Change search
Link to record
Permanent link

Direct link
Publications (10 of 174) Show all publications
Yu, L., Alégroth, E., Chatzipetrou, P. & Gorschek, T. (2025). Experience with Large Language Model Applications for Information Retrieval from Enterprise Proprietary Data. In: Dietmar Pfahl, Javier Gonzalez Huerta, Jil Klünder, Hina Anwar (Ed.), Product-Focused Software Process Improvement: . Paper presented at 25th International Conference on Product-Focused Software Process Improvement, PROFES 2024, Tartu, Dec 2-4, 2024 (pp. 92-107). Springer, 15452
Open this publication in new window or tab >>Experience with Large Language Model Applications for Information Retrieval from Enterprise Proprietary Data
2025 (English)In: Product-Focused Software Process Improvement / [ed] Dietmar Pfahl, Javier Gonzalez Huerta, Jil Klünder, Hina Anwar, Springer, 2025, Vol. 15452, p. 92-107Conference paper, Published paper (Refereed)
Abstract [en]

Large Language Models (LLMs) offer promising capabilities for information retrieval and processing. However, the LLM deployment for querying proprietary enterprise data poses unique challenges, particularly for companies with strict data security policies. This study shares our experience in setting up a secure LLM environment within a FinTech company and utilizing it for enterprise information retrieval while adhering to data privacy protocols. 

We conducted three workshops and 30 interviews with industrial engineers to gather data and requirements. The interviews further enriched the insights collected from the workshops. We report the steps to deploy an LLM solution in an industrial sandboxed environment and lessons learned from the experience. These lessons contain LLM configuration (e.g., chunk_size and top_k settings), local document ingestion, and evaluating LLM outputs.

Our lessons learned serve as a practical guide for practitioners seeking to use private data with LLMs to achieve better usability, improve user experiences, or explore new business opportunities. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

Place, publisher, year, edition, pages
Springer, 2025
Series
Lecture Notes in Computer Science (LNCS), ISSN 0302-9743, E-ISSN 1611-3349 ; 15452
Keywords
AI, Artificial intelligence, Data security, Information retrieval, Large Language Model, LLM, Sandbox environment, Data privacy, Fintech, Enterprise data, Language model, Model application, Modeling environments, Privacy protocols, Security policy, Structured Query Language
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-27326 (URN)10.1007/978-3-031-78386-9_7 (DOI)2-s2.0-85211960724 (Scopus ID)9783031783852 (ISBN)
Conference
25th International Conference on Product-Focused Software Process Improvement, PROFES 2024, Tartu, Dec 2-4, 2024
Funder
Knowledge Foundation, 20180010
Available from: 2024-12-28 Created: 2024-12-28 Last updated: 2024-12-28Bibliographically approved
Kosenkov, O., Elahidoost, P., Gorschek, T., Fischbach, J., Mendez, D., Unterkalmsteiner, M., . . . Mohanani, R. (2025). Systematic mapping study on requirements engineering for regulatory compliance of software systems. Information and Software Technology, 178, Article ID 107622.
Open this publication in new window or tab >>Systematic mapping study on requirements engineering for regulatory compliance of software systems
Show others...
2025 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 178, article id 107622Article, review/survey (Refereed) Published
Abstract [en]

Context: As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. We argue that, as with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering—i.e., during requirements engineering (RE).

Objectives: In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS.

Method: We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles, and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle process areas. We retrieved 6914 studies published from 2017 (January 1) until 2023 (December 31) from four academic databases, which we filtered down to 280 relevant primary studies.

Results: We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices addressing challenges. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts in developing principles and practices. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields (privacy, quality) and application domains (healthcare, software development, avionics). Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation.

Conclusion: Our findings highlight the need for an in-depth investigation of stakeholders’ roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice. 

