Prioritising Security Tests on Large-Scale and Distributed Software Development Projects by Using Self-organised Maps

  • Marcos AlvaresEmail author
  • Fernando Buarque de Lima Neto
  • Tshilidzi Marwala
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9950)


Large-scale and distributed software development initiatives demand a systematic testing process in order to prevent failures. Significant amount of resources are usually allocated on testing. Like any development and designing task, testing activities have to be prioritised in order to efficiently validate the produced code. By using source code complexity measurement, Computational Intelligence and Image Processing techniques, this research presents a new approach to prioritise testing efforts on large-scale and distributed software projects. The proposed technique was validated by automatically highlighting sensitive code within the Linux device drivers source code base. Our algorithm was able to classify 3, 077 from 35, 091 procedures as critical code to be tested. We argue that the approach is general enough to prioritise test tasks of most critical large-scale and distributed developed software such as: Operating Systems, Enterprise Resource Planning and Content Management systems.


  1. 1.
    Basili, V., Briand, L., Melo, W.: A validation of object-oriented design metrics as quality indicators. IEEE Trans. Softw. Eng. 22(10), 751–761 (1996)CrossRefGoogle Scholar
  2. 2.
    Bollobás, B.: Modern Graph Theory. Graduate Texts in Mathematics, vol. 184. Springer, Heidelberg (1998)zbMATHGoogle Scholar
  3. 3.
    Cataldo, M., de Souza, C.: Exploring the impact of API complexity on failure-proneness. In: 9th International Conference on Global Software Engineering (2014)Google Scholar
  4. 4.
    Dibble, C., Gestwicki, P.: Refactoring code to increase readability and maintainability: a case study. J. Comput. Sci. Coll. 30(1), 41–51 (2014)Google Scholar
  5. 5.
    Hammami, I., Mercier, G., Hamouda, A.: The Kohonen map for credal classification of large multispectral images. In: 2014 IEEE Geoscience and Remote Sensing Symposium, pp. 3706–3709. IEEE, July 2014Google Scholar
  6. 6.
    Henderson-Sellers, B., Tegarden, D.: A critical re-examination of cyclomatic complexity measures. In: Lee, M., Barta, B.-Z., Juliff, P. (eds.) Software Quality and Productivity. IFIP Advances in Information and Communication Technology, pp. 328–335. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Kohonen, T.: Self-organized formation of topologically correct feature maps. Biol. Cybern. 43, 59–69 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990)CrossRefGoogle Scholar
  9. 9.
    Lihong, M., Mingguang, W., Jun, J.: Joint investigation of cases using self-organized map network. In: 2011 International Conference on Electronics, Communications and Control (ICECC), pp. 1520–1523. IEEE, September 2011Google Scholar
  10. 10.
    Mccabe, T.: Cyclomatic complexity and the year 2000. IEEE Softw. 13(3), 115–117 (1996)CrossRefGoogle Scholar
  11. 11.
    McCabe, T.: A complexity measure. IEEE Trans. Softw. Eng. 4, 308–320 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Mota, R.L.M., Shiguemori, E.H., Ramos, A.C.B.: Application of self-organizing maps at change detection in Amazon forest. In: 11th International Conference on Information Technology: New Generations, pp. 371–376. IEEE, April 2014Google Scholar
  13. 13.
    Nagappan, N., Ball, T., Zeller, A.: Mining metrics to predict component failures. In: 28th International Conference on Software Engineering, pp. 452–461 (2006)Google Scholar
  14. 14.
    Sarwar, S., Muhammd, M.: Cyclomatic complexity: the nesting problem. In: 2013 Eighth International Conference on Digital Information Management (ICDIM) (2013)Google Scholar
  15. 15.
    Shepperd, M.: A critique of cyclomatic complexity as a software metric. Softw. Eng. J. 3(2), 30 (1988)CrossRefGoogle Scholar
  16. 16.
    Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley Press, Melbourne (2001)Google Scholar
  17. 17.
    Watson, A., McCabe, T., Wallace, D.: Structured testing: a testing methodology using the cyclomatic complexity metric. NIST Spec. Publ. 500(235), 1–114 (1996)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Marcos Alvares
    • 1
    Email author
  • Fernando Buarque de Lima Neto
    • 1
    • 2
  • Tshilidzi Marwala
    • 1
    • 2
  1. 1.University of JohannesburgJohannesburgSouth Africa
  2. 2.University of PernambucoRecifeBrazil

Personalised recommendations