Change search
Refine search result
12 1 - 50 of 78
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Abrahão, Silvia
    et al.
    Universitat Politècnica de València, ESP.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Message from the Artifact Evaluation Chairs of ICSE 20212021In: Proceedings - International Conference on Software Engineering, IEEE Computer Society , 2021Conference paper (Other academic)
  • 2.
    Alves, Antonio Pedro Santos
    et al.
    Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Brazil.
    Kalinowski, Marcos
    Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Brazil.
    Giray, Görkem
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Lavesson, Niklas
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Azevedo, Kelly
    Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Brazil.
    Villamizar, Hugo
    Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Brazil.
    Escovedo, Tatiana
    Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Brazil.
    Lopes, Helio
    Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Brazil.
    Biffl, Stefan
    Vienna University of Technology (TU Wien), Austria.
    Musil, Jürgen
    Vienna University of Technology (TU Wien), Austria.
    Felderer, Michael
    German Aerospace Center (DLR), Germany.
    Wagner, Stefan
    University of Stuttgart, Germany.
    Baldassarre, Teresa
    University of Bari, Italy.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Status Quo and Problems of Requirements Engineering for Machine Learning: Results from an International Survey2024In: Product-Focused Software Process Improvement: Proceedings, Part I / [ed] Regine Kadgien, Andreas Jedlitschka, Andrea Janes, Valentina Lenarduzzi, Xiaozhou Li, Springer Science+Business Media B.V., 2024, p. 159-174Conference paper (Refereed)
    Abstract [en]

    Systems that use Machine Learning (ML) have become commonplace for companies that want to improve their products and processes. Literature suggests that Requirements Engineering (RE) can help address many problems when engineering ML-enabled systems. However, the state of empirical evidence on how RE is applied in practice in the context of ML-enabled systems is mainly dominated by isolated case studies with limited generalizability. We conducted an international survey to gather practitioner insights into the status quo and problems of RE in ML-enabled systems. We gathered 188 complete responses from 25 countries. We conducted quantitative statistical analyses on contemporary practices using bootstrapping with confidence intervals and qualitative analyses on the reported problems involving open and axial coding procedures. We found significant differences in RE practices within ML projects. For instance, (i) RE-related activities are mostly conducted by project leaders and data scientists, (ii) the prevalent requirements documentation format concerns interactive Notebooks, (iii) the main focus of non-functional requirements includes data quality, model reliability, and model explainability, and (iv) main challenges include managing customer expectations and aligning requirements with data. The qualitative analyses revealed that practitioners face problems related to lack of business domain understanding, unclear goals and requirements, low customer engagement, and communication issues. These results help to provide a better understanding of the adopted practices and of which problems exist in practical environments. We put forward the need to adapt further and disseminate RE-related practices for engineering ML-enabled systems. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

  • 3.
    Angermeir, Florian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Fortiss, Germany.
    Moyón, Fabiola
    Siemens Technology, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Towards Automated Continuous Security Compliance2024In: International Symposium on Empirical Software Engineering and Measurement, IEEE Computer Society, 2024, p. 440-446Conference paper (Refereed)
    Abstract [en]

    Context: Continuous Software Engineering is increasingly adopted in highly regulated domains, raising the need for continuous compliance. Adherence to especially security regulations - a major concern in highly regulated domains - renders Continuous Security Compliance of high relevance to industry and research.

    Problem: One key barrier to adopting continuous software engineering in the industry is the resource-intensive and error-prone nature of traditional manual security compliance activities. Automation promises to be advantageous. However, continuous security compliance is under-researched, precluding an effective adoption.

    Contribution: We have initiated a long-term research project with our industry partner to address these issues. In this manuscript, we make three contributions: (1) We provide a precise definition of the term continuous security compliance aligning with the state-of-art, (2) elaborate a preliminary overview of challenges in the field of automated continuous security compliance through a tertiary literature study, and (3) present a research roadmap to address those challenges via automated continuous security compliance. © 2024 ACM.

