Abstract
User studies are paramount for advancing research in software engineering, particularly when evaluating tools and techniques involving programmers. However, researchers face several barriers when performing them despite the existence of supporting tools. We base our study on a set of tools and researcher-reported barriers identified in prior work on user studies in software engineering. In this work, we study how existing tools and their features cope with previously identified barriers. Moreover, we propose new features for the barriers that lack support. We validated our proposal with 102 researchers, achieving statistically significant positive support for all but one feature. We study the current gap between tools and barriers, using features as the bridge. We show there is a significant lack of support for several barriers, as some have no single tool to support them.

Abstract
Supporting sustainability through modelling and analysis has become an active area of research in Software Engineering. Therefore, it is important and timely to survey the current state of the art in sustainability in Cyber-Physical Systems (CPS), one of the most rapidly evolving classes of complex software systems. This work presents the findings of a Systematic Mapping Study (SMS) that aims to identify key primary studies reporting on CPS modelling approaches that address sustainability over the last 10 years. Our literature search retrieved 2209 papers, of which 104 primary studies were deemed relevant fora detailed characterisation. These studies were analysed based on nine research questions designed to extract information on sustainability attributes, methods, models/meta-models, metrics, processes, and tools used to improve the sustainability of CPS. These questions also aimed to gather data on domain-specific modelling approaches and relevant application domains. The final results report findings for each of our questions, highlight interesting correlations among them, and identify literature gaps worth investigating in the near future.

Abstract
The fast global expansion of online public services has transformed how governments interact with citizens, offering convenience and efficiency. However, this digital transformation also introduces significant security risks, as sensitive data exchanged between users and service providers over public networks are exposed to cyber threats. Thus, ensuring the security and trustworthiness of these services is critical to the success of Electronic Government (EGOV) initiatives. This study evaluates the information security posture of 3068 public service platforms across all 193 UN Member States through non-intrusive assessments conducted in 2023 and 2024. The evaluation focuses on three key dimensions: (i) the adoption of secure end-to-end communication protocols, (ii) the trustworthiness of digital certificate chains, and (iii) the exposure of hosting servers to known vulnerabilities. The findings reveal that while some progress has been made in securing online public services, substantial gaps remain in the implementation of international security standards and best practices. Many platforms continue to rely on outdated cryptographic protocols, misconfigured certificates, and unpatched vulnerabilities, leaving citizens and services vulnerable to cyber threats due to weaknesses that malicious actors can easily and inconspicuously identify. These insights emphasize the need for effective implementation of more comprehensive cybersecurity policies, proactive security assessments, and improved regulatory compliance checks. Additionally, this work provides actionable guidance for governments and system administrators to enhance the security of EGOV infrastructures by addressing persistent vulnerabilities and adopting robust cybersecurity practices.

Abstract
Electronic Control Units are embedded devices that control various critical features of an automobile. Consequently, it is crucial to develop tools that enable penetration testers to identify security vulnerabilities within these ECUs as efficiently as possible. Fuzzing, a widely-used technique, can help uncover vulnerabilities in various types of applications. Fuzzing can then be applied to test ECUs through their communication protocols, the most common being the Controller Area Network (CAN). We present oCANada, a generation-based fuzzer which can be utilized in order to craft CAN messages for fuzzing. Many existing CAN fuzzers rely on simple mutation-based fuzzing, which involves randomly changing bits in the CAN payload. This paper introduces a novel generation-based fuzzing approach that leverages CAN database files (DBCs) in order to craft syntactically correct messages. oCANada also incorporates State-of-the-Art CAN reverse engineering techniques in order to enable syntax-aware fuzzing even when DBCs are not available. Additionally, this paper discusses test oracle techniques employed for fuzzing ECUs over CAN in both greybox and blackbox environments. Finally, we present our results while running the tool which we used two CANoe simulations, a Gateway ECU, and a modified version of the instrument cluster simulator ICSim. In these results, we also compare our fuzzer to the well-known CaringCaribou fuzzer.

Abstract

Abstract