Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 25) Show all publications
Grossmann, J., Felderer, M., Viehmann, J. & Schieferdecker, I. (2020). A Taxonomy to Assess and Tailor Risk-Based Testing in Recent Testing Standards. IEEE Software, 37(1), 40-49
Open this publication in new window or tab >>A Taxonomy to Assess and Tailor Risk-Based Testing in Recent Testing Standards
2020 (English)In: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194, Vol. 37, no 1, p. 40-49Article in journal (Refereed) Published
Abstract [en]

This article provides a taxonomy for risk-based testing that serves as a tool to define, tailor, or assess such approaches. In this setting, the taxonomy is used to systematically identify deviations between the requirements from public standards and the individual testing approaches.

Place, publisher, year, edition, pages
IEEE COMPUTER SOC, 2020
Keywords
Testing, Risk management, Taxonomy, ISO Standards, Security, IEC Standards, Testing strategies, Test management, Security and Privacy Protection
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19131 (URN)10.1109/MS.2019.2915297 (DOI)000505601600007 ()
Available from: 2020-01-23 Created: 2020-01-23 Last updated: 2020-01-28Bibliographically approved
Garousi, V., Giray, G., Tuzun, E., Catal, C. & Felderer, M. (2020). Closing the Gap Between Software Engineering Education and Industrial Needs. IEEE Software, 7(2), 68-77
Open this publication in new window or tab >>Closing the Gap Between Software Engineering Education and Industrial Needs
Show others...
2020 (English)In: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194, Vol. 7, no 2, p. 68-77Article in journal (Refereed) Published
Abstract [en]

According to different reports, many recent software engineering graduates often face difficulties when beginning their professional careers, due to misalignment of the skills learnt in their university education with what is needed in industry. To address that need, many studies have been conducted to align software engineering education with industry needs. To synthesize that body of knowledge, we present in this paper a systematic literature review (SLR) which summarizes the findings of 33 studies in this area. By doing a meta-analysis of all those studies and using data from 12 countries and over 4,000 data points, this study will enable educators and hiring managers to adapt their education / hiring efforts to best prepare the software engineering workforce. IEEE

Place, publisher, year, edition, pages
IEEE Computer Society, 2020
Keywords
important skills, industry needs, knowledge gap, software engineering curriculum, Software engineering education, Curricula, Employment, Professional aspects, Software engineering, Engineering graduates, Knowledge gaps, Professional careers, Software engineering curricula, Systematic literature review (SLR), University education, Engineering education
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17771 (URN)10.1109/MS.2018.2880823 (DOI)000520152900012 ()2-s2.0-85062953507 (Scopus ID)
Available from: 2019-04-05 Created: 2019-04-05 Last updated: 2020-04-02Bibliographically approved
Garousi, V., Felderer, M., Kuhrmann, M., Herkiloglu, K. & Eldh, S. (2020). Exploring the industry's challenges in software testing: An empirical study. Journal of Software: Evolution and Process, Article ID e2251.
Open this publication in new window or tab >>Exploring the industry's challenges in software testing: An empirical study
Show others...
2020 (English)In: Journal of Software: Evolution and Process, ISSN 2047-7473, E-ISSN 2047-7481, article id e2251Article in journal (Refereed) Epub ahead of print
Abstract [en]

Context Software testing is an important and costly software engineering activity in the industry. Despite the efforts of the software testing research community in the last several decades, various studies show that still many practitioners in the industry report challenges in their software testing tasks. Objective To shed light on industry's challenges in software testing, we characterize and synthesize the challenges reported by practitioners. Such concrete challenges can then be used for a variety of purposes, eg, research collaborations between industry and academia. Method Our empirical research method is opinion survey. By designing an online survey, we solicited practitioners' opinions about their challenges in different testing activities. Our dataset includes data from 72 practitioners from eight different countries. Results Our results show that test management and test automation are considered the most challenging among all testing activities by practitioners. Our results also include a set of 104 concrete challenges in software testing that may need further investigations by the research community. Conclusion We conclude that the focal points of industrial work and academic research in software testing differ. Furthermore, the paper at hand provides valuable insights concerning practitioners' "pain" points and, thus, provides researchers with a source of important research topics of high practical relevance.