Place, publisher, year, edition, pages
Elsevier, 2025
Keywords
Compliance requirements, Regulatory compliance, Regulatory requirements engineering, Requirements engineering, Secondary research, Software compliance, Software engineering, Computer aided software engineering, Computer software reusability, Computer software selection and evaluation, Mapping, Software design, Software quality, Compliance requirement, Principles and practices, Process areas, Product and services, Regulatory requirement engineering, Regulatory requirements, Requirement engineering, Secondary researches, Application programs
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-27180 (URN)10.1016/j.infsof.2024.107622 (DOI)001360553400001 ()2-s2.0-85209250611 (Scopus ID)
Available from: 2024-11-29 Created: 2024-11-29 Last updated: 2024-12-02Bibliographically approved
Peixoto, M., Gorschek, T., Mendez, D., Fucci, D. & Silva, C. (2024). A natural language-based method to specify privacy requirements: an evaluation with practitioners. Requirements Engineering, 29(3), 279-301
Open this publication in new window or tab >>A natural language-based method to specify privacy requirements: an evaluation with practitioners
Show others...
2024 (English)In: Requirements Engineering, ISSN 0947-3602, E-ISSN 1432-010X, Vol. 29, no 3, p. 279-301Article in journal (Refereed) Published
Abstract [en]

Organisations are becoming concerned with effectively dealing with privacy-related requirements. Existing Requirements Engineering methods based on structured natural language suffer from several limitations both in eliciting and specifying privacy requirements. In our previous study, we proposed a structured natural-language approach called the “Privacy Criteria Method” (PCM), which demonstrates potential advantages over user stories. Our goal is to present a PCM evaluation that focused on the opinions of software practitioners from different companies on PCM’s ability to support the specification of privacy requirements and the quality of the privacy requirements specifications produced by these software practitioners. We conducted a multiple case study to evaluate PCM in four different industrial contexts. We gathered and analysed the opinions of 21 practitioners on PCM usage regarding Coverage, Applicability, Usefulness, and Scalability. Moreover, we assessed the syntactic and semantic quality of the PCM artifacts produced by these practitioners. PCM can aid developers in elaborating requirements specifications focused on privacy with good quality. The practitioners found PCM to be useful for their companies’ development processes. PCM is considered a promising method for specifying privacy requirements. Some slight extensions of PCM may be required to tailor the method to the characteristics of the company. © The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature 2024.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024
Keywords
Empirical study, Privacy criteria method, Privacy requirements specification, Software development, Quality control, Requirements engineering, Semantics, Software design, Empirical studies, Engineering methods, Natural languages, Privacy requirement specification, Privacy requirements, Requirement engineering, Requirements specifications, Software practitioners, User stories, Specifications
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-26772 (URN)10.1007/s00766-024-00428-z (DOI)001272283700001 ()2-s2.0-85198939572 (Scopus ID)
Funder
Knowledge Foundation, 20180010
Available from: 2024-08-09 Created: 2024-08-09 Last updated: 2024-09-19Bibliographically approved
Jedrzejewski, F., Thode, L., Fischbach, J., Gorschek, T., Mendez, D. & Lavesson, N. (2024). Adversarial Machine Learning in Industry: A Systematic Literature Review. Computers & security (Print), 145, Article ID 103988.
Open this publication in new window or tab >>Adversarial Machine Learning in Industry: A Systematic Literature Review
Show others...
2024 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 145, article id 103988Article, review/survey (Refereed) Published
Abstract [en]

Adversarial Machine Learning (AML) discusses the act of attacking and defending Machine Learning (ML) Models, an essential building block of Artificial Intelligence (AI). ML is applied in many software-intensive products and services and introduces new opportunities and security challenges. AI and ML will gain even more attention from the industry in the future, but threats caused by already-discovered attacks specifically targeting ML models are either overseen, ignored, or mishandled. Current AML research investigates attack and defense scenarios for ML in different industrial settings with a varying degree of maturity with regard to academic rigor and practical relevance. However, to the best of our knowledge, a synthesis of the state of academic rigor and practical relevance is missing. This literature study reviews studies in the area of AML in the context of industry, measuring and analyzing each study's rigor and relevance scores. Overall, all studies scored a high rigor score and a low relevance score, indicating that the studies are thoroughly designed and documented but miss the opportunity to include touch points relatable for practitioners. © 2024 The Author(s)

