologies (e.g. increasing sophistication in brain imaging techniques). Quite beyond this, the handling of complexity is a central issue in human skill and learning, providing the drive to efficiency in resource-limited processes like memory, attention, or multi-tasking. It has parallel implications in systems engineering, organization management or adaptive neural network design problems. In these cases, complexity is something to be circumscribed by various information- management strategies while functional performance specifications are maintained. Yet another picture of complexity is as an emergent property, one embodying sophisticated implicit order springing up as a cumulative consequence of simple, typically iterative nonlinear processes operating in certain ranges of their control parameters.
  • Introduction to Political Psychology

    Introduction to Political Psychology

    INTRODUCTION TO POLITICAL PSYCHOLOGY This comprehensive, user-friendly textbook on political psychology explores the psychological origins of political behavior. The authors introduce read- ers to a broad range of theories, concepts, and case studies of political activ- ity. The book also examines patterns of political behavior in such areas as leadership, group behavior, voting, race, nationalism, terrorism, and war. It explores some of the most horrific things people do to each other, as well as how to prevent and resolve conflict—and how to recover from it. This volume contains numerous features to enhance understanding, includ- ing text boxes highlighting current and historical events to help students make connections between the world around them and the concepts they are learning. Different research methodologies used in the discipline are employed, such as experimentation and content analysis. This third edition of the book has two new chapters on media and social movements. This accessible and engaging textbook is suitable as a primary text for upper- level courses in political psychology, political behavior, and related fields, including policymaking. Martha L. Cottam (Ph.D., UCLA) is a Professor of Political Science at Washington State University. She specializes in political psychology, inter- national politics, and intercommunal conflict. She has published books and articles on US foreign policy, decision making, nationalism, and Latin American politics. Elena Mastors (Ph.D., Washington State University) is Vice President and Dean of Applied Research at the American Public University System. Prior to that, she was an Associate Professor at the Naval War College and held senior intelligence and policy positions in the Department of Defense.
  • Jeffrey O. Nuckols, the IMPACT of COGNITIVE COMPLEXITY on IMPRESSION MANAGEMENT (Under the Direction of Dr

    Jeffrey O. Nuckols, the IMPACT of COGNITIVE COMPLEXITY on IMPRESSION MANAGEMENT (Under the Direction of Dr

    Jeffrey O. Nuckols, THE IMPACT OF COGNITIVE COMPLEXITY ON IMPRESSION MANAGEMENT (Under the direction of Dr. Jennifer Bowler) Department of Psychology, July 2014 This study seeks to add to the knowledge of cognitive complexity by examining its relationship with impression management and social desirability. In light of past studies a positive relationship between cognitive complexity and impression management was expected. This predicted relationship was found to exist, thereby increasing knowledge of the construct of cognitive complexity. Furthermore, relationships between cognitive complexity, social desirability, and impression management were expected, with social desirability moderating the relationship between cognitive complexity and social desirability. The results of this study did not support the hypothesized relationships involving social desirability; in fact, the results ran counter to those predicted. However, these findings raise interesting questions for future research. Both the expected findings and those which were unexpected add to the body of knowledge about cognitive complexity and point to the need for continued research on this topic. The Impact of Cognitive Complexity on Impression Management A Thesis Presented To The Faculty of the Department of Psychology East Carolina University In Partial Fulfillment of the Requirements for the Degree Master of Arts in Psychology with a Concentration in Industrial and Organizational Psychology by Jeffrey O. Nuckols July, 2014 ©Copyright 2014 Jeffrey O. Nuckols The Impact of Cognitive Complexity on Impression Management by Jeffrey O. Nuckols APPROVED BY: DIRECTOR OF DISSERTATION/THESIS: _______________________________________________________ Jennifer L. Bowler, PhD COMMITTEE MEMBER: _______________________________________________________ Karl L. Wuensch, PhD COMMITTEE MEMBER: _______________________________________________________ Shahnaz Aziz, PhD CHAIR OF THE DEPARTMENT OF PSYCHOLOGY: ____________________________________________________________ Susan L.
  • Guidelines on Minimum Standards for Developer Verification of Software

    Guidelines on Minimum Standards for Developer Verification of Software

    Guidelines on Minimum Standards for Developer Verification of Software Paul E. Black Barbara Guttman Vadim Okun Software and Systems Division Information Technology Laboratory July 2021 Abstract Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, 12 May 2021, di- rects the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within 60 days. This document describes eleven recommen- dations for software verification techniques as well as providing supplemental information about the techniques and references for further information. It recommends the following techniques: • Threat modeling to look for design-level security issues • Automated testing for consistency and to minimize human effort • Static code scanning to look for top bugs • Heuristic tools to look for possible hardcoded secrets • Use of built-in checks and protections • “Black box” test cases • Code-based structural test cases • Historical test cases • Fuzzing • Web app scanners, if applicable • Address included code (libraries, packages, services) The document does not address the totality of software verification, but instead recom- mends techniques that are broadly applicable and form the minimum standards. The document was developed by NIST in consultation with the National Security Agency. Additionally, we received input from numerous outside organizations through papers sub- mitted to a NIST workshop on the Executive Order held in early June, 2021 and discussion at the workshop as well as follow up with several of the submitters. Keywords software assurance; verification; testing; static analysis; fuzzing; code review; software security. Disclaimer Any mention of commercial products or reference to commercial organizations is for infor- mation only; it does not imply recommendation or endorsement by NIST, nor is it intended to imply that the products mentioned are necessarily the best available for the purpose.
  • Counselor Cognitions: General and Domain-Specific Complexity. By: Laura E. Welfare and L. Dianne Borders This Is the Pre-Peer Re