  • 4.
    Angermeir, Florian
    et al.
    Tech Univ Munich, DEU.
    Voggenreiter, Markus
    Siemens Technol, Mumbai, DEU.
    Moyon, Fabiola
    Tech Univ Munich, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Enterprise-Driven Open Source Software: A Case Study on Security Automation2021In: 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2021), IEEE Computer Society, 2021, no 43rd IEEE/ACM International Conference on Software Engineering - Software Engineering in Practice (ICSE-SEIP) / 43rd ACM/IEEE International Conference on Software Engineering - New Ideas and Emerging Results (ICSE-NIER), p. 278-287Conference paper (Refereed)
    Abstract [en]

    Agile and DevOps are widely adopted by the industry. Hence, integrating security activities with industrial practices. such as continuous integration (CI) pipelines, is necessary to detect security flaws and adhere to regulators' demands early. In this paper, we analyze automated security activities in CI pipelines of enterprise-driven open source software (OSS). This shall allow us, in the long-run, to better understand the extent to which security activities are (or should be) part of automated pipelines. In particular, we mine publicly available OSS repositories and survey a sample of project maintainers to better understand the role that security activities and their related tools play in their CI pipelines. To increase transparency and allow other researchers to replicate our study (and to take different perspectives), we further disclose our research artefacts. Our results indicate that security activities in enterprise-driven OSS projects are scarce and protection coverage is rather low. Only 6.83% of the analyzed 8,243 projects apply security automation in their CI pipelines, even though maintainers consider security to be rather important. This alerts industry to keep the focus on vulnerabilities of 3rd Party software and it opens space for other improvements or practice which we outline in this manuscript.

  • 5. Chuprina, Tatiana
    et al.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Towards Artefact-based Requirements Engineering for Data-Centric Systems2021In: CEUR Workshop Proceedings / [ed] Aydemir F.B.,Gralha C.,Daneva M.,Groen E.C.,Herrmann A.,Mennig P.,Abualhaija S.,Ferrari A.,Guo J.,Guizzardi R.,Horkoff J.,Perini A.,Susi A.,Breaux T.,Franch X.,Ernst N.,Paja E.,Seyff N., CEUR-WS , 2021, Vol. 2857Conference paper (Refereed)
    Abstract [en]

    Many modern software-intensive systems employ artificial intelligence / machine-learning (AI/ML) components and are, thus, inherently data-centric. The behaviour of such systems depends on typically large amounts of data processed at run-Time rendering such non-deterministic systems as complex. This complexity growth affects our understanding on needs and practices in Requirements Engineering (RE). There is, however, still little guidance on how to handle requirements for such systems effectively: What are, for example, typical quality requirements classes What modelling concepts do we rely on or which levels of abstraction do we need to consider In fact, how to integrate such concepts into approaches for a more traditional RE still needs profound investigations. In this research preview paper, we report on ongoing efforts to establish an artefact-based RE approach for the development of datacentric systems (DCSs). To this end, we sketch a DCS development process with the newly proposed requirements categories and data-centric artefacts and briefly report on an ongoing investigation of current RE challenges in industry developing data-centric systems. © 2021 CEUR-WS. All rights reserved.

    Download full text (pdf)
    fulltext
  • 6.
    Dehghani, Razieh
    et al.
    Sharif University of Technology, IRN.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Ramsin, Raman
    Sharif University of Technology, IRN.
    On Understanding the Relation of Knowledge and Confidence to Requirements Quality2021In: REQUIREMENTS ENGINEERING: FOUNDATION FOR SOFTWARE QUALITY (REFSQ 2021) / [ed] Dalpiaz F., Spoletini P., Springer Science and Business Media Deutschland GmbH , 2021, Vol. 12685, p. 208-224Conference paper (Refereed)
    Abstract [en]

    [Context and Motivation] Software requirements are affected by the knowledge and confidence of software engineers. Analyzing the interrelated impact of these factors is difficult because of the challenges of assessing knowledge and confidence. [Question/Problem] This research aims to draw attention to the need for considering the interrelated effects of confidence and knowledge on requirements quality, which has not been addressed by previous publications. [Principal ideas/results] For this purpose, the following steps have been taken: 1) requirements quality was defined based on the instructions provided by the ISO29148:2011 standard, 2) we selected the symptoms of low qualified requirements based on ISO29148:2011, 3) we analyzed five Software Requirements Specification (SRS) documents to find these symptoms, 3) people who have prepared the documents were categorized in four classes to specify the more/less knowledge and confidence they have regarding the symptoms, and 4) finally, the relation of lack of enough knowledge and confidence to symptoms of low quality was investigated. The results revealed that the simultaneous deficiency of confidence and knowledge has more negative effects in comparison with a deficiency of knowledge or confidence. [Contribution] In brief, this study has achieved these results: 1) the realization that a combined lack of knowledge and confidence has a larger effect on requirements quality than only one of the two factors, 2) the relation between low qualified requirements and requirements engineers’ needs for knowledge and confidence, and 3) variety of requirements engineers’ needs for knowledge based on their abilities to make discriminative and consistent decisions. © 2021, Springer Nature Switzerland AG.

