Change search
Link to record
Permanent link

Direct link
BETA
Mendez, Daniel
Publications (6 of 6) Show all publications
Moyón, F., Bayr, C., Mendez, D., Dännart, S. & Beckers, K. (2020). A Light-Weight Tool for the Self-assessment of Security Compliance in Software Development: An Industry Case. In: Chatzigeorgiou A.,Dondi R.,Herodotou H.,Kapoutsis C.,Manolopoulos Y.,Papadopoulos G.A.,Sikora F. (Ed.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): . Paper presented at 46th International Conference on Current Trends in Theory and Practice of Computer Science, SOFSEM; Limassol; Cyprus; 20 January 2020 through 24 January 2020 (pp. 403-416). Springer
Open this publication in new window or tab >>A Light-Weight Tool for the Self-assessment of Security Compliance in Software Development: An Industry Case
Show others...
2020 (English)In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Chatzigeorgiou A.,Dondi R.,Herodotou H.,Kapoutsis C.,Manolopoulos Y.,Papadopoulos G.A.,Sikora F., Springer , 2020, p. 403-416Conference paper, Published paper (Refereed)
Abstract [en]

Companies are often challenged to modify and improve their software development processes in order to make them compliant with security standards. The complexity of these processes renders it difficult for practitioners to validate and foresee the effort required for compliance assessments. Further, performing gap analyses when processes are not yet mature enough is costly and involving auditors in early stages is, in our experience, often inefficient. An easier and more productive approach is conducting a self-assessment. However, practitioners, in particular developers, quality engineers, and product owners face difficulties to identify security-relevant process artifacts as required by standards. They would benefit from a proper and light-weight tool to perform early compliance assessments of their processes w.r.t. security standards before entering an in-depth audit. In this paper, we report on our current effort at Siemens Corporate Technology to develop such a light-weight assessment tool to assess the security compliance of software development processes with the IEC 62443-4-1 standard, and we discuss first results from an interview-based evaluation. © 2020, Springer Nature Switzerland AG.

Place, publisher, year, edition, pages
Springer, 2020
Keywords
Secure development process, Secure software engineering, Security assessment, Security standards, Tool-support, Computer software, Regulatory compliance, Development process, Tool support, Software design
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19236 (URN)10.1007/978-3-030-38919-2_33 (DOI)2-s2.0-85079091124 (Scopus ID)9783030389185 (ISBN)
Conference
46th International Conference on Current Trends in Theory and Practice of Computer Science, SOFSEM; Limassol; Cyprus; 20 January 2020 through 24 January 2020
Available from: 2020-02-20 Created: 2020-02-20 Last updated: 2020-02-20Bibliographically approved
Hehn, J., Mendez, D., Uebernickel, F., Brenner, W. & Broy, M. (2020). On Integrating Design Thinking for a Human-Centered Requirements Engineering. IEEE Software, 37(2), 25-31
Open this publication in new window or tab >>On Integrating Design Thinking for a Human-Centered Requirements Engineering
Show others...
2020 (English)In: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194, Vol. 37, no 2, p. 25-31Article in journal (Refereed) Published
Abstract [en]

In this position paper, we elaborate on the possibilities and needs to integrate Design Thinking into Requirements Engineering. We draw from our research and project experiences to compare what is understood as Design Thinking and Requirements Engineering considering their involved artifacts. We suggest three approaches for tailoring and integrating Design Thinking and Requirements Engineering with complementary synergies and point at open challenges for research and practice. IEEE

Place, publisher, year, edition, pages
IEEE Computer Society, 2020
Keywords
Design Thinking, Electronic mail, Organizations, Prototypes, Requirements engineering, Software, Tools, Computer software, Societies and institutions, Software engineering, Integrate designs, Integrating design, Position papers, Project experiences
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19055 (URN)10.1109/MS.2019.2957715 (DOI)000520152900006 ()2-s2.0-85076321949 (Scopus ID)
Available from: 2019-12-27 Created: 2019-12-27 Last updated: 2020-04-02Bibliographically approved
Lenarduzzi, V., Fucci, D. & Mendez, D. (2020). On the perceived harmfulness of requirement smells: An empirical study. In: Sabetzadeh M.,Vogelsang A.,Abualhaija S.,Borg M.,Dalpiaz F.,Daneva M.,Fernandez N.C.,Franch X.,Fucci D.,Gervasi V.,Groen E.,Guizzardi R.,Herrmann A.,Horkoff J.,Mich L.,Perini A.,Susi A. (Ed.), CEUR Workshop Proceedings: . Paper presented at Joint 26th International Conference on Requirements Engineering: Foundation for Software Quality Workshops, Doctoral Symposium, Live Studies Track, and Poster Track, Pisa; Italy, 24 March 2020 through 27 March 2020. CEUR-WS, 2584
Open this publication in new window or tab >>On the perceived harmfulness of requirement smells: An empirical study
2020 (English)In: CEUR Workshop Proceedings / [ed] Sabetzadeh M.,Vogelsang A.,Abualhaija S.,Borg M.,Dalpiaz F.,Daneva M.,Fernandez N.C.,Franch X.,Fucci D.,Gervasi V.,Groen E.,Guizzardi R.,Herrmann A.,Horkoff J.,Mich L.,Perini A.,Susi A., CEUR-WS , 2020, Vol. 2584Conference paper, Published paper (Refereed)
Abstract [en]

