Planned maintenance
A system upgrade is planned for 24/9-2024, at 12:00-14:00. During this time DiVA will be unavailable.
Change search
Link to record
Permanent link

Direct link
Publications (10 of 51) Show all publications
Fucci, D., Alégroth, E., Felderer, M. & Johannesson, C. (2024). Evaluating software security maturity using OWASP SAMM: Different approaches and stakeholders perceptions. Journal of Systems and Software, 214, Article ID 112062.
Open this publication in new window or tab >>Evaluating software security maturity using OWASP SAMM: Different approaches and stakeholders perceptions
2024 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 214, article id 112062Article in journal (Refereed) Published
Abstract [en]

Background: Recent years have seen a surge in cyber-attacks, which can be prevented or mitigated using software security activities. OWASP SAMM is a maturity model providing a versatile way for companies to assess their security posture and plan for improvements. Objective: We perform an initial SAMM assessment in collaboration with a company in the financial domain. Our objective is to assess a holistic inventory of the company security-related activities, focusing on how different roles perform the assessment and how they perceive the instrument used in the process. Methodology: We perform a case study to collect data using SAMM in a lightweight and novel manner through assessment using an online survey with 17 participants and a focus group with seven participants. Results: We show that different roles perceive maturity differently and that the two assessments deviate only for specific practices making the lightweight approach a viable and efficient solution in industrial practice. Our results indicate that the questions included in the SAMM assessment tool are answered easily and confidently across most roles. Discussion: Our results suggest that companies can productively use a lightweight SAMM assessment. We provide nine lessons learned for guiding industrial practitioners in the evaluation of their current security posture as well as for academics wanting to utilize SAMM as a research tool in industrial settings. Editor's note: Open Science material was validated by the Journal of Systems and Software Open Science Board. © 2024 The Author(s)

Place, publisher, year, edition, pages
Elsevier, 2024
Keywords
Industry-academia collaboration, OWASP SAMM, Software security, Cybersecurity, Industrial research, Petroleum reservoir evaluation, Cyber-attacks, Evaluating software, Financial domains, Maturity model, Open science, Security activities, Stakeholder perception, Network security
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-26188 (URN)10.1016/j.jss.2024.112062 (DOI)001237888500001 ()2-s2.0-85192019707 (Scopus ID)
Funder
Knowledge Foundation, 20180010
Available from: 2024-05-13 Created: 2024-05-13 Last updated: 2024-06-19Bibliographically approved
Felderer, M., Enoiu, E. P. & Tahvili, S. (2023). Artificial Intelligence Techniques in System Testing. In: José Raúl Romero, Inmaculada Medina-Bulo, Francisco Chicano (Ed.), Optimising the Software Development Process with Artificial Intelligence: (pp. 221-240). Springer
Open this publication in new window or tab >>Artificial Intelligence Techniques in System Testing
2023 (English)In: Optimising the Software Development Process with Artificial Intelligence / [ed] José Raúl Romero, Inmaculada Medina-Bulo, Francisco Chicano, Springer, 2023, p. 221-240Chapter in book (Refereed)
Abstract [en]

System testing is essential for developing high-quality systems, but the degree of automation in system testing is still low. Therefore, there is high potential for Artificial Intelligence (AI) techniques like machine learning, natural language processing, or search-based optimization to improve the effectiveness and efficiency of system testing. This chapter presents where and how AI techniques can be applied to automate and optimize system testing activities. First, we identified different system testing activities (i.e., test planning and analysis, test design, test execution, and test evaluation) and indicated how AI techniques could be applied to automate and optimize these activities. Furthermore, we presented an industrial case study on test case analysis, where AI techniques are applied to encode and group natural language into clusters of similar test cases for cluster-based test optimization. Finally, we discuss the levels of autonomy of AI in system testing.