    Download full text (pdf)
    fulltext
  • 7.
    Dorner, Michael
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Capraro, Maximilian
    Kolabri, Germany.
    Treidler, Oliver
    Kolabri, Germany.
    Kunz, Tom-Eric
    Kolabri, Germany.
    Šmite, Darja
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Zabardast, Ehsan
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Taxing Collaborative Software Engineering: The Challenges for Tax Compliance in Software Engineering2024In: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194, Vol. 41, no 4, p. 143-150Article in journal (Refereed)
    Abstract [en]

    The engineering of complex software systems is often the result of a highly collaborative effort. However, collaboration within a multinational enterprise has an overlooked legal implication when developers collaborate across national borders: It is taxable. In this article, we discuss the unsolved problem of taxing collaborative software engineering across borders.

    Download full text (pdf)
    fulltext
  • 8.
    Dorner, Michael
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Zabardast, Ehsan
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Czerwonka, Jacek
    Microsoft, Seattle, USA.
    The upper bound of information diffusion in code review2025In: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 30, no 1, article id 2Article in journal (Refereed)
    Abstract [en]

    Background

    Code review, the discussion around a code change among humans, forms a communication network that enables its participants to exchange and spread information. Although reported by qualitative studies, our understanding of the capability of code review as a communication network is still limited.

    Objective

    In this article, we report on a first step towards understanding and evaluating the capability of code review as a communication network by quantifying how fast and how far information can spread through code review: the upper bound of information diffusion in code review.

    Method

    In an in-silico experiment, we simulate an artificial information diffusion within large (Microsoft), mid-sized (Spotify), and small code review systems (Trivago) modelled as communication networks. We then measure the minimal topological and temporal distances between the participants to quantify how far and how fast information can spread in code review.

    Results

    An average code review participants in the small and mid-sized code review systems can spread information to between 72 % and 85 % of all code review participants within four weeks independently of network size and tooling; for the large code review systems, we found an absolute boundary of about 11 000 reachable participants. On average (median), information can spread between two participants in code review in less than five hops and less than five days.

    Conclusion

    We found evidence that the communication network emerging from code review scales well and spreads information fast and broadly, corroborating the findings of prior qualitative work. The study lays the foundation for understanding and improving code review as a communication network.

    Download full text (pdf)
    fulltext
  • 9.
    Dorner, Michael
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Šmite, Darja
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Czerwonka, Jacek
    Microsoft Research, USA.
    Only Time Will Tell: Modelling Information Diffusion in Code Review with Time-Varying Hypergraphs2022In: ESEM '22: Proceedings of the 16th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement / [ed] Madeiral F., Lassenius C., Lassenius C., Conte T., Mannisto T., Association for Computing Machinery (ACM), 2022, p. 195-204Conference paper (Refereed)
    Abstract [en]

    Background: Modern code review is expected to facilitate knowledge sharing: All relevant information, the collective expertise, and meta-information around the code change and its context become evident, transparent, and explicit in the corresponding code review discussion. The discussion participants can leverage this information in the following code reviews; the information diffuses through the communication network that emerges from code review. Traditional time-aggregated graphs fall short in rendering information diffusion as those models ignore the temporal order of the information exchange: Information can only be passed on if it is available in the first place.

    Aim: This manuscript presents a novel model based on time-varying hypergraphs for rendering information diffusion that overcomes the inherent limitations of traditional, time-aggregated graph-based models. 

    Method: In an in-silico experiment, we simulate an information diffusion within the internal code review at Microsoft and show the empirical impact of time on a key characteristic of information diffusion: the number of reachable participants. 

    Results: Time-aggregation significantly overestimates the paths of information diffusion available in communication networks and, thus, is neither precise nor accurate for modelling and measuring the spread of information within communication networks that emerge from code review. 