Place, publisher, year, edition, pages
Elsevier, 2024
Keywords
Adversarial machine learning, Industry, Relevance, Rigor, State of evidence, Industrial research, Building blockes, Machine learning models, Machine-learning, Product and services, Relevance score, Systematic literature review, Machine learning
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-26820 (URN)10.1016/j.cose.2024.103988 (DOI)001290393300001 ()2-s2.0-85200501059 (Scopus ID)
Funder
Knowledge Foundation, 20180010
Available from: 2024-08-16 Created: 2024-08-16 Last updated: 2024-08-23Bibliographically approved
Zimelewicz, E., Kalinowski, M., Mendez, D., Giray, G., Santos Alves, A. P., Lavesson, N., . . . Gorschek, T. (2024). ML-Enabled Systems Model Deployment and Monitoring: Status Quo and Problems. In: Peter Bludau, Rudolf Ramler, Dietmar Winkler, Johannes Bergsmann (Ed.), Software Quality as a Foundation for Security: . Paper presented at 16th International Conference on Software Quality, SWQD 2024, Vienna, 23 April through 25 April 2024 (pp. 112-131). Springer Science+Business Media B.V.
Open this publication in new window or tab >>ML-Enabled Systems Model Deployment and Monitoring: Status Quo and Problems
Show others...
2024 (English)In: Software Quality as a Foundation for Security / [ed] Peter Bludau, Rudolf Ramler, Dietmar Winkler, Johannes Bergsmann, Springer Science+Business Media B.V., 2024, p. 112-131Conference paper, Published paper (Refereed)
Abstract [en]

Systems that incorporate Machine Learning (ML) models, often referred to as ML-enabled systems, have become commonplace. However, empirical evidence on how ML-enabled systems are engineered in practice is still limited; this is especially true for activities surrounding ML model dissemination. [Goal] We investigate contemporary industrial practices and problems related to ML model dissemination, focusing on the model deployment and the monitoring ML life cycle phases. [Method] We conducted an international survey to gather practitioner insights on how ML-enabled systems are engineered. We gathered a total of 188 complete responses from 25 countries. We analyze the status quo and problems reported for the model deployment and monitoring phases. We analyzed contemporary practices using bootstrapping with confidence intervals and conducted qualitative analyses on the reported problems applying open and axial coding procedures. [Results] Practitioners perceive the model deployment and monitoring phases as relevant and difficult. With respect to model deployment, models are typically deployed as separate services, with limited adoption of MLOps principles. Reported problems include difficulties in designing the architecture of the infrastructure for production deployment and legacy application integration. Concerning model monitoring, many models in production are not monitored. The main monitored aspects are inputs, outputs, and decisions. Reported problems involve the absence of monitoring practices, the need to create custom monitoring tools, and the selection of suitable metrics. [Conclusion] Our results help provide a better understanding of the adopted practices and problems in practice and support guiding ML deployment and monitoring research in a problem-driven manner. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024
Series
Lecture Notes in Business Information Processing, ISSN 18651348, E-ISSN 18651356 ; 505
Keywords
Deployment, Machine Learning, Monitoring, Life cycle, Statistical methods, Complete response, Contemporary practices, Industrial practices, Industrial problem, International survey, Machine learning models, Machine-learning, Status quo, System models
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-26219 (URN)10.1007/978-3-031-56281-5_7 (DOI)001267936400007 ()2-s2.0-85192177513 (Scopus ID)9783031562808 (ISBN)
Conference
16th International Conference on Software Quality, SWQD 2024, Vienna, 23 April through 25 April 2024
Available from: 2024-05-22 Created: 2024-05-22 Last updated: 2024-09-16Bibliographically approved
Kosenkov, O., Unterkalmsteiner, M., Mendez, D., Fucci, D., Gorschek, T. & Fischbach, J. (2024). On Developing an Artifact-Based Approach to Regulatory Requirements Engineering. In: Liebel, G, Hadar I, Spoletini, P (Ed.), Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024: . Paper presented at 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024, Reykjavik, June 24-28 2024 (pp. 262-271). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>On Developing an Artifact-Based Approach to Regulatory Requirements Engineering
Show others...
2024 (English)In: Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024 / [ed] Liebel, G, Hadar I, Spoletini, P, Institute of Electrical and Electronics Engineers (IEEE), 2024, p. 262-271Conference paper, Published paper (Refereed)
Abstract [en]

