Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 21) Show all publications
Garousi, V., Felderer, M. & Nur Kılıçaslan, F. N. (2019). A survey on software testability. Information and Software Technology, 108, 35-64
Open this publication in new window or tab >>A survey on software testability
2019 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 108, p. 35-64Article in journal (Refereed) Published
Abstract [en]

Context: Software testability is the degree to which a software system or a unit under test supports its own testing. To predict and improve software testability, a large number of techniques and metrics have been proposed by both practitioners and researchers in the last several decades. Reviewing and getting an overview of the entire state-of-the-art and state-of-the-practice in this area is often challenging for a practitioner or a new researcher. Objective: Our objective is to summarize the body of knowledge in this area and to benefit the readers (both practitioners and researchers) in preparing, measuring and improving software testability. Method: To address the above need, the authors conducted a survey in the form of a systematic literature mapping (classification) to find out what we as a community know about this topic. After compiling an initial pool of 303 papers, and applying a set of inclusion/exclusion criteria, our final pool included 208 papers (published between 1982 and 2017). Results: The area of software testability has been comprehensively studied by researchers and practitioners. Approaches for measurement of testability and improvement of testability are the most-frequently addressed in the papers. The two most often mentioned factors affecting testability are observability and controllability. Common ways to improve testability are testability transformation, improving observability, adding assertions, and improving controllability.Conclusion: This paper serves for both researchers and practitioners as an "index" to the vast body of knowledge in the area of testability. The results could help practitioners measure and improve software testability in their projects. To assess potential benefits of this review paper, we shared its draft version with two of our industrial collaborators. They stated that they found the review useful and beneficial in their testing activities. Our results can also benefit researchers in observing the trends in this area and identify the topics that require further investigation.

Place, publisher, year, edition, pages
Elsevier, 2019
Keywords
software testing, software testability, survey, systematic, literature mapping, systematic literature review, systematic mapping
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17446 (URN)10.1016/j.infsof.2018.12.003 (DOI)000459366200003 ()
Available from: 2019-01-02 Created: 2019-01-02 Last updated: 2019-03-07Bibliographically approved
Garousi, V., Giray, G., Tüzün, E., Catal, C. & Felderer, M. (2019). Aligning software engineering education with industrial needs: A meta-analysis. Journal of Systems and Software, 156, 65-83
Open this publication in new window or tab >>Aligning software engineering education with industrial needs: A meta-analysis
Show others...
2019 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 156, p. 65-83Article in journal (Refereed) Published
Abstract [en]

Context: According to various reports, many software engineering (SE) graduates often face difficulties when beginning their careers, which is mainly due to misalignment of the skills learned in university education with what is needed in the software industry. Objective: Our objective is to perform a meta-analysis to aggregate the results of the studies published in this area to provide a consolidated view on how to align SE education with industry needs, to identify the most important skills and also existing knowledge gaps. Method: To synthesize the body of knowledge, we performed a systematic literature review (SLR), in which we systematically selected a pool of 35 studies and then conducted a meta-analysis using data extracted from those studies. Results: Via a meta-analysis and using data from 13 countries and over 4,000 data points, highlights of the SLR include: (1) software requirements, design, and testing are the most important skills; and (2) the greatest knowledge gaps are in configuration management, SE models and methods, SE process, design (and architecture), as well as in testing. Conclusion: This paper provides implications for both educators and hiring managers by listing the most important SE skills and the knowledge gaps in the industry. © 2019 Elsevier Inc.