    Conclusion: Our model overcomes the inherent limitations of traditional, static or time-aggregated, graph-based communication models and sheds the first light on information diffusion through code review. We believe that our model can serve as a foundation for understanding, measuring, managing, and improving knowledge sharing in code review in particular and information diffusion in software engineering in general.

    Download full text (pdf)
    fulltext
  • 10.
    Elahidoost, Parisa
    et al.
    Fortiss GmbH, Munich, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Feiler, Christian
    Itestra GmbH, Munich, Germany.
    Streit, Jonathan
    Itestra GmbH, Munich, Germany.
    Practices, Challenges, and Opportunities When Inferring Requirements from Regulations in the FinTech Sector - An Industrial Study2024In: Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024 / [ed] Liebel, G, Hadar I, Spoletini, P, Institute of Electrical and Electronics Engineers (IEEE), 2024, p. 137-145Conference paper (Refereed)
    Abstract [en]

    [Context and motivation]: Understanding and interpreting regulatory norms and inferring software requirements from them is a critical step towards regulatory compliance, a matter of significant importance in various industrial sectors. [Question/ problem]: However, interpreting regulations still largely depends on individual legal expertise and experience within the respective domain, with little to no systematic methodologies and supportive tools to guide this practice. In fact, research in this area is too often detached from practitioners' experiences, rendering the proposed solutions not transferable to industrial practice. As we argue, one reason is that we still lack a profound understanding of industry- and domain-specific practices and challenges. [Principal ideas/ results]: We aim to close this gap and provide such an investigation at the example of the banking and insurance domain. We conduct an industrial multi-case study as part of a long-term academia-industry collaboration with a mediumsized software development and renovation company. We explore contemporary industrial practices and challenges when inferring requirements from regulations to support more problem-driven research. Our study investigates the complexities of requirement engineering in regulatory contexts, pinpointing various issues and discussing them in detail. We highlight the gathered insights and the practical challenges encountered and suggest avenues for future research. [Contribution]: Our contribution is a comprehensive case study focused on the FinTech domain, offering a detailed understanding of the specific needs within this sector. We have identified key practices for managing regulatory requirements in software development, and have pinpointed several challenges. We conclude by offering a set of recommendations for future problem-driven research directions. © 2024 IEEE.

  • 11.
    Ernst, Neil A.
    et al.
    University of Victoria, CAN.
    Carver, Jeffrey C.
    University of Alabama, USA.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Torchiano, Marco
    Politecnico di Torino, ITA.
    Understanding peer review of software engineering papers2021In: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 26, no 5, article id 103Article in journal (Refereed)
    Abstract [en]

    Context: Peer review is a key activity intended to preserve the quality and integrity of scientific publications. However, in practice it is far from perfect. Objective: We aim at understanding how reviewers, including those who have won awards for reviewing, perform their reviews of software engineering papers to identify both what makes a good reviewing approach and what makes a good paper. Method: We first conducted a series of interviews with recognised reviewers in the software engineering field. Then, we used the results of those interviews to develop a questionnaire used in an online survey and sent out to reviewers from well-respected venues covering a number of software engineering disciplines, some of whom had won awards for their reviewing efforts. Results: We analyzed the responses from the interviews and from 175 reviewers who completed the online survey (including both reviewers who had won awards and those who had not). We report on several descriptive results, including: Nearly half of award-winners (45%) are reviewing 20+ conference papers a year, while 28% of non-award winners conduct that many. The majority of reviewers (88%) are taking more than two hours on journal reviews. We also report on qualitative results. Our findings suggest that the most important criteria of a good review is that it should be factual and helpful, which ranked above others such as being detailed or kind. The most important features of papers that result in positive reviews are a clear and supported validation, an interesting problem, and novelty. Conversely, negative reviews tend to result from papers that have a mismatch between the method and the claims and from papers with overly grandiose claims. Further insights include, if not limited to, that reviewers view data availability and its consistency as being important or that authors need to make their contribution of the work very clear in their paper. Conclusions: Based on the insights we gained through our study, we conclude our work by compiling a proto-guideline for reviewing. One hope we associate with our work is to contribute to the ongoing debate and contemporary effort to further improve our peer review models in the future. © 2021, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.