Context: Regulatory acts are a challenging source when eliciting, interpreting, and analyzing requirements. Requirements engineers often need to involve legal experts who, however, may often not be available. This raises the need for approaches to regulatory Requirements Engineering (RE) covering and integrating both legal and engineering perspectives. Problem: Regulatory RE approaches need to capture and reflect both the elementary concepts and relationships from a legal perspective and their seamless transition to concepts used to specify software requirements. No existing approach considers explicating and managing legal domain knowledge and engineering-legal coordination. Method: We conducted focus group sessions with legal researchers to identify the core challenges to establishing a regulatory RE approach. Based on our findings, we developed a candidate solution and conducted a first conceptual validation to assess its feasibility. Results: We introduce the first version of our Artifact Model for Regulatory Requirements Engineering (AM4RRE) and its conceptual foundation. It provides a blueprint for applying legal (modelling) concepts and well-established RE concepts. Our initial results suggest that artifact-centric RE can be applied to managing legal domain knowledge and engineering-legal coordination. Conclusions: The focus groups that served as a basis for building our model and the results from the expert validation both strengthen our confidence that we already provide a valuable basis for systematically integrating legal concepts into RE. This overcomes contemporary challenges to regulatory RE and serves as a basis for exposure to critical discussions in the community before continuing with the development of tool-supported extensions and large-scale empirical evaluations in practice. © 2024 IEEE.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2024
Series
IEEE International Requirements Engineering Conference Workshops, ISSN 2770-6826
Keywords
engineering-legal coordination, legal domain knowledge, regulatory requirement engineering, requirements engineering, software compliance, Reengineering, Domain engineering, Domain knowledge, Legal domains, Regulatory requirements, Requirement engineering
National Category
Software Engineering Law and Society
Identifiers
urn:nbn:se:bth-26910 (URN)10.1109/REW61692.2024.00041 (DOI)001304537500035 ()2-s2.0-85203106811 (Scopus ID)9798350395518 (ISBN)
Conference
32nd IEEE International Requirements Engineering Conference Workshops, REW 2024, Reykjavik, June 24-28 2024
Funder
Knowledge Foundation, 20180010
Available from: 2024-09-16 Created: 2024-09-16 Last updated: 2024-10-28Bibliographically approved
Alves, A. P., Kalinowski, M., Giray, G., Mendez, D., Lavesson, N., Azevedo, K., . . . Gorschek, T. (2024). Status Quo and Problems of Requirements Engineering for Machine Learning: Results from an International Survey. In: Regine Kadgien, Andreas Jedlitschka, Andrea Janes, Valentina Lenarduzzi, Xiaozhou Li (Ed.), Product-Focused Software Process Improvement: Proceedings, Part I. Paper presented at 24th International Conference on Product-Focused Software Process Improvement, PROFES 2023, Dornbirn, Dec 11-13, 2023 (pp. 159-174). Springer Science+Business Media B.V.
Open this publication in new window or tab >>Status Quo and Problems of Requirements Engineering for Machine Learning: Results from an International Survey
Show others...
2024 (English)In: Product-Focused Software Process Improvement: Proceedings, Part I / [ed] Regine Kadgien, Andreas Jedlitschka, Andrea Janes, Valentina Lenarduzzi, Xiaozhou Li, Springer Science+Business Media B.V., 2024, p. 159-174Conference paper, Published paper (Refereed)
Abstract [en]

Systems that use Machine Learning (ML) have become commonplace for companies that want to improve their products and processes. Literature suggests that Requirements Engineering (RE) can help address many problems when engineering ML-enabled systems. However, the state of empirical evidence on how RE is applied in practice in the context of ML-enabled systems is mainly dominated by isolated case studies with limited generalizability. We conducted an international survey to gather practitioner insights into the status quo and problems of RE in ML-enabled systems. We gathered 188 complete responses from 25 countries. We conducted quantitative statistical analyses on contemporary practices using bootstrapping with confidence intervals and qualitative analyses on the reported problems involving open and axial coding procedures. We found significant differences in RE practices within ML projects. For instance, (i) RE-related activities are mostly conducted by project leaders and data scientists, (ii) the prevalent requirements documentation format concerns interactive Notebooks, (iii) the main focus of non-functional requirements includes data quality, model reliability, and model explainability, and (iv) main challenges include managing customer expectations and aligning requirements with data. The qualitative analyses revealed that practitioners face problems related to lack of business domain understanding, unclear goals and requirements, low customer engagement, and communication issues. These results help to provide a better understanding of the adopted practices and of which problems exist in practical environments. We put forward the need to adapt further and disseminate RE-related practices for engineering ML-enabled systems. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024
Series
Lecture Notes in Computer Science (LNCS), ISSN 0302-9743, E-ISSN 1611-3349 ; 14483
Keywords
Machine Learning, Requirements Engineering, Survey, Computer software selection and evaluation, Case-studies, Complete response, Confidence interval analysis, Contemporary practices, Engineering machines, International survey, Machine-learning, Qualitative analysis, Requirement engineering, Status quo
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-27230 (URN)10.1007/978-3-031-49266-2_11 (DOI)2-s2.0-85190065443 (Scopus ID)9783031492655 (ISBN)
Conference
24th International Conference on Product-Focused Software Process Improvement, PROFES 2023, Dornbirn, Dec 11-13, 2023
Available from: 2024-12-11 Created: 2024-12-11 Last updated: 2024-12-11Bibliographically approved
Peixoto, M., Gorschek, T., Mendez, D., Silva, C. & Fucci, D. (2024). The Perspective of Agile Software Developers on Data Privacy. Journal of Software: Evolution and Process
Open this publication in new window or tab >>The Perspective of Agile Software Developers on Data Privacy
Show others...
2024 (English)In: Journal of Software: Evolution and Process, ISSN 2047-7473, E-ISSN 2047-7481Article in journal (Refereed) Epub ahead of print
Abstract [en]

