Le Minh Sang Tran

Learn More
Security metrics and vulnerability prediction for software have gained a lot of interests from the community. Many software security metrics have been proposed <i>e.g.</i>, complexity metrics, cohesion and coupling metrics. In this paper, we propose a novel code metric based on dependency graphs to predict vulnerable components. To validate the efficiency(More)
A significant number of methods have been proposed to identify and analyze threats and security requirements, but there are few empirical evaluations that show these methods work in practice. This paper reports a controlled experiment conducted with 28 master students to compare two classes of risk-based methods, visual methods (CORAS) and textual methods(More)
Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security(More)
Requirement evolution has drawn a lot of attention from the community with a major focus on management and consistency of requirements. Here, we tackle the fundamental, albeit less explored, alternative of modeling the future evolution of requirements. Our approach is based on the explicit representation of controllable evolutions vs observable evolutions,(More)
<lb>Security risk analysis should be conducted regularly for organizations<lb>to maintain an acceptable level of security. In principle, all risks that<lb>are unacceptable according to the predefined criteria should be mitigated.<lb>However, risk mitigation comes at a cost, and only the countermeasures<lb>that cost-efficiently mitigate risks should be(More)
Security risk analysis should be conducted regularly to maintain an acceptable level of security. In principle, all risks that are unacceptable according to the predefined criteria should be mitigated. However, risk mitigation comes at a cost, and only the countermeasures that cost-efficiently mitigate risks should be implemented. This paper presents an(More)
Requirements evolution is still a challenging problem in engineering practices. This paper presents a family of empirical studies about the applicability and usefulness of an approach for modeling evolving requirements. The empirical studies involved different categories of users (researchers, master students and domain experts) who have applied the(More)
Long-living software systems keep evolving to satisfy changes in their working environment. New requirements may arise, while current requirements may become obsoleted. Such requirements evolution fortunately could be foreseen at some level of (un)certainty. The paper presents UNICORN, a CASE tool for modeling and reasoning on the uncertainty of(More)
Existing risk assessment methods often rely on a context of a target software system at a particular point in time. Such contexts of long-living software systems tend to evolve over time. Consequently, risks might also evolve. Therefore, in order to deal with evolving risks, decision makers need to select an appropriate risk countermeasure alternative that(More)
Software systems could be seen as a hierarchy of features which are evolving due to the dynamic of the working environments. The companies who build software thus need to make an appropriate strategy, which takes into consideration of such dynamic, to select features to be implemented. In this work, we propose an approach to facilitate such selection by(More)