Multitask defect prediction

Ni, Chuanfa; Chen, Xiang; Xia, Xin; Gu, Qing; Zhao, Yingquan

doi:10.1002/smr.2203

Cited by 7 publications

(1 citation statement)

References 69 publications

(122 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the SVP process analysis, it is not hard to find that this research topic is mainly motivated by SDP [4,[11][12][13][14][15][16][17]. Vulnerabilities and defects have a certain similarity [2].…”

Section: Background Of Svpmentioning

confidence: 99%

Empirical studies on the impact of filter‐based ranking feature selection on security vulnerability prediction

et al. 2020

Self Cite

View full text Add to dashboard Cite

Security vulnerability prediction (SVP) can construct models to identify potentially vulnerable program modules via machine learning. Two kinds of features from different points of view are used to measure the extracted modules in previous studies. One kind considers traditional software metrics as features, and the other kind uses text mining to extract term vectors as features. Therefore, gathered SVP data sets often have numerous features and result in the curse of dimensionality. In this article, we mainly investigate the impact of filter-based ranking feature selection (FRFS) methods on SVP, since other types of feature selection methods have too much computational cost. In empirical studies, we first consider three real-world large-scale web applications. Then we consider seven methods from three FRFS categories for FRFS and use a random forest classifier to construct SVP models. Final results show that given the similar code inspection cost, using FRFS can improve the performance of SVP when compared with state-of-the-art baselines. Moreover, we use McNemar's test to perform diversity analysis on identified vulnerable modules by using different FRFS methods, and we are surprised to find that almost all the FRFS methods can identify similar vulnerable modules via diversity analysis.This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

Section: Background Of Svpmentioning

confidence: 99%

Empirical studies on the impact of filter‐based ranking feature selection on security vulnerability prediction

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

Two sides of the same coin: A study on developers' perception of defects

Santos,

Muzetti,

Figueiredo

2024

J Software Evolu Process

View full text Add to dashboard Cite

SummarySoftware defect prediction is a subject of study involving the interplay of software engineering and machine learning. The current literature proposed numerous machine learning models to predict software defects from software data, such as commits and code metrics. Further, the most recent literature employs explainability techniques to understand why machine learning models made such predictions (i.e., predicting the likelihood of a defect). As a result, developers are expected to reason on the software features that may relate to defects in the source code. However, little is known about the developers' perception of these machine learning models and their explanations. To explore this issue, we focus on a survey with experienced developers to understand how they evaluate each quality attribute for the defect prediction. We chose the developers based on their contributions at GitHub, where they contributed to at least 10 repositories in the past 2 years. The results show that developers tend to evaluate code complexity as the most important quality attribute to avoid defects compared with the other target attributes such as source code size, coupling, and documentation. At the end, a thematic analysis reveals that developers evaluate testing the code as a relevant aspect not covered by the static software features. We conclude that, qualitatively, there exists a misalignment between developers' perceptions and the outputs of machine learning models. For instance, while machine learning models assign high importance to documentation, developers often overlook documentation and prioritize assessing the complexity of the code instead.

show abstract