Recent studies have shown that many software developers do not have sufficient knowledge and understanding of how to develop a privacy-friendly system. This may become a challenge in developing systems complying with data protection laws. To address this issue, we investigated the factors that influence developers' decision-making when developing privacy-sensitive systems.

We conducted an empirical study by means of a survey with 109 practitioners. Our data analysis is based on the principles of social cognitive theory, which includes personal, behavioral, and external environmental factors.

We identified six personal, five behavioral, and five external environment factors that affect how developers make decisions regarding privacy, including confusion between privacy and security and reliance on informal practices and organizational support gaps. These findings contribute to understanding how practitioners and companies consider privacy, showing improvements in formal training and structured support over previous studies yet highlighting persistent challenges in consistent privacy integration. 

Place, publisher, year, edition, pages
John Wiley & Sons, 2024
Keywords
empirical study, privacy, software development, Agile softwares, Data protection laws, Decisions makings, Empirical studies, Environmental factors, External environments, Sensitive systems, Social cognitive theory, Software developer, Differential privacy
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-27356 (URN)10.1002/smr.2755 (DOI)001389574100001 ()2-s2.0-85212760764 (Scopus ID)
Funder
Knowledge Foundation, 20180010
Available from: 2025-01-03 Created: 2025-01-03 Last updated: 2025-01-17Bibliographically approved
Yu, L., Alégroth, E., Chatzipetrou, P. & Gorschek, T. (2024). Visualizing CI’s role in software quality attribute evaluation: A Roadmap for Using Continuous Integration Environments. Communications of the ACM, 67(6), 82-90
Open this publication in new window or tab >>Visualizing CI’s role in software quality attribute evaluation: A Roadmap for Using Continuous Integration Environments
2024 (English)In: Communications of the ACM, ISSN 0001-0782, E-ISSN 1557-7317, Vol. 67, no 6, p. 82-90Article in journal (Refereed) Published
Abstract [en]

Quality attributes of software systems, also known as system qualities, such as performance, security, and scalability, continue to grow in importance in industrial practice. The evaluation of quality attributes is critical to software development since optimizing a software system’s core attributes can provide marketing advantage and set a product apart from its competitors. Many existing studies of unsuccessful development projects report that lack of quality attribute evaluation is often a contributing factor of project failure. Therefore, continuous quality attribute evaluation, throughout the development process, is needed to ensure customers’ expectations and demands are met.

Manual evaluation of software attributes is common in many software development companies, but it has proven to be insufficient in meeting the demands of rapid releases and high-quality expectations from customers. Automated practices have therefore gained widespread popularity as a solution to enhance efficiency, reduce costs, and increase accuracy compared to manual evaluation.

One way to automate the evaluation is using continuous integration (CI) environments. The CI environment provides several benefits, such as fast feedback on code quality, early detection of quality defects, and visualization of system quality trends. As such, these environments inherently offer organizations the opportunity to continuously monitor the quality of their software systems. However, an immature automation process can result in negative outcomes, such as cost and schedule overruns, slow feedback loops, and delayed releases.

To improve the evaluation process, prior studies have investigated different key areas, including knowledge, processes, tools, and metrics. While leveraging these areas can have a positive impact on quality evaluation, to the best of our knowledge, there is a lack of frameworks that link CI environment knowledge, metrics, and evolution together.