Place, publisher, year, edition, pages
Springer, 2023
Series
Natural Computing Series, ISSN 1619-7127, E-ISSN 2627-6461 ; F1169
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-25211 (URN)10.1007/978-981-19-9948-2_8 (DOI)2-s2.0-85165956570 (Scopus ID)9789811999475 (ISBN)9789811999482 (ISBN)
Funder
EU, Horizon 2020, 957212
Available from: 2023-08-07 Created: 2023-08-07 Last updated: 2023-08-11Bibliographically approved
Bendler, D. & Felderer, M. (2023). Competency Models for Information Security and Cybersecurity Professionals: Analysis of Existing Work and a New Model. ACM Transactions on Computing Education, 23(2), Article ID 25.
Open this publication in new window or tab >>Competency Models for Information Security and Cybersecurity Professionals: Analysis of Existing Work and a New Model
2023 (English)In: ACM Transactions on Computing Education, E-ISSN 1946-6226, Vol. 23, no 2, article id 25Article in journal (Refereed) Published
Abstract [en]

Competency models are widely adopted frameworks that are used to improve human resource functions and education. However, the characteristics of competency models related to the information security and cybersecurity domains are not well understood. To bridge this gap, this study investigates the current state of competency models related to the security domain through qualitative content analysis. Additionally, based on the competency model analysis, an evidence-based competency model is proposed. Examining the content of 27 models, we found that the models can benefit target groups in many different ways, ranging from policymaking to performance management. Owing to their many uses, competency models can arguably help to narrow the skills gap from which the profession is suffering. Nonetheless, the models have their shortcomings. First, the models do not cover all of the topics specified by the Cybersecurity Body of Knowledge ( i.e., no model is complete). Second, by omitting social, personal, and methodological competencies, many models reduce the competency profile of a security expert to professional competencies. Addressing the limitations of previous work, the proposed competency model provides a holistic view of the competencies required by security professionals for job achievement and can potentially benefit both the education system and the labor market. To conclude, the implications of the competency model analysis and use cases of the proposed model are discussed.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2023
Keywords
Cybersecurity education, competency model, competency, workforce development, skills gap
National Category
Information Systems
Identifiers
urn:nbn:se:bth-25261 (URN)10.1145/3573205 (DOI)001018474800009 ()
Projects
MIDISE
Funder
Knowledge Foundation, 20210026European Commission, 2019-1-LI01-KA203-000130
Available from: 2023-08-09 Created: 2023-08-09 Last updated: 2024-04-23Bibliographically approved
Molléri, J. S., Mendes, E., Petersen, K. & Felderer, M. (2023). Determining a core view of research quality in empirical software engineering. Computer Standards & Interfaces, 84, Article ID 103688.
Open this publication in new window or tab >>Determining a core view of research quality in empirical software engineering
2023 (English)In: Computer Standards & Interfaces, ISSN 0920-5489, E-ISSN 1872-7018, Vol. 84, article id 103688Article in journal (Refereed) Published
Abstract [en]

Context: Research quality is intended to appraise the design and reporting of studies. It comprises a set of standards such as methodological rigor, practical relevance, and conformance to ethical standards. Depending on the perspective, different views of importance are given to the standards for research quality. Objective: To investigate the suitability of a conceptual model of research quality to Software Engineering (SE), from the perspective of researchers engaged in Empirical Software Engineering (ESE) research, in order to understand the core value of research quality. Method: We conducted a mixed-methods approach with two distinct group perspectives: (i) a research group; and (ii) the empirical SE research community. Our data collection approach comprised a questionnaire survey and a complementary focus group. We carried out a hierarchical voting prioritization to collect relative values for importance of standards for research quality. Results: In the context of this research, ‘internally valid’, ‘relevant research idea’, and ‘applicable results’ are perceived as the core standards for research quality in empirical SE. The alignment at the research group level was higher compared to that at the community level. Conclusion: The conceptual model was seen to express fairly the standards for research quality in the SE context. It presented limitations regarding its structure and components’ description, which resulted in an updated model. © 2022

