February 4, 2019

IEEE magazine publishes Phase Change research scientist co-authored paper

January 31, 2019

by Todd Erickson*

Phase Change research scientist Rahul Pandita’s co-written paper, “A Conceptual Framework for Engineering Chatbots,” was recently published in the November-December 2018 issue of IEEE Internet Computing^.

The industry magazine is published bi-monthly by the Institute for Electrical and Electronics Engineers (IEEE) Computer Society for evaluating and reviewing Internet-based computer applications and enabling technologies. It focuses on technologies and applications that enable practitioners to utilize Internet-based applications and tools, instead of having to build their own.

The paper

The use of chatbots as virtual assistants is becoming more widespread as companies strive to increase community engagement online and on social-media platforms.

The problem is that most commercially available bots are engineered with If-This-Then-That (IFTTT) frameworks from the 1980s. These decades-old frameworks often create inflexible chatbots that are difficult to maintain.

The bots can be monolithic and may mix dialog-managing rules with business-execution logic and response-generation rules. And when these chatbots must interact with third-party services to orchestrate workflows, the orchestration logic becomes entwined with the IFTTT rules.

Additionally, IFTTT tends to be order sensitive. As chatbots’ capabilities increase, their implementation rules grow more complex, and even simple modifications can require substantial effort.

The paper, “A Conceptual Framework for Engineering Chatbots,“ outlines a high-level conceptual framework founded upon agent-oriented abstractions – goals, plans, and commitments.

It theorizes that well-studied abstractions of goals and commitments from the area of artificial intelligence (AI) and multiagent systems allow for more flexible chatbots. Goals capture an agent’s intentions, and commitments capture meaningful business relationships between agents.

The paper describes how employing goals and commitments can enable a model chatbot that can be verified at design time or runtime, offers flexible enactments, and provides a basis for judging correctness.


In addition to Pandita, the paper is written by:

It is available free online for IEEE members, and can be purchased through the IEEE Xplore Digital Library.

*Todd Erickson is a tech writer with Phase Change Software. You can reach him at terickson@phasechange.ai.

^The figure represented in the featured image and the IEEE Internet Computing magazine cover are copyrighted by the Institute of Electrical and Electronics Engineers Inc..

July 17, 2018

Phase Change research scientist publishes technical papers in prominent research journals

July 16, 2018

by Rahul Pandita and Todd Erickson

Phase Change research scientist Dr. Rahul Pandita recently had two co-written papers published in well-known research journals. The first paper, “Are vulnerabilities discovered and resolved like other defects?,” was published in the June 2018 volume of the Empirical Software Engineering: An International Journal and presented as a Journal First Paper at the 40th International Conference on Software Engineering (ICSE) in Gothenburg, Sweden.

The paper was co-written with Patrick Morrison, Dr. Xusheng Xiao, Dr. Ram Chillarege, and Dr. Laurie Williams. Patrick Morrison is a Ph.D. candidate in the Computer Science Department at North Carolina State University. Dr. Xusheng Xiao is an assistant professor in the Department of Electrical Engineering and Computer Science at Case Western University.

Dr. Ram Chillarege is the founder and president of Chillarege Inc. Dr. Laurie Williams is a professor, and the department head, at the North Carolina State University Department of Computer Science.

The paper

The goal of the project’s research was to determine if security defects (referred to as vulnerabilities in the paper) are discovered and resolved by different software-development practices in comparison to non-security defects. If true, technical leaders could use the distinction to drive security-specific software development process improvements.

The research consisted of extending Orthogonal Defect Classification (ODC), which is a well-established scheme for classifying software defects, to study process-related differences between vulnerabilities and non-security defects, and thereby creating ODC + Vulnerabilities (ODC+V). This new classification was applied to 583 vulnerabilities and 583 defects across 133 releases of three open-source projects – the Firefox web browser, phpMyAdmin, and Google’s Chrome web browser.

The study found that compared with non-security defects, vulnerabilities are found much later in the development cycle and are more likely to be resolved through changes to conditional logic. The results indicate opportunities may exist for more efficient vulnerability detection and resolution.

The paper was accepted by the 40th International Conference on Software Engineering (ICSE) that was held in Gothenburg Sweden, between May 27 and June 3, as part of the *ICSE 2018* Journal First Papers track. Dr. Williams presented it on May 31, 2018.

But wait, there’s more

The second paper, “Mapping the field of software life cycle security measures,” is scheduled to be published in the October 2018 issue of Information and Software Technology. It was co-written with Patrick Morrison, Dr. Laurie Williams, and David Moye, a program site lead with Aelius Exploration Technologies LLC.

The authors suspected that a catalog of software-development life cycle security metrics could assist practitioners in choosing appropriate metrics, and researchers in identifying opportunities for security measurement refinement.

They conducted a systematic mapping study, beginning with 4,818 papers and focusing on 71 papers reporting on 324 unique security metrics. For each metric, the researchers identified the subject being measured, how the metric had been validated, and how the metric was used. Then they categorized the metrics and included examples of metrics for each category.

The research found that approximately 85% of the security metrics studied were proposed and evaluated solely by their authors, leaving room for replication and confirmation through field studies. Approximately 60% of the metrics were empirically evaluated by their authors or others.

They concluded that the primary application of security metrics to the software development lifecycle is studying the relationship between properties of source code and reported vulnerabilities. This suggests that researchers need to refine vulnerability measurements and give greater attention to metrics for the requirement, design, and testing phases of development.

Rahul Pandita is a senior research scientist at Phase Change. He earned his Ph.D. in computer science from North Carolina State University. You can reach him at rpandita@phasechange.ai.

Todd Erickson is a tech writer at Phase Change. You can reach him at terickson@phasechange.ai.


651 Corporate Circle
Suite 209A
Golden, Colorado 80401
Phone: +1.303.586.8900
Email: info@phasechange.ai

© 2024 Phase Change Software, LLC