Place, publisher, year, edition, pages
Elsevier Inc., 2019
Keywords
Important skills, Industry needs, Knowledge gap, Meta-analysis, Software engineering education, Systematic literature review (SLR), Engineering education, Professional aspects, Software engineering, Software testing, Well testing, Knowledge gaps, Meta analysis, Information management
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-18210 (URN)10.1016/j.jss.2019.06.044 (DOI)000483658000005 ()2-s2.0-85067367468 (Scopus ID)
Available from: 2019-06-27 Created: 2019-06-27 Last updated: 2019-10-09Bibliographically approved
Sauerwein, C., Pekaric, I., Felderer, M. & Breu, R. (2019). An Analysis and Classification of Public Information Security Data Sources used in Research and Practice. Computers & security (Print), 82, 140-155
Open this publication in new window or tab >>An Analysis and Classification of Public Information Security Data Sources used in Research and Practice
2019 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 82, p. 140-155Article in journal (Refereed) Published
Abstract [en]

In order to counteract today’s sophisticated and increasing number of cyber threats the timely acquisition of information regarding vulnerabilities, attacks, threats, countermeasures and risks is crucial. Therefore, employees tasked with information security risk management processes rely on a variety of information security data sources, ranging from inter-organizational threat intelligence sharing platforms to public information security data sources, such as mailing lists or expert blogs. However, research and practice lack a comprehensive overview about these public information security data sources, their characteristics and dependencies. Moreover, comprehensive knowledge about these sources would be beneficial to systematically use and integrate them to information security processes. In this paper, a triangulation study is conducted to identify and analyze public information security data sources. Furthermore, a taxonomy is introduced to classify and compare these data sources based on the following six dimensions: (1) Type of information, (2) Integrability, (3) Timeliness, (4) Originality, (5) Type of Source,and (6) Trustworthiness. In total, 68 public information security data sources were identified and classified. The investigations showed that research and practice rely on a large variety of heterogeneous information security data sources, which makes it more difficult to integrate and use them for information security and risk management processes.

Place, publisher, year, edition, pages
Elsevier, 2019
Keywords
Cyber Threat Intelligence Sharing, Cyber Security Information Source, Taxonomy, Classification, Characteristic, Information Security and Risk Management, Data Format, Research, Practice
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17447 (URN)10.1016/j.cose.2018.12.011 (DOI)000459525800009 ()
Available from: 2019-01-02 Created: 2019-01-02 Last updated: 2019-03-21Bibliographically approved
Garousi, V., Pfahl, D., Fernandes, J., Felderer, M., Mäntylä, M., Shepherd, D., . . . Tekinerdogan, B. (2019). Characterizing industry-academia collaborations in software engineering: evidence from 101 projects. Journal of Empirical Software Engineering, 24(4), 2540-2602
Open this publication in new window or tab >>Characterizing industry-academia collaborations in software engineering: evidence from 101 projects
Show others...
2019 (English)In: Journal of Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 24, no 4, p. 2540-2602Article in journal (Refereed) Published
Abstract [en]

Research collaboration between industry and academia supports improvement and innovation in industry and helps ensure the industrial relevance of academic research. However, many researchers and practitioners in the community believe that the level of joint industry-academia collaboration (IAC) projects in Software Engineering (SE) research is relatively low, creating a barrier between research and practice. The goal of the empirical study reported in this paper is to explore and characterize the state of IAC with respect to industrial needs, developed solutions, impacts of the projects and also a set of challenges, patterns and anti-patterns identified by a recent Systematic Literature Review (SLR) study. To address the above goal, we conducted an opinion survey among researchers and practitioners with respect to their experience in IAC. Our dataset includes 101 data points from IAC projects conducted in 21 different countries. Our findings include: (1) the most popular topics of the IAC projects, in the dataset, are: software testing, quality, process, and project managements; (2) over 90% of IAC projects result in at least one publication; (3) almost 50% of IACs are initiated by industry, busting the myth that industry tends to avoid IACs; and (4) 61% of the IAC projects report having a positive impact on their industrial context, while 31% report no noticeable impacts or were “not sure”. To improve this situation, we present evidence-based recommendations to increase the success of IAC projects, such as the importance of testing pilot solutions before using them in industry. This study aims to contribute to the body of evidence in the area of IAC, and benefit researchers and practitioners. Using the data and evidence presented in this paper, they can conduct more successful IAC projects in SE by being aware of the challenges and how to overcome them, by applying best practices (patterns), and by preventing anti-patterns. © 2019, The Author(s).