Technical debt is considered to have negative effects to the long term success of software projects. However, how the debt metaphor applies to requirements engineering is yet not significantly explored. Previ- ously, we proposed a framework to identify Requirements Debt (ReD) in three stages of the software development lifecycle. One of these stages is the formalization of stakeholder needs into natural language requirement specifications. In this work, we propose a live study aiming at surveying requirements engineering experts to gain further insights on the issues taking place at this stage and how they fit in our definition of ReD. Copyright © 2020 for this paper by its authors.

Place, publisher, year, edition, pages
CEUR-WS, 2020
Keywords
Computer software selection and evaluation, Life cycle, Requirements engineering, Empirical studies, Natural language requirements, Software development life cycle, Software project, Technical debts, Software design
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19413 (URN)2-s2.0-85082693019 (Scopus ID)
Conference
Joint 26th International Conference on Requirements Engineering: Foundation for Software Quality Workshops, Doctoral Symposium, Live Studies Track, and Poster Track, Pisa; Italy, 24 March 2020 through 27 March 2020
Note

Open access

Available from: 2020-04-30 Created: 2020-04-30 Last updated: 2020-04-30Bibliographically approved
Vogelsang, A., Eckhardt, J., Mendez, D. & Berger, M. (2020). Views on quality requirements in academia and practice: commonalities, differences, and context-dependent grey areas. Information and Software Technology, 121, Article ID 106253.
Open this publication in new window or tab >>Views on quality requirements in academia and practice: commonalities, differences, and context-dependent grey areas
2020 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 121, article id 106253Article in journal (Refereed) Published
Abstract [en]

Context: Quality requirements (QRs) are a topic of constant discussions both in industry and academia. Debates entwine around the definition of quality requirements, the way how to handle them, or their importance for project success. While many academic endeavors contribute to the body of knowledge about QRs, practitioners may have different views. In fact, we still lack a consistent body of knowledge on QRs since much of the discussion around this topic is still dominated by observations that are strongly context-dependent. This holds for both academic and practitioners’ views. Our assumption is that, in consequence, those views may differ. Objective: We report on a study to better understand the extent to which available research statements on quality requirements, as found in exemplary peer-reviewed and frequently cited publications, are reflected in the perception of practitioners. Our goal is to analyze differences, commonalities, and context-dependent grey areas in the views of academics and practitioners to allow a discussion on potential misconceptions (on either sides) and opportunities for future research. Method: We conducted a survey with 109 practitioners to assess whether they agree with research statements about QRs reflected in the literature. Based on a statistical model, we evaluate the impact of a set of context factors to the perception of research statements. Results: Our results show that a majority of the statements is well respected by practitioners; however, not all of them. When examining the different groups and backgrounds of respondents, we noticed interesting deviations of perceptions within different groups that may lead to new research questions. Conclusions:Our results help identifying prevalent context-dependent differences about how academics and practitioners view QRs and pinpointing statements where further research might be useful. © 2020 Elsevier B.V.

Place, publisher, year, edition, pages
Elsevier B.V., 2020
Keywords
Context factors, Eempirical study, Non-functional requirements, Quality requirements, Requirements engineering, Survey, Information systems, Software engineering, Surveying, Body of knowledge, Context dependent, Research questions, Statistical modeling, Surveys
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19180 (URN)10.1016/j.infsof.2019.106253 (DOI)000518706200005 ()2-s2.0-85078462227 (Scopus ID)
Available from: 2020-02-06 Created: 2020-02-06 Last updated: 2020-04-02Bibliographically approved
Villamizar, H., Anderlin Neto, A., Kalinowski, M., Garcia, A. F. & Mendez, D. (2019). An approach for reviewing security-related aspects in agile requirements specifications of web applications. In: Proceedings of the IEEE International Conference on Requirements Engineering: . Paper presented at 27th IEEE International Requirements Engineering Conference, RE, Ramada Plaza Jeju Ocean FrontJeju Island; South Korea, 23 September 2019 through 27 September 2019 (pp. 86-97). IEEE Computer Society
Open this publication in new window or tab >>An approach for reviewing security-related aspects in agile requirements specifications of web applications
Show others...
2019 (English)In: Proceedings of the IEEE International Conference on Requirements Engineering, IEEE Computer Society , 2019, p. 86-97Conference paper, Published paper (Refereed)
Abstract [en]