Place, publisher, year, edition, pages
Elsevier, 2023
Keywords
Alignment, Conceptual model, Research quality, Standards, Surveys, Core values, Data collection, Empirical Software Engineering, Ethical standards, Mixed method, Research communities, Research groups, Software engineering research, Software engineering
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-23706 (URN)10.1016/j.csi.2022.103688 (DOI)000870181900002 ()2-s2.0-85137713683 (Scopus ID)
Available from: 2022-10-03 Created: 2022-10-03 Last updated: 2023-12-04Bibliographically approved
Steidl, M., Felderer, M. & Ramler, R. (2023). The pipeline for the continuous development of artificial intelligence models-Current state of research and practice. Journal of Systems and Software, 199, Article ID 111615.
Open this publication in new window or tab >>The pipeline for the continuous development of artificial intelligence models-Current state of research and practice
2023 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 199, article id 111615Article, review/survey (Refereed) Published
Abstract [en]

Companies struggle to continuously develop and deploy Artificial Intelligence (AI) models to complex production systems due to AI characteristics while assuring quality. To ease the development process, continuous pipelines for AI have become an active research area where consolidated and in-depth analysis regarding the terminology, triggers, tasks, and challenges is required.This paper includes a Multivocal Literature Review (MLR) where we consolidated 151 relevant formal and informal sources. In addition, nine-semi structured interviews with participants from academia and industry verified and extended the obtained information. Based on these sources, this paper provides and compares terminologies for Development and Operations (DevOps) and Continuous Integration (CI)/Continuous Delivery (CD) for AI, Machine Learning Operations (MLOps), (end-to-end) lifecycle management, and Continuous Delivery for Machine Learning (CD4ML). Furthermore, the paper provides an aggregated list of potential triggers for reiterating the pipeline, such as alert systems or schedules. In addition, this work uses a taxonomy creation strategy to present a consolidated pipeline comprising tasks regarding the continuous development of AI. This pipeline consists of four stages: Data Handling, Model Learning, Software Development and System Operations. Moreover, we map challenges regarding pipeline implementation, adaption, and usage for the continuous development of AI to these four stages.(c) 2023 The Authors. Published by Elsevier Inc. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).

Place, publisher, year, edition, pages
Elsevier, 2023
Keywords
Continuous development of AI, Continuous (end-to-end) lifecycle pipeline for AI, MLOps, CI, CD for AI, DevOps for AI, Multivocal literature review
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-24504 (URN)10.1016/j.jss.2023.111615 (DOI)000967982100001 ()
Available from: 2023-05-09 Created: 2023-05-09 Last updated: 2023-05-09Bibliographically approved
Huber, S., Demetz, L. & Felderer, M. (2022). A comparative study on the energy consumption of Progressive Web Apps. Information Systems, 108, Article ID 102017.
Open this publication in new window or tab >>A comparative study on the energy consumption of Progressive Web Apps
2022 (English)In: Information Systems, ISSN 0306-4379, E-ISSN 1873-6076, Vol. 108, article id 102017Article in journal (Refereed) Published
Abstract [en]

Progressive Web Apps (PWAs) are a promising approach for developing mobile apps, especially when developing apps for multiple mobile systems. As mobile devices are limited with respect to battery capacity, developers should keep the energy footprint of a mobile app as low as possible. The goal of this study is to analyze the difference in energy consumption of PWAs compared to other mobile development approaches. As mobile apps are primarily interactive in nature, we focus on UI rendering and interaction scenarios. For this, we implemented five versions of the same app with different development approaches and examined their energy footprint on two Android devices with four execution scenarios. Additionally, we extended our research by analyzing multiple real-world mobile apps to include a more practical perspective. Regarding execution environments, we also compared the energy consumption of PWAs executed in different web-browsers. The results based on sample and real-world apps show that the used development approach influences the energy footprint of a mobile app. Native development shows the lowest energy consumption. PWAs, albeit having a higher energy consumption than native apps, are a viable alternative to other mobile cross-platform development (MCPD) approaches. The experiments could not assert an inherent technological disadvantage of PWAs in contrast to other MCPD approaches when considering UI energy consumption. Moreover, the web-browser engine used to execute the PWA has a significant influence on the energy footprint of the app. © 2022 Elsevier Ltd