Place, publisher, year, edition, pages
Springer New York LLC, 2019
Keywords
Anti-patterns, Best practices, Challenges, Empirical study, Evidence, Industry-academia collaborations, Patterns, Software engineering, Industrial research, Software testing, Statistical tests, Empirical studies, Project management
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17897 (URN)10.1007/s10664-019-09711-y (DOI)000477582700024 ()2-s2.0-85064827278 (Scopus ID)
Available from: 2019-05-21 Created: 2019-05-21 Last updated: 2019-09-10Bibliographically approved
Garousi, V., Giray, G., Tuzun, E., Catal, C. & Felderer, M. (2019). Closing the Gap Between Software Engineering Education and Industrial Needs. IEEE Software
Open this publication in new window or tab >>Closing the Gap Between Software Engineering Education and Industrial Needs
Show others...
2019 (English)In: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194Article in journal (Refereed) Epub ahead of print
Abstract [en]

According to different reports, many recent software engineering graduates often face difficulties when beginning their professional careers, due to misalignment of the skills learnt in their university education with what is needed in industry. To address that need, many studies have been conducted to align software engineering education with industry needs. To synthesize that body of knowledge, we present in this paper a systematic literature review (SLR) which summarizes the findings of 33 studies in this area. By doing a meta-analysis of all those studies and using data from 12 countries and over 4,000 data points, this study will enable educators and hiring managers to adapt their education / hiring efforts to best prepare the software engineering workforce. IEEE

Place, publisher, year, edition, pages
IEEE Computer Society, 2019
Keywords
important skills, industry needs, knowledge gap, software engineering curriculum, Software engineering education, Curricula, Employment, Professional aspects, Software engineering, Engineering graduates, Knowledge gaps, Professional careers, Software engineering curricula, Systematic literature review (SLR), University education, Engineering education
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17771 (URN)10.1109/MS.2018.2880823 (DOI)2-s2.0-85062953507 (Scopus ID)
Available from: 2019-04-05 Created: 2019-04-05 Last updated: 2019-04-05Bibliographically approved
Sulaman, S. M., Beer, A., Felderer, M. & Höst, M. (2019). Comparison of the FMEA and STPA safety analysis methods: a case study. Software quality journal, 27(1), 349-387
Open this publication in new window or tab >>Comparison of the FMEA and STPA safety analysis methods: a case study
2019 (English)In: Software quality journal, ISSN 0963-9314, E-ISSN 1573-1367, Vol. 27, no 1, p. 349-387Article in journal (Refereed) Published
Abstract [en]

As our society becomes more and more dependent on IT systems, failures of these systems can harm more and more people and organizations. Diligently performing risk and hazard analysis helps to minimize the potential harm of IT system failures on the society and increases the probability of their undisturbed operation. Risk and hazard analysis is an important activity for the development and operation of critical software intensive systems, but the increased complexity and size puts additional requirements on the effectiveness of risk and hazard analysis methods. This paper presents a qualitative comparison of two hazard analysis methods, failure mode and effect analysis (FMEA) and system theoretic process analysis (STPA), using case study research methodology. Both methods have been applied on the same forward collision avoidance system to compare the effectiveness of the methods and to investigate what are the main differences between them. Furthermore, this study also evaluates the analysis process of both methods by using a qualitative criteria derived from the technology acceptance model (TAM). The results of the FMEA analysis were compared to the results of the STPA analysis, which were presented in a previous study. Both analyses were conducted on the same forward collision avoidance system. The comparison shows that FMEA and STPA deliver similar analysis results.