In this article, we aim to fill this gap by presenting the state-of-practice of using CI environments for the evaluation of quality attributes. This is achieved through an industrial study at four partner companies. Study results show that metrics acquired from CI components have a positive effect on evaluating quality requirements. Through analyzing these results, we propose a model by providing guidelines to mature existing CI environments that organizations can use for quality improvements.

As such, we claim the following contributions of this study:

A generic model of how CI environments contribute to quality attribute evaluation.

Empirical evidence that demonstrates how CI components can be used to produce data supporting the evaluation of quality attributes with metrics.

A model, derived from the study results, which provides decision support to evolve software quality evaluation through CI environments over time. © 2024 Owner/Author.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2024
Keywords
Attribute evaluation, Continuous integrations, Integration environments, Roadmap, Software quality attributes, Computer software selection and evaluation
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-26367 (URN)10.1145/3631519 (DOI)001240956100025 ()2-s2.0-85194381501 (Scopus ID)
Available from: 2024-06-17 Created: 2024-06-17 Last updated: 2024-08-05Bibliographically approved
Zabardast, E., Gonzalez-Huerta, J., Gorschek, T., Šmite, D., Alégroth, E. & Fagerholm, F. (2023). A taxonomy of assets for the development of software-intensive products and services. Journal of Systems and Software, 202, Article ID 111701.
Open this publication in new window or tab >>A taxonomy of assets for the development of software-intensive products and services
Show others...
2023 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 202, article id 111701Article in journal (Refereed) Published
Abstract [en]

Context:Developing software-intensive products or services usually involves a plethora of software artefacts. Assets are artefacts intended to be used more than once and have value for organisations; examples include test cases, code, requirements, and documentation. During the development process, assets might degrade, affecting the effectiveness and efficiency of the development process. Therefore, assets are an investment that requires continuous management.

Identifying assets is the first step for their effective management. However, there is a lack of awareness of what assets and types of assets are common in software-developing organisations. Most types of assets are understudied, and their state of quality and how they degrade over time have not been well-understood.

Methods:We performed an analysis of secondary literature and a field study at five companies to investigate and identify assets to fill the gap in research. The results were analysed qualitatively and summarised in a taxonomy.

Results:We present the first comprehensive, structured, yet extendable taxonomy of assets, containing 57 types of assets.

Conclusions:The taxonomy serves as a foundation for identifying assets that are relevant for an organisation and enables the study of asset management and asset degradation concepts.