  • 12.
    Fabiola Moyón, Constante
    et al.
    Technical University of Munich and Siemens Technology.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Angermeir, Florian
    Siemens Technology and Technical University of Munich.
    Bonvin, Pierre-Louis
    Siemens Technology and Technical University of Munich.
    Voggenreiter, Markus
    LMU Munich.
    RefA: Reference Architecture for Security-compliant DevOps2023Report (Refereed)
    Abstract [en]

    This technical report presents RefA, a reference architecture for security-compliant DevOps. RefA consists of a set of models that illustrate the artefacts and practice areas to consider when implementing secure DevOps lifecycles. In addition, RefA describes people, proceses, and technology aspects to be considered in each practice area. Practitioners can use RefA for the purposes of designing and assessing security compliance of their DevOps lifecycles, while researchers may use RefA as a reference for setting up research roadmaps. RefA models result from combining the profound analysis of the IEC 62443-4-1 standard for secure industrial products development, continuous software engineering literature review, and observations made in practice in context of a large industrial company during the past 5 years. The manuscript constitutes original, previously unpublished research.

    Download full text (pdf)
    fulltext
  • 13.
    Fischbach, Jannik
    et al.
    Netlight Consulting GmbH, Germany.
    Adam, Max
    Technical University of Munich, Germany.
    Dzhagatspanyan, Victor
    Technical University of Munich, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Kosenkov, Oleksandr
    Fortiss GmbH, Germany.
    Elahidoost, Parisa
    Fortiss GmbH, Germany.
    Automatic ESG Assessment of Companies by Mining and Evaluating Media Coverage Data: NLP Approach and Tool2023In: Proceedings - 2023 IEEE International Conference on Big Data, BigData 2023, Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 2823-2830Conference paper (Refereed)
    Abstract [en]

    [Context:] Society increasingly values sustainable corporate behaviour, impacting corporate reputation and customer trust. Hence, companies regularly publish sustainability reports to shed light on their impact on environmental, social, and governance (ESG) factors. [Problem:] Sustainability reports are written by companies and therefore considered a company-controlled source. Contrarily, studies reveal that non-corporate channels (e.g., media coverage) represent the main driver for ESG transparency. However, analysing media coverage regarding ESG factors is challenging since (1) the amount of published news articles grows daily, (2) media coverage data does not necessarily deal with an ESG-relevant topic, meaning that it must be carefully filtered, and (3) the majority of media coverage data is unstructured. [Research Goal:] We aim to automatically extract ESG-relevant information from textual media reactions to calculate an ESG score for a given company. Our goal is to reduce the cost of ESG data collection and make ESG information available to the general public. [Contribution:] Our contributions are three-fold: First, we publish a corpus of 432,411 news headlines annotated as being environmental-, governance-, social-related, or ESG-irrelevant. Second, we present our tool-supported approach called ESG-Miner, capable of automatically analysing and evaluating corporate ESG performance headlines. Third, we demonstrate the feasibility of our approach in an experiment and apply the ESG-Miner on 3000 manually labelled headlines. Our approach correctly processes 96.7% of the headlines and shows great performance in detecting environmental-related headlines and their correct sentiment. © 2023 IEEE.

  • 14.
    Fischbach, Jannik
    et al.
    Qualicen GmbH, DEU.
    Femmer, Henning
    Qualicen GmbH, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vogelsang, Andreas
    University of Cologne, DEU.
    What makes agile test artifacts useful?: An activity-based quality model from a practitioners' perspective2020In: International Symposium on Empirical Software Engineering and Measurement, IEEE Computer Society, 2020, article id 3421462Conference paper (Refereed)
    Abstract [en]

    Background: The artifacts used in Agile software testing and the reasons why these artifacts are used are fairly well-understood. However, empirical research on how Agile test artifacts are eventually designed in practice and which quality factors make them useful for software testing remains sparse. Aims: Our objective is two-fold. First, we identify current challenges in using test artifacts to understand why certain quality factors are considered good or bad. Second, we build an Activity-Based Artifact Quality Model that describes what Agile test artifacts should look like. Method: We conduct an industrial survey with 18 practitioners from 12 companies operating in seven different domains. Results: Our analysis reveals nine challenges and 16 factors describing the quality of six test artifacts from the perspective of Agile testers. Interestingly, we observed mostly challenges regarding language and traceability, which are well-known to occur in non-Agile projects. Conclusions: Although Agile software testing is becoming the norm, we still have little confidence about general do's and don'ts going beyond conventional wisdom. This study is the first to distill a list of quality factors deemed important to what can be considered as useful test artifacts. © 2020 IEEE Computer Society. All rights reserved.