Place, publisher, year, edition, pages
Elsevier Ltd, 2022
Keywords
Energy-efficiency, Mobile cross-platform development, Mobile software development, Progressive Web Apps, Energy utilization, Software design, Web browsers, Cross platform development, Development approach, Energy, Energy-consumption, Mobile app, Progressive web app, Real-world, Web App, Energy efficiency
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-22773 (URN)10.1016/j.is.2022.102017 (DOI)001133975200018 ()2-s2.0-85126383074 (Scopus ID)
Available from: 2022-03-25 Created: 2022-03-25 Last updated: 2024-08-06Bibliographically approved
Fagerholm, F., Felderer, M., Fucci, D., Unterkalmsteiner, M., Marculescu, B., Martini, M., . . . Khattak, J. (2022). Cognition in Software Engineering: A Taxonomy and Survey of a Half-Century of Research. ACM Computing Surveys, 54(11)
Open this publication in new window or tab >>Cognition in Software Engineering: A Taxonomy and Survey of a Half-Century of Research
Show others...
2022 (English)In: ACM Computing Surveys, ISSN 0360-0300, E-ISSN 1557-7341, Vol. 54, no 11Article in journal (Refereed) Published
Abstract [en]

Cognition plays a fundamental role in most software engineering activities. This article provides a taxonomy of cognitive concepts and a survey of the literature since the beginning of the Software Engineering discipline. The taxonomy comprises the top-level concepts of perception, attention, memory, cognitive load, reasoning, cognitive biases, knowledge, social cognition, cognitive control, and errors, and procedures to assess them both qualitatively and quantitatively. The taxonomy provides a useful tool to filter existing studies, classify new studies, and support researchers in getting familiar with a (sub) area. In the literature survey, we systematically collected and analysed 311 scientific papers spanning five decades and classified them using the cognitive concepts from the taxonomy. Our analysis shows that the most developed areas of research correspond to the four life-cycle stages, software requirements, design, construction, and maintenance. Most research is quantitative and focuses on knowledge, cognitive load, memory, and reasoning. Overall, the state of the art appears fragmented when viewed from the perspective of cognition. There is a lack of use of cognitive concepts that would represent a coherent picture of the cognitive processes active in specific tasks. Accordingly, we discuss the research gap in each cognitive concept and provide recommendations for future research.

Place, publisher, year, edition, pages
ACM Digital Library, 2022
Keywords
Cognition, cognitive concepts, psychology of programming, human factors, measurement, taxonomy
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-23177 (URN)10.1145/3508359 (DOI)000886929000001 ()
Note

open access

Available from: 2022-06-16 Created: 2022-06-16 Last updated: 2023-06-30Bibliographically approved
Adigun, J. G., Camilli, M., Felderer, M., Giusti, A., Matt, D. T., Perini, A., . . . Susi, A. (2022). Collaborative Artificial Intelligence Needs Stronger Assurances Driven by Risks. Computer, 55(3), 52-63
Open this publication in new window or tab >>Collaborative Artificial Intelligence Needs Stronger Assurances Driven by Risks
Show others...
2022 (English)In: Computer, ISSN 0018-9162, E-ISSN 1558-0814, Vol. 55, no 3, p. 52-63Article in journal (Refereed) Published
Abstract [en]

Collaborative artificial intelligence systems (CAISs) aim to work with humans in a shared space to achieve a common goal, but this can pose hazards that could harm human beings. We identify emerging problems in this context and report our vision of and progress toward a risk-driven assurance process for CAISs.