Place, publisher, year, edition, pages
Springer, 2019
Keywords
Hazard analysis, Safety analysis, Critical systems, Failure mode and effect analysis, System theoretic process analysis
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-15664 (URN)10.1007/s11219-017-9396-0 (DOI)000462236000010 ()
Note

open access

Available from: 2017-12-17 Created: 2017-12-17 Last updated: 2019-04-18Bibliographically approved
Felderer, M. & Herrmann, A. (2019). Comprehensibility of system models during test design: A controlled experiment comparing UML activity diagrams and state machines. Software quality journal, 27(1), 125-147
Open this publication in new window or tab >>Comprehensibility of system models during test design: A controlled experiment comparing UML activity diagrams and state machines
2019 (English)In: Software quality journal, ISSN 0963-9314, E-ISSN 1573-1367, Vol. 27, no 1, p. 125-147Article in journal (Refereed) Published
Abstract [en]

UML activity diagrams and state machines are both used for modeling system behavior from the user perspective and are frequently the basis for deriving system test cases. In practice, system test cases are often derived manually from UML activity diagrams or state machines. For this task, comprehensibility of respective models is essential and a relevant question for practice to support model selection and design, as well as subsequent test derivation. Therefore, the objective of this paper is to compare the comprehensibility of UML activity diagrams and state machines during manual test case derivation. We investigate the comprehensibility of UML activity diagrams and state machines in a controlled student experiment. Three measures for comprehensibility have been investigated: (1) the self-assessed comprehensibility, (2) the actual comprehensibility measured by the correctness of answers to comprehensibility questions, and (3) the number of errors made during test case derivation. The experiment was performed and internally replicated with overall 84 participants divided into three groups at two institutions. Our experiment indicates that activity diagrams are more comprehensible but also more error-prone with regard to manual test case derivation and discusses how these results can improve system modeling and test case design.

Place, publisher, year, edition, pages
Springer, 2019
Keywords
UML models, System testing, System models, Test design, Model comprehensibility, Controlled experiment
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-16116 (URN)10.1007/s11219-018-9407-9 (DOI)000462236000004 ()
Funder
Knowledge Foundation, 20130085
Note

open access

Available from: 2018-04-24 Created: 2018-04-24 Last updated: 2019-04-18Bibliographically approved
Garousi, V., Felderer, M. & Mäntylä, M. (2019). Guidelines for including grey literature and conducting multivocal literature reviews in software engineering. Information and Software Technology, 106, 101-121
Open this publication in new window or tab >>Guidelines for including grey literature and conducting multivocal literature reviews in software engineering
2019 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 106, p. 101-121Article in journal (Refereed) Published
Abstract [en]

Context: A Multivocal Literature Review (MLR) is a form of a Systematic Literature Review (SLR) which includes the grey literature (e.g., blog posts, videos and white papers) in addition to the published (formal) literature (e.g., journal and conference papers). MLRs are useful for both researchers and practitioners since they provide summaries both the state-of-the art and –practice in a given area. MLRs are popular in other fields and have recently started to appear in software engineering (SE). As more MLR studies are conducted and reported, it is important to have a set of guidelines to ensure high quality of MLR processes and their results. Objective: There are several guidelines to conduct SLR studies in SE. However, several phases of MLRs differ from those of traditional SLRs, for instance with respect to the search process and source quality assessment. Therefore, SLR guidelines are only partially useful for conducting MLR studies. Our goal in this paper is to present guidelines on how to conduct MLR studies in SE. Method: To develop the MLR guidelines, we benefit from several inputs: (1) existing SLR guidelines in SE, (2), a literature survey of MLR guidelines and experience papers in other fields, and (3) our own experiences in conducting several MLRs in SE. We took the popular SLR guidelines of Kitchenham and Charters as the baseline and extended/adopted them to conduct MLR studies in SE. All derived guidelines are discussed in the context of an already-published MLR in SE as the running example. Results: The resulting guidelines cover all phases of conducting and reporting MLRs in SE from the planning phase, over conducting the review to the final reporting of the review. In particular, we believe that incorporating and adopting a vast set of experience-based recommendations from MLR guidelines and experience papers in other fields have enabled us to propose a set of guidelines with solid foundations. Conclusion: Having been developed on the basis of several types of experience and evidence, the provided MLR guidelines will support researchers to effectively and efficiently conduct new MLRs in any area of SE. The authors recommend the researchers to utilize these guidelines in their MLR studies and then share their lessons learned and experiences. © 2018