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them result in overall project failure due to incorrect or missing quality characteristics such as security. There are several concerns that make security difficult to deal with; for instance, (1) when stakeholders discuss general requirements in meetings, they are often unaware that they should also discuss security-related topics, and (2) they typically do not have enough expertise in security. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically involved. The goal of this paper is to design and evaluate an approach for reviewing security-related aspects in agile requirements specifications of web applications. The approach considers user stories and security specifications as input and relates those user stories to security properties via Natural Language Processing. Based on the related security properties, our approach then identifies high-level security requirements from the Open Web Application Security Project to be verified and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via two controlled experiment trials. We compare the effectiveness and efficiency of novice inspectors verifying security aspects in agile requirements using our approach against using the complete list of high-level security requirements. The (statistically significant) results indicate that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency. © 2019 IEEE.

Place, publisher, year, edition, pages
IEEE Computer Society, 2019
Keywords
Agile requirements, Requirements verification, Software inspection, Software security, Computer software selection and evaluation, Cryptography, Defects, Efficiency, Life cycle, Natural language processing systems, Requirements engineering, Software design, Specifications, Verification, Effectiveness and efficiencies, NAtural language processing, Open web application security projects, Software development life cycle, Network security
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19084 (URN)10.1109/RE.2019.00020 (DOI)2-s2.0-85076927129 (Scopus ID)9781728139128 (ISBN)
Conference
27th IEEE International Requirements Engineering Conference, RE, Ramada Plaza Jeju Ocean FrontJeju Island; South Korea, 23 September 2019 through 27 September 2019
Available from: 2020-01-09 Created: 2020-01-09 Last updated: 2020-01-09Bibliographically approved
Iqbal, T., Seyff, N. & Mendez, D. (2019). Generating requirements out of thin air: Towards automated feature identification for new apps. In: Proceedings - 2019 IEEE 27th International Requirements Engineering Conference Workshops, REW 2019: . Paper presented at 27th IEEE International Requirements Engineering Conference Workshops, REW; Jeju Island; South Korea, 23 September 2019 through 27 September 2019 (pp. 193-199). Institute of Electrical and Electronics Engineers Inc., Article ID 8933543.
Open this publication in new window or tab >>Generating requirements out of thin air: Towards automated feature identification for new apps
2019 (English)In: Proceedings - 2019 IEEE 27th International Requirements Engineering Conference Workshops, REW 2019, Institute of Electrical and Electronics Engineers Inc. , 2019, p. 193-199, article id 8933543Conference paper, Published paper (Refereed)
Abstract [en]

App store mining has proven to be a promising technique for requirements elicitation as companies can gain valuable knowledge to maintain and evolve existing apps. However, despite first advancements in using mining techniques for requirements elicitation, little is yet known how to distill requirements for new apps based on existing (similar) solutions and how exactly practitioners would benefit from such a technique. In the proposed work, we focus on exploring information (e.g. app store data) provided by the crowd about existing solutions to identify key features of applications in a particular domain. We argue that these discovered features and other related influential aspects (e.g. ratings) can help practitioners(e.g. software developer) to identify potential key features for new applications. To support this argument, we first conducted an interview study with practitioners to understand the extent to which such an approach would find champions in practice. In this paper, we present the first results of our ongoing research in the context of a larger road-map. Our interview study confirms that practitioners see the need for our envisioned approach. Furthermore, we present an early conceptual solution to discuss the feasibility of our approach. However, this manuscript is also intended to foster discussions on the extent to which machine learning can and should be applied to elicit automated requirements on crowd generated data on different forums and to identify further collaborations in this endeavor. © 2019 IEEE.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2019
Keywords
App store mining, Crowd data, Machine learning, Software feature mapping, E-learning, Learning systems, Requirements engineering, App stores, Automated features, Mining techniques, New applications, Requirements elicitation, Software developer, Software features, Application programs
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19177 (URN)10.1109/REW.2019.00040 (DOI)000527371700034 ()2-s2.0-85078017186 (Scopus ID)9781728151656 (ISBN)
Conference
27th IEEE International Requirements Engineering Conference Workshops, REW; Jeju Island; South Korea, 23 September 2019 through 27 September 2019
Available from: 2020-02-06 Created: 2020-02-06 Last updated: 2020-05-28Bibliographically approved
Organisations

Search in DiVA

Show all publications