Place, publisher, year, edition, pages
IEEE Computer Society, 2022
Keywords
Artificial intelligence systems, Human being, Shared spaces
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-22818 (URN)10.1109/MC.2021.3131990 (DOI)000769986500008 ()2-s2.0-85127599993 (Scopus ID)
Available from: 2022-04-07 Created: 2022-04-07 Last updated: 2022-04-19Bibliographically approved
Foidl, H., Felderer, M. & Ramler, R. (2022). Data Smells: Categories, Causes and Consequences, and Detection of Suspicious Data in AI-based Systems. In: Proceedings - 1st International Conference on AI Engineering - Software Engineering for AI, CAIN 2022: . Paper presented at 1st International Conference on AI Engineering - Software Engineering for AI, CAIN 2022, Pittsburgh, 16 May 2022 through 17 May 2022 (pp. 229-239). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Data Smells: Categories, Causes and Consequences, and Detection of Suspicious Data in AI-based Systems
2022 (English)In: Proceedings - 1st International Conference on AI Engineering - Software Engineering for AI, CAIN 2022, Institute of Electrical and Electronics Engineers (IEEE), 2022, p. 229-239Conference paper, Published paper (Refereed)
Abstract [en]

High data quality is fundamental for today's AI-based systems. However, although data quality has been an object of research for decades, there is a clear lack of research on potential data quality issues (e.g., ambiguous, extraneous values). These kinds of issues are latent in nature and thus often not obvious. Nevertheless, they can be associated with an increased risk of future problems in AI-based systems (e.g., technical debt, data-induced faults). As a counterpart to code smells in software engineering, we refer to such issues as Data Smells. This article conceptualizes data smells and elaborates on their causes, consequences, detection, and use in the context of AI-based systems. In addition, a catalogue of 36 data smells divided into three categories (i.e., Believability Smells, Understandability Smells, Consistency Smells) is presented. Moreover, the article outlines tool support for detecting data smells and presents the result of an initial smell detection on more than 240 real-world datasets. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2022
Keywords
Data reduction, Odors, Code smell, Data engineering, Data quality, Data smell, On potentials, Quality issues, Technical debts, Three categories, Tool support, Understandability, Software engineering, artificial intelligence, data smells
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-23541 (URN)10.1145/3522664.3528590 (DOI)2-s2.0-85133411277 (Scopus ID)9781450392754 (ISBN)
Conference
1st International Conference on AI Engineering - Software Engineering for AI, CAIN 2022, Pittsburgh, 16 May 2022 through 17 May 2022
Note

open access

Available from: 2022-08-12 Created: 2022-08-12 Last updated: 2022-12-13Bibliographically approved
Tuzun, E., Erdogmus, H., Baldassarre, M. T., Felderer, M., Feldt, R. & Turhan, B. (2022). Ground-Truth Deficiencies in Software Engineering: When Codifying the Past Can Be Counterproductive. IEEE Software, 39(3), 85-95
Open this publication in new window or tab >>Ground-Truth Deficiencies in Software Engineering: When Codifying the Past Can Be Counterproductive
Show others...
2022 (English)In: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194, Vol. 39, no 3, p. 85-95Article in journal (Refereed) Published
Abstract [en]

In software engineering, the objective function of human decision makers might be influenced by many factors. Relying on historical data as the ground truth may give rise to systems that automate software engineering decisions by mimicking past suboptimal behavior. We describe the problem and offer some strategies. ©IEEE.

Place, publisher, year, edition, pages
IEEE Computer Society, 2022
Keywords
Decision making, Cognitive bias, Engineering decisions, Historical data, Human decisions, Mitigation strategy, Objective functions, Process decisions, Software engineering tools, Software engineering
National Category
Business Administration Production Engineering, Human Work Science and Ergonomics
Identifiers
urn:nbn:se:bth-22971 (URN)10.1109/MS.2021.3098670 (DOI)000811542700012 ()2-s2.0-85111024778 (Scopus ID)
Available from: 2022-05-23 Created: 2022-05-23 Last updated: 2023-06-30Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-3818-4442

Search in DiVA

Show all publications