Defect prediction models help software quality assurance teams to allocate their limited resources to the most defect-prone modules. Model validation techniques, such as <inline-formula><tex-math ...notation="LaTeX">k</tex-math> <inline-graphic xlink:href="tantithamthavorn-ieq1-2584050.gif"/> </inline-formula>-fold cross-validation, use historical data to estimate how well a model will perform in the future. However, little is known about how accurate the estimates of model validation techniques tend to be. In this paper, we investigate the bias and variance of model validation techniques in the domain of defect prediction. Analysis of 101 public defect datasets suggests that 77 percent of them are highly susceptible to producing unstable results- - selecting an appropriate model validation technique is a critical experimental design choice. Based on an analysis of 256 studies in the defect prediction literature, we select the 12 most commonly adopted model validation techniques for evaluation. Through a case study of 18 systems, we find that single-repetition holdout validation tends to produce estimates with 46-229 percent more bias and 53-863 percent more variance than the top-ranked model validation techniques. On the other hand, out-of-sample bootstrap validation yields the best balance between the bias and variance of estimates in the context of our study. Therefore, we recommend that future defect prediction studies avoid single-repetition holdout validation, and instead, use out-of-sample bootstrap validation.
Static detection of cross-site scripting vulnerabilities Wassermann, G.; Zhendong Su
2008 ACM/IEEE 30th International Conference on Software Engineering,
01/2008, Letnik:
2008, Številka:
24
Conference Proceeding, Journal Article
Web applications support many of our daily activities, but they often have security problems, and their accessibility makes them easy to exploit. In cross-site scripting (XSS), an attacker exploits ...the trust a Web client (browser) has for a trusted server and executes injected script on the browser with the server's privileges. In 2006, XSS constituted the largest class of newly reported vulnerabilities making it the most prevalent class of attacks today. Web applications have XSS vulnerabilities because the validation they perform on untrusted input does not suffice to prevent that input from invoking a browser's JavaScript interpreter, and this validation is particularly difficult to get right if it must admit some HTML mark-up. Most existing approaches to finding XSS vulnerabilities are taint-based and assume input validation functions to be adequate, so they either miss real vulnerabilities or report many false positives. This paper presents a static analysis for finding XSS vulnerabilities that directly addresses weak or absent input validation. Our approach combines work on tainted information flow with string analysis. Proper input validation is difficult largely because of the many ways to invoke the JavaScript interpreter; we face the same obstacle checking for vulnerabilities statically, and we address it by formalizing a policy based on the W3C recommendation, the Firefox source code, and online tutorials about closed-source browsers. We provide effective checking algorithms based on our policy. We implement our approach and provide an extensive evaluation that finds both known and unknown vulnerabilities in real-world web applications.
1. Information criteria (ICs) are used widely for data summary and model building in ecology, especially in applied ecology and wildlife management. Although ICs are useful for distinguishing among ...rival candidate models, ICs do not necessarily indicate whether the "best" model (or a model-averaged version) is a good representation of the data or whether the model has useful "explanatory" or "predictive" ability. 2. As editors and reviewers, we have seen many submissions that did not evaluate whether the nominal "best" model(s) found using IC is a useful model in the above sense. 3. We scrutinized six leading ecological journals for papers that used IC to models. More than half of papers using IC for model comparison did not evaluate the adequacy of the best model(s) in either "explaining" or "prdicting" the data. 4. Synthesis and applications. Authors need to evaluate the adequacy of the model identified as the "best" model by using information criteria methods to provide convincing evidence to readers and users that inferences from the best models are useful and reliable.
The validation of the manufacturing process to produce ceftriaxone/ sulbactam with EDTA1.5 g/ vial powder for solution for injection/ infusion. Ceftriaxone works by inhibiting the mucopeptide ...synthesis in the bacterial cell wall. The beta-lactam moiety of Ceftriaxone binds to carboxypeptidases, endopeptidases, and transpeptidases in the bacterial cytoplasmic membrane. These enzymes are involved in cell- wall synthesis and cell division. By binding to these enzymes, Ceftriaxone results in the formation of defective cell walls and cell death. Sulbactam is an irreversible inhibitor of beta-lactamase; it binds the enzyme and does not allow it to interact with the antibiotic. The validation confirms that each stage of the manufacturing process is in control and will consistently produce a product of acceptable quality, as defined by the specifications of product. It is planned that operating variables and control parameters of processes shall be studied and documented. The associated critical product attributes and characteristics shall also be studied. Process validation of ceftriaxone/ sulbactam 1.5g/ vial powder for solution for injection. Process for manufacture of ceftriaxone/ sulbactam 1.5g/ vials powder for solution for injection/ infusion is said to be in state of control. Hence this product can be manufactured by using this process without modifying any parameters
We develop and validate measures of causation and effectuation approaches to new venture creation and test our measures with two samples of entrepreneurs in young firms. Our measure of causation is a ...well-defined and coherent uni-dimensional construct. We propose that effectuation is a formative, multidimensional construct with three associated sub-dimensions (experimentation, affordable loss, and flexibility) and one dimension shared with the causation construct (pre-commitments). As specified by Sarasvathy (2001), we also show that causation is negatively associated with uncertainty, while experimentation, a sub-dimension of effectuation, is positively correlated with uncertainty. The major contribution is the resulting validated scales that measure causation and effectuation.