Place, publisher, year, edition, pages
Elsevier B.V., 2019
Keywords
Evidence-based software engineering, Grey literature, Guidelines, Literature study, Multivocal literature review, Systematic literature review, Systematic mapping study, Information systems, Evidence Based Software Engineering, Literature reviews, Literature studies, Systematic mapping studies, Software engineering
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17110 (URN)10.1016/j.infsof.2018.09.006 (DOI)000454381300006 ()
Available from: 2018-10-11 Created: 2018-10-11 Last updated: 2019-01-10
Felderer, M., Holmström Olsson, H. & Rabiser, R. (2019). Introduction to the special issue on quality engineering and management of software-intensive systems. Journal of Systems and Software, 149, 533-534
Open this publication in new window or tab >>Introduction to the special issue on quality engineering and management of software-intensive systems
2019 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 149, p. 533-534Article in journal, Editorial material (Refereed) Published
Place, publisher, year, edition, pages
Elsevier Inc., 2019
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17533 (URN)10.1016/j.jss.2018.12.019 (DOI)000457951800026 ()
Available from: 2019-01-28 Created: 2019-01-28 Last updated: 2019-02-21Bibliographically approved
Wagner, S., Fernandez, D. M., Felderer, M., Vetro, A., Kalinowski, M., Wieringa, R., . . . Winkler, D. (2019). Status Quo in Requirements Engineering: A Theory and a Global Family of Surveys. ACM Transactions on Software Engineering and Methodology, 28(2), Article ID 9.
Open this publication in new window or tab >>Status Quo in Requirements Engineering: A Theory and a Global Family of Surveys
Show others...
2019 (English)In: ACM Transactions on Software Engineering and Methodology, ISSN 1049-331X, E-ISSN 1557-7392, Vol. 28, no 2, article id 9Article in journal (Refereed) Published
Abstract [en]

Requirements Engineering (RE) has established itself as a software engineering discipline over the past decades. While researchers have been investigating the RE discipline with a plethora of empirical studies, attempts to systematically derive an empirical theory in context of the RE discipline have just recently been started. However, such a theory is needed if we are to define and motivate guidance in performing high quality RE research and practice. We aim at providing an empirical and externally valid foundation for a theory of RE practice, which helps software engineers establish effective and efficient RE processes in a problem-driven manner. We designed a survey instrument and an engineer-focused theory that was first piloted in Germany and, after making substantial modifications, has now been replicated in 10 countries worldwide. We have a theory in the form of a set of propositions inferred from our experiences and available studies, as well as the results from our pilot study in Germany. We evaluate the propositions with bootstrapped confidence intervals and derive potential explanations for the propositions. In this article, we report on the design of the family of surveys, its underlying theory, and the full results obtained from the replication studies conducted in 10 countries with participants from 228 organisations. Our results represent a substantial step forward towards developing an empirical theory of RE practice. The results reveal, for example, that there are no strong differences between organisations in different countries and regions, that interviews, facilitated meetings and prototyping are the most used elicitation techniques, that requirements are often documented textually, that traces between requirements and code or design documents are common, that requirements specifications themselves are rarely changed and that requirements engineering (process) improvement endeavours are mostly internally driven. Our study establishes a theory that can be used as starting point for many further studies for more detailed investigations. Practitioners can use the results as theory-supported guidance on selecting suitable RE methods and techniques.

Place, publisher, year, edition, pages
ASSOC COMPUTING MACHINERY, 2019
Keywords
Requirements engineering, theory, survey research, replication
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-18022 (URN)10.1145/3306607 (DOI)000468030900005 ()
Available from: 2019-06-14 Created: 2019-06-14 Last updated: 2019-06-14
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-3818-4442

Search in DiVA

Show all publications