Place, publisher, year, edition, pages
WILEY, 2020
Keywords
challenges, opinion survey, software industry, software testing
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19225 (URN)10.1002/smr.2251 (DOI)000511327000001 ()
Available from: 2020-02-20 Created: 2020-02-20 Last updated: 2020-03-05Bibliographically approved
Sillaber, C., Waltl, B., Treiblmaier, H., Gallersdörfer, U. & Felderer, M. (2020). Laying the foundation for smart contract development: an integrated engineering process model. Information Systems and E-Business Management
Open this publication in new window or tab >>Laying the foundation for smart contract development: an integrated engineering process model
Show others...
2020 (English)In: Information Systems and E-Business Management, ISSN 1617-9846, E-ISSN 1617-9854Article in journal (Refereed) Epub ahead of print
Abstract [en]

Smart contracts are seen as the major building blocks for future autonomous blockchain- and Distributed Ledger Technology (DLT)-based applications. Engineering such contracts for trustless, append-only, and decentralized digital ledgers allows mutually distrustful parties to transform legal requirements into immutable and formalized rules. Previous experience shows this to be a challenging task due to demanding socio-technical ecosystems and the specificities of decentralized ledger technology. In this paper, we therefore develop an integrated process model for engineering DLT-based smart contracts that accounts for the specificities of DLT. This model was iteratively refined with the support of industry experts. The model explicitly accounts for the immutability of the trustless, append-only, and decentralized DLT ecosystem, and thereby overcomes certain limitations of traditional software engineering process models. More specifically, it consists of five successive and closely intertwined phases: conceptualization, implementation, approval, execution, and finalization. For each phase, the respective activities, roles, and artifacts are identified and discussed in detail. Applying such a model when engineering smart contracts will help software engineers and developers to better understand and streamline the engineering process of DLTs in general and blockchain in particular. Furthermore, this model serves as a generic framework which will support application development in all fields in which DLT can be applied. © 2020, The Author(s).

Place, publisher, year, edition, pages
Springer, 2020
Keywords
Blockchain, Design science, Development process model, Distributed ledger technology, Smart contract, Software engineering, Survey, Trustless append-only decentralized digital ledgers (TADDL)
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19235 (URN)10.1007/s10257-020-00465-5 (DOI)000516000200001 ()2-s2.0-85079170235 (Scopus ID)
Available from: 2020-02-20 Created: 2020-02-20 Last updated: 2020-03-19Bibliographically approved
Garousi, V., Felderer, M. & Nur Kılıçaslan, F. N. (2019). A survey on software testability. Information and Software Technology, 108, 35-64
Open this publication in new window or tab >>A survey on software testability
2019 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 108, p. 35-64Article in journal (Refereed) Published
Abstract [en]

Context: Software testability is the degree to which a software system or a unit under test supports its own testing. To predict and improve software testability, a large number of techniques and metrics have been proposed by both practitioners and researchers in the last several decades. Reviewing and getting an overview of the entire state-of-the-art and state-of-the-practice in this area is often challenging for a practitioner or a new researcher. Objective: Our objective is to summarize the body of knowledge in this area and to benefit the readers (both practitioners and researchers) in preparing, measuring and improving software testability. Method: To address the above need, the authors conducted a survey in the form of a systematic literature mapping (classification) to find out what we as a community know about this topic. After compiling an initial pool of 303 papers, and applying a set of inclusion/exclusion criteria, our final pool included 208 papers (published between 1982 and 2017). Results: The area of software testability has been comprehensively studied by researchers and practitioners. Approaches for measurement of testability and improvement of testability are the most-frequently addressed in the papers. The two most often mentioned factors affecting testability are observability and controllability. Common ways to improve testability are testability transformation, improving observability, adding assertions, and improving controllability.Conclusion: This paper serves for both researchers and practitioners as an "index" to the vast body of knowledge in the area of testability. The results could help practitioners measure and improve software testability in their projects. To assess potential benefits of this review paper, we shared its draft version with two of our industrial collaborators. They stated that they found the review useful and beneficial in their testing activities. Our results can also benefit researchers in observing the trends in this area and identify the topics that require further investigation.

Place, publisher, year, edition, pages
Elsevier, 2019
Keywords
software testing, software testability, survey, systematic, literature mapping, systematic literature review, systematic mapping
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17446 (URN)10.1016/j.infsof.2018.12.003 (DOI)000459366200003 ()
Available from: 2019-01-02 Created: 2019-01-02 Last updated: 2019-03-07Bibliographically approved
Garousi, V., Giray, G., Tüzün, E., Catal, C. & Felderer, M. (2019). Aligning software engineering education with industrial needs: A meta-analysis. Journal of Systems and Software, 156, 65-83
Open this publication in new window or tab >>Aligning software engineering education with industrial needs: A meta-analysis
Show others...
2019 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 156, p. 65-83Article in journal (Refereed) Published
Abstract [en]

Context: According to various reports, many software engineering (SE) graduates often face difficulties when beginning their careers, which is mainly due to misalignment of the skills learned in university education with what is needed in the software industry. Objective: Our objective is to perform a meta-analysis to aggregate the results of the studies published in this area to provide a consolidated view on how to align SE education with industry needs, to identify the most important skills and also existing knowledge gaps. Method: To synthesize the body of knowledge, we performed a systematic literature review (SLR), in which we systematically selected a pool of 35 studies and then conducted a meta-analysis using data extracted from those studies. Results: Via a meta-analysis and using data from 13 countries and over 4,000 data points, highlights of the SLR include: (1) software requirements, design, and testing are the most important skills; and (2) the greatest knowledge gaps are in configuration management, SE models and methods, SE process, design (and architecture), as well as in testing. Conclusion: This paper provides implications for both educators and hiring managers by listing the most important SE skills and the knowledge gaps in the industry. © 2019 Elsevier Inc.