    Counselor Cognitions: General and Domain-Specific Complexity. By: Laura E. Welfare and L. Dianne Borders This Is the Pre-Peer Re

    Counselor cognitions: General and domain-specific complexity. By: Laura E. Welfare and L. DiAnne Borders This is the pre-peer reviewed version of the following article: Welfare, L. E., & Borders, L. D. (2010). Counselor cognitions: General and domain-specific complexity. Counselor Education and Supervision, 49(3), 162-178. which has been published in final form at DOI: 10.1002/j.1556-6978.2010.tb00096.x. Abstract: Counselor cognitive complexity is an important factor in counseling efficacy. The Counselor Cognitions Questionnaire (L. E. Welfare, 2006) and the Washington University Sentence Completion Test (J. Loevinger & R. Wessler, 1970) were used to explore the nature of general and domain-specific cognitive complexity. Counseling experience, supervisory experience, counselor education experience, and highest counseling degree completed were identified as significant predictors of counselor cognitive complexity. Implications for counselor education are discussed. Keywords: counseling | counselor cognitive complexity | cognitive complexity | counselor education | counselor assessment. Article: Clients and their clinical issues are often complex, multifaceted, and even contradictory. Counselors must be able to identify and integrate multiple ambiguous pieces of information to gain an accurate understanding of client needs, interpersonal dynamics, and treatment implications. In essence, counselors need to function at high levels of cognitive complexity to address the multiple demands clients present (Blocher, 1983; Stoltenberg, 1981). Theories of cognitive complexity (e.g., Harvey, Hunt, & Schroeder, 1961; Kelly, 1955; Loevinger, 1976) suggest that, on the basis of their training and clinical experiences, counselors create conceptual templates (or constructs) to describe what they observe. These templates are organized into systems that explain the concordant and discordant relationships between and among the templates.
  • Complexity Under Stress: Integrative Approaches to Overdetermined Vulnerabilities

    Complexity Under Stress: Integrative Approaches to Overdetermined Vulnerabilities

    Journal of Strategic Security Volume 9 Number 4 Volume 9, No. 4, Special Issue Winter 2016: Understanding and Article 3 Resolving Complex Strategic Security Issues Complexity Under Stress: Integrative Approaches to Overdetermined Vulnerabilities Patricia Andrews Fearon University of California - Berkeley, [email protected] Eolene M. Boyd-MacMillan University of Cambridge, [email protected] Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 11-31 Recommended Citation Andrews Fearon, Patricia and Boyd-MacMillan, Eolene M.. "Complexity Under Stress: Integrative Approaches to Overdetermined Vulnerabilities." Journal of Strategic Security 9, no. 4 (2016) : 11-31. DOI: http://dx.doi.org/10.5038/1944-0472.9.4.1557 Available at: https://scholarcommons.usf.edu/jss/vol9/iss4/3 This Article is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Complexity Under Stress: Integrative Approaches to Overdetermined Vulnerabilities Abstract Over four decades of cognitive complexity research demonstrate that higher integrative complexity (measured by the ability to differentiate and integrate multiple dimensions or perspectives on an issue) predicts more lasting, peaceful solutions to conflict. Interventions that seek to raise integrative complexity offer a promising approach to preventing various forms of intergroup conflict (e.g. sectarianism, violent extremism). However, these contexts can also be extremely stressful, and dominant theory suggests that cognitive complexity diminishes in the face of high stress. However, we know that this is not always the case, with some findings demonstrating the opposite pattern: increases in complexity under high stress.
  • Efficient Feature Selection for Static Analysis Vulnerability Prediction

    Efficient Feature Selection for Static Analysis Vulnerability Prediction

    sensors Article Efficient Feature Selection for Static Analysis Vulnerability Prediction Katarzyna Filus 1 , Paweł Boryszko 1 , Joanna Doma ´nska 1,* , Miltiadis Siavvas 2 and Erol Gelenbe 1 1 Institute of Theoretical and Applied Informatics, Polish Academy of Sciences, Baltycka 5, 44-100 Gliwice, Poland; kfi[email protected] (K.F.); [email protected] (P.B.); [email protected] (E.G.) 2 Information Technologies Institute, Centre for Research & Technology Hellas, 6th km Harilaou-Thermi, 57001 Thessaloniki, Greece; [email protected] * Correspondence: [email protected] Abstract: Common software vulnerabilities can result in severe security breaches, financial losses, and reputation deterioration and require research effort to improve software security. The acceleration of the software production cycle, limited testing resources, and the lack of security expertise among programmers require the identification of efficient software vulnerability predictors to highlight the system components on which testing should be focused. Although static code analyzers are often used to improve software quality together with machine learning and data mining for software vulnerability prediction, the work regarding the selection and evaluation of different types of relevant vulnerability features is still limited. Thus, in this paper, we examine features generated by SonarQube and CCCC tools, to identify those that can be used for software vulnerability prediction. We investigate the suitability of thirty-three different features to train thirteen distinct machine learning algorithms to design vulnerability predictors and identify the most relevant features that should be used for training. Our evaluation is based on a comprehensive feature selection process based on the correlation analysis of the features, together with four well-known feature selection techniques.