Place, publisher, year, edition, pages
Elsevier, 2023
Keywords
Assets in software engineering, Asset management in software engineering, Assets for software-intensive products or services, Taxonomy
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-24426 (URN)10.1016/j.jss.2023.111701 (DOI)000984121100001 ()2-s2.0-85152899759 (Scopus ID)
Funder
Knowledge Foundation, 20170176Knowledge Foundation, 20180010
Available from: 2023-04-11 Created: 2023-04-11 Last updated: 2023-06-02Bibliographically approved
Projects
PLEng – Professional Licentiate of Engineering School [20170213]; Blekinge Institute of Technology; Publications
Yu, L., Alégroth, E., Chatzipetrou, P. & Gorschek, T. (2023). Automated NFR testing in Continuous Integration Environments: a multi-case study of Nordic companies. Empirical Software Engineering, 28(6), Article ID 144. Sjöberg, P., Mendez, D. & Gorschek, T. (2023). Contemporary Challenges when Developing Cyber-Physical Systems of Systems - A Case Study. In: Proceedings - 2023 IEEE/ACM 11th International Workshop on Software Engineering for Systems-of-Systems and Software Ecosystems, SESoS 2023: . Paper presented at 11th IEEE/ACM International Workshop on Software Engineering for Systems-of-Systems and Software Ecosystems, SESoS 2023, Hybrid, Melbourne, 14 May 2023 (pp. 46-53). Institute of Electrical and Electronics Engineers (IEEE)Singh, S. P., Ali, N. b. & Lundberg, L. (2022). Smart and Adaptive Architecture for a Dedicated Internet of Things Network Comprised of Diverse Entities: A Proposal and Evaluation. Sensors, 22(8), Article ID 3017. Sundelin, A., Gonzalez-Huerta, J., Wnuk, K. & Gorschek, T. (2022). Towards an Anatomy of Software Craftsmanship. ACM Transactions on Software Engineering and Methodology, 31(1), Article ID 6. wilson, M. & Wnuk, K. (2018). Towards Multi-context Goal Modeling and Analysis with the Help of Intents. In: Moreira A.,Mussbacher G.,Sanchez P.,Araujo J. (Ed.), Proceedings - 2018 8th International Model-Driven Requirements Engineering Workshop, MoDRE 2018: . Paper presented at 8th International Model-Driven Requirements Engineering Workshop, MoDRE 2018; Banff; Canada; 20 August 2018 (pp. 68-72). IEEE Computer Society Digital Library, Article ID 8501496.
SERT- Software Engineering ReThought [20180010]; Blekinge Institute of Technology; Publications
Paudel, B., Gonzalez-Huerta, J., Mendez, D. & Klotins, E. (2025). A Data-Driven Approach to Optimize Internal Software Quality and Customer Value Delivery. In: Pfahl D., Anwar H., Gonzalez Huerta J., Klünder J. (Ed.), Product-Focused Software Process Improvement. Industry-, Workshop-, and Doctoral Symposium Papers: . Paper presented at 25th International Conference on Product-Focused Software Process Improvement, PROFES 2024, Tartu, Dec 2-4, 2024 (pp. 179-185). Springer Science+Business Media B.V., 15453Frattini, J., Fucci, D., Torkar, R., Montgomery, L., Unterkalmsteiner, M., Fischbach, J. & Mendez, D. (2025). Applying bayesian data analysis for causal inference about requirements quality: a controlled experiment. Empirical Software Engineering, 30(1), Article ID 29. Al-Saedi, A. A., Boeva, V. & Casalicchio, E. (2025). Contribution Prediction in Federated Learning via Client Behavior Evaluation. Future Generation Computer Systems, 166, Article ID 107639. Yu, L., Alégroth, E., Chatzipetrou, P. & Gorschek, T. (2025). Experience with Large Language Model Applications for Information Retrieval from Enterprise Proprietary Data. In: Dietmar Pfahl, Javier Gonzalez Huerta, Jil Klünder, Hina Anwar (Ed.), Product-Focused Software Process Improvement: . Paper presented at 25th International Conference on Product-Focused Software Process Improvement, PROFES 2024, Tartu, Dec 2-4, 2024 (pp. 92-107). Springer, 15452Frattini, J. (2025). Good-Enough Requirements Engineering. (Doctoral dissertation). Karlskrona: Blekinge Tekniska HögskolaSundelin, A., Gonzalez-Huerta, J., Torkar, R. & Wnuk, K. (2025). Governing the commons: code ownership and code-clones in large-scale software development. Empirical Software Engineering, 30(2), Article ID 43. Chatzipetrou, P., Šmite, D., Tkalich, A., Moe, N. B. & Klotins, E. (2025). Interest in Working Remotely: Is Gender a Factor?. In: Dietmar Pfahl, Javier Gonzalez Huerta, Jil Klünder, Hina Anwar (Ed.), Product-Focused Software Process Improvement: . Paper presented at 25th International Conference on Product-Focused Software Process Improvement, PROFES 2024, Tartu, Dec 2-4, 2024 (pp. 156-171). Springer, 15452Tran, H. K., Ali, N. b., Unterkalmsteiner, M., Börstler, J. & Chatzipetrou, P. (2025). Quality attributes of test cases and test suites - importance & challenges from practitioners' perspectives. Software quality journal, 33(1), Article ID 9. Coppola, R., Feldt, R., Nass, M. & Alégroth, E. (2025). Ranking approaches for similarity-based web element location. Journal of Systems and Software, 222, Article ID 112286. Dorner, M., Mendez, D., Wnuk, K., Zabardast, E. & Czerwonka, J. (2025). The upper bound of information diffusion in code review. Empirical Software Engineering, 30(1), Article ID 2.
Professional Master in Information Security (PROMIS) [20210026]; Blekinge Institute of Technology; Publications
Bendler, D. & Felderer, M. (2023). Competency Models for Information Security and Cybersecurity Professionals: Analysis of Existing Work and a New Model. ACM Transactions on Computing Education, 23(2), Article ID 25. Nygren, Å., Alégroth, E., Eriksson, A. & Pettersson, E. (2023). Does Previous Experience with Online Platforms Matter? A Survey about Online Learning across Study Programs. Education Sciences, 13(2), Article ID 181.
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-3646-235x

Search in DiVA

Show all publications