Place, publisher, year, edition, pages
Elsevier Inc., 2019
Keywords
Important skills, Industry needs, Knowledge gap, Meta-analysis, Software engineering education, Systematic literature review (SLR), Engineering education, Professional aspects, Software engineering, Software testing, Well testing, Knowledge gaps, Meta analysis, Information management
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-18210 (URN)10.1016/j.jss.2019.06.044 (DOI)000483658000005 ()2-s2.0-85067367468 (Scopus ID)
Available from: 2019-06-27 Created: 2019-06-27 Last updated: 2019-10-09Bibliographically approved
Sauerwein, C., Pekaric, I., Felderer, M. & Breu, R. (2019). An Analysis and Classification of Public Information Security Data Sources used in Research and Practice. Computers & security (Print), 82, 140-155
Open this publication in new window or tab >>An Analysis and Classification of Public Information Security Data Sources used in Research and Practice
2019 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 82, p. 140-155Article in journal (Refereed) Published
Abstract [en]

In order to counteract today’s sophisticated and increasing number of cyber threats the timely acquisition of information regarding vulnerabilities, attacks, threats, countermeasures and risks is crucial. Therefore, employees tasked with information security risk management processes rely on a variety of information security data sources, ranging from inter-organizational threat intelligence sharing platforms to public information security data sources, such as mailing lists or expert blogs. However, research and practice lack a comprehensive overview about these public information security data sources, their characteristics and dependencies. Moreover, comprehensive knowledge about these sources would be beneficial to systematically use and integrate them to information security processes. In this paper, a triangulation study is conducted to identify and analyze public information security data sources. Furthermore, a taxonomy is introduced to classify and compare these data sources based on the following six dimensions: (1) Type of information, (2) Integrability, (3) Timeliness, (4) Originality, (5) Type of Source,and (6) Trustworthiness. In total, 68 public information security data sources were identified and classified. The investigations showed that research and practice rely on a large variety of heterogeneous information security data sources, which makes it more difficult to integrate and use them for information security and risk management processes.

Place, publisher, year, edition, pages
Elsevier, 2019
Keywords
Cyber Threat Intelligence Sharing, Cyber Security Information Source, Taxonomy, Classification, Characteristic, Information Security and Risk Management, Data Format, Research, Practice
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17447 (URN)10.1016/j.cose.2018.12.011 (DOI)000459525800009 ()
Available from: 2019-01-02 Created: 2019-01-02 Last updated: 2019-03-21Bibliographically approved
Garousi, V., Pfahl, D., Fernandes, J., Felderer, M., Mäntylä, M., Shepherd, D., . . . Tekinerdogan, B. (2019). Characterizing industry-academia collaborations in software engineering: evidence from 101 projects. Journal of Empirical Software Engineering, 24(4), 2540-2602
Open this publication in new window or tab >>Characterizing industry-academia collaborations in software engineering: evidence from 101 projects
Show others...
2019 (English)In: Journal of Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 24, no 4, p. 2540-2602Article in journal (Refereed) Published
Abstract [en]

Research collaboration between industry and academia supports improvement and innovation in industry and helps ensure the industrial relevance of academic research. However, many researchers and practitioners in the community believe that the level of joint industry-academia collaboration (IAC) projects in Software Engineering (SE) research is relatively low, creating a barrier between research and practice. The goal of the empirical study reported in this paper is to explore and characterize the state of IAC with respect to industrial needs, developed solutions, impacts of the projects and also a set of challenges, patterns and anti-patterns identified by a recent Systematic Literature Review (SLR) study. To address the above goal, we conducted an opinion survey among researchers and practitioners with respect to their experience in IAC. Our dataset includes 101 data points from IAC projects conducted in 21 different countries. Our findings include: (1) the most popular topics of the IAC projects, in the dataset, are: software testing, quality, process, and project managements; (2) over 90% of IAC projects result in at least one publication; (3) almost 50% of IACs are initiated by industry, busting the myth that industry tends to avoid IACs; and (4) 61% of the IAC projects report having a positive impact on their industrial context, while 31% report no noticeable impacts or were “not sure”. To improve this situation, we present evidence-based recommendations to increase the success of IAC projects, such as the importance of testing pilot solutions before using them in industry. This study aims to contribute to the body of evidence in the area of IAC, and benefit researchers and practitioners. Using the data and evidence presented in this paper, they can conduct more successful IAC projects in SE by being aware of the challenges and how to overcome them, by applying best practices (patterns), and by preventing anti-patterns. © 2019, The Author(s).

Place, publisher, year, edition, pages
Springer New York LLC, 2019
Keywords
Anti-patterns, Best practices, Challenges, Empirical study, Evidence, Industry-academia collaborations, Patterns, Software engineering, Industrial research, Software testing, Statistical tests, Empirical studies, Project management
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-17897 (URN)10.1007/s10664-019-09711-y (DOI)000477582700024 ()2-s2.0-85064827278 (Scopus ID)
Available from: 2019-05-21 Created: 2019-05-21 Last updated: 2019-09-10Bibliographically approved
Sulaman, S. M., Beer, A., Felderer, M. & Höst, M. (2019). Comparison of the FMEA and STPA safety analysis methods: a case study. Software quality journal, 27(1), 349-387
Open this publication in new window or tab >>Comparison of the FMEA and STPA safety analysis methods: a case study
2019 (English)In: Software quality journal, ISSN 0963-9314, E-ISSN 1573-1367, Vol. 27, no 1, p. 349-387Article in journal (Refereed) Published
Abstract [en]

As our society becomes more and more dependent on IT systems, failures of these systems can harm more and more people and organizations. Diligently performing risk and hazard analysis helps to minimize the potential harm of IT system failures on the society and increases the probability of their undisturbed operation. Risk and hazard analysis is an important activity for the development and operation of critical software intensive systems, but the increased complexity and size puts additional requirements on the effectiveness of risk and hazard analysis methods. This paper presents a qualitative comparison of two hazard analysis methods, failure mode and effect analysis (FMEA) and system theoretic process analysis (STPA), using case study research methodology. Both methods have been applied on the same forward collision avoidance system to compare the effectiveness of the methods and to investigate what are the main differences between them. Furthermore, this study also evaluates the analysis process of both methods by using a qualitative criteria derived from the technology acceptance model (TAM). The results of the FMEA analysis were compared to the results of the STPA analysis, which were presented in a previous study. Both analyses were conducted on the same forward collision avoidance system. The comparison shows that FMEA and STPA deliver similar analysis results.

Place, publisher, year, edition, pages
Springer, 2019
Keywords
Hazard analysis, Safety analysis, Critical systems, Failure mode and effect analysis, System theoretic process analysis
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-15664 (URN)10.1007/s11219-017-9396-0 (DOI)000462236000010 ()
Note

open access

Available from: 2017-12-17 Created: 2017-12-17 Last updated: 2019-04-18Bibliographically approved
Felderer, M. & Herrmann, A. (2019). Comprehensibility of system models during test design: A controlled experiment comparing UML activity diagrams and state machines. Software quality journal, 27(1), 125-147
Open this publication in new window or tab >>Comprehensibility of system models during test design: A controlled experiment comparing UML activity diagrams and state machines
2019 (English)In: Software quality journal, ISSN 0963-9314, E-ISSN 1573-1367, Vol. 27, no 1, p. 125-147Article in journal (Refereed) Published
Abstract [en]

UML activity diagrams and state machines are both used for modeling system behavior from the user perspective and are frequently the basis for deriving system test cases. In practice, system test cases are often derived manually from UML activity diagrams or state machines. For this task, comprehensibility of respective models is essential and a relevant question for practice to support model selection and design, as well as subsequent test derivation. Therefore, the objective of this paper is to compare the comprehensibility of UML activity diagrams and state machines during manual test case derivation. We investigate the comprehensibility of UML activity diagrams and state machines in a controlled student experiment. Three measures for comprehensibility have been investigated: (1) the self-assessed comprehensibility, (2) the actual comprehensibility measured by the correctness of answers to comprehensibility questions, and (3) the number of errors made during test case derivation. The experiment was performed and internally replicated with overall 84 participants divided into three groups at two institutions. Our experiment indicates that activity diagrams are more comprehensible but also more error-prone with regard to manual test case derivation and discusses how these results can improve system modeling and test case design.

Place, publisher, year, edition, pages
Springer, 2019
Keywords
UML models, System testing, System models, Test design, Model comprehensibility, Controlled experiment
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-16116 (URN)10.1007/s11219-018-9407-9 (DOI)000462236000004 ()
Funder
Knowledge Foundation, 20130085
Note

open access

Available from: 2018-04-24 Created: 2018-04-24 Last updated: 2019-04-18Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-3818-4442

Search in DiVA

Show all publications