    Download full text (pdf)
    fulltext
  • 15.
    Fischbach, Jannik
    et al.
    Qualicen GmbH, DEU.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Femmer, Henning
    Qualicen GmbH, DEU.
    Vogelsang, Andreas
    University of Cologne, DEU.
    How Do Practitioners Interpret Conditionals in Requirements?2021In: Lecture Notes in Computer Science / [ed] Ardito L., Jedlitschka A., Morisio M., Torchiano M., Springer Science and Business Media Deutschland GmbH , 2021, Vol. 13126, p. 85-102Conference paper (Refereed)
    Abstract [en]

    Context: Conditional statements like “If A and B then C” are core elements for describing software requirements. However, there are many ways to express such conditionals in natural language and also many ways how they can be interpreted. We hypothesize that conditional statements in requirements are a source of ambiguity, potentially affecting downstream activities such as test case generation negatively. Objective: Our goal is to understand how specific conditionals are interpreted by readers who work with requirements. Method: We conduct a descriptive survey with 104 RE practitioners and ask how they interpret 12 different conditional clauses. We map their interpretations to logical formulas written in Propositional (Temporal) Logic and discuss the implications. Results: The conditionals in our tested requirements were interpreted ambiguously. We found that practitioners disagree on whether an antecedent is only sufficient or also necessary for the consequent. Interestingly, the disagreement persists even when the system behavior is known to the practitioners. We also found that certain cue phrases are associated with specific interpretations. Conclusion: Conditionals in requirements are a source of ambiguity and there is not just one way to interpret them formally. This affects any analysis that builds upon formalized requirements (e.g., inconsistency checking, test-case generation). Our results may also influence guidelines for writing requirements. © 2021, Springer Nature Switzerland AG.

  • 16.
    Fischbach, Jannik
    et al.
    Qualicen GmbH, DEU.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Spaans, Arjen
    Qualicen GmbH, DEU.
    Kummeth, Maximilian
    Qualicen GmbH, DEU.
    Vogelsang, Andreas
    University of Cologne, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Automatic Detection of Causality in Requirement Artifacts: The CiRA Approach2021In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Dalpiaz F., Spoletini P., Springer Science and Business Media Deutschland GmbH , 2021, Vol. 12685, p. 19-36Conference paper (Refereed)
    Abstract [en]

    [Context & motivation:] System behavior is often expressed by causal relations in requirements (e.g., If event 1, then event 2). Automatically extracting this embedded causal knowledge supports not only reasoning about requirements dependencies, but also various automated engineering tasks such as seamless derivation of test cases. However, causality extraction from natural language (NL) is still an open research challenge as existing approaches fail to extract causality with reasonable performance. [Question/problem:] We understand causality extraction from requirements as a two-step problem: First, we need to detect if requirements have causal properties or not. Second, we need to understand and extract their causal relations. At present, though, we lack knowledge about the form and complexity of causality in requirements, which is necessary to develop a suitable approach addressing these two problems. [Principal ideas/results:] We conduct an exploratory case study with 14,983 sentences from 53 requirements documents originating from 18 different domains and shed light on the form and complexity of causality in requirements. Based on our findings, we develop a tool-supported approach for causality detection (CiRA, standing for Causality in Requirement Artifacts). This constitutes a first step towards causality extraction from NL requirements. [Contribution:] We report on a case study and the resulting tool-supported approach for causality detection in requirements. Our case study corroborates, among other things, that causality is, in fact, a widely used linguistic pattern to describe system behavior, as about a third of the analyzed sentences are causal. We further demonstrate that our tool CiRA achieves a macro-F 1 score of 82% on real word data and that it outperforms related approaches with an average gain of 11.06% in macro-Recall and 11.43% in macro-Precision. Finally, we disclose our open data sets as well as our tool to foster the discourse on the automatic detection of causality in the RE community. © 2021, Springer Nature Switzerland AG.

    Download full text (pdf)
    fulltext
  • 17.
    Fischbach, Jannik
    et al.
    Netlight Consulting GmbH, DEU.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vogelsang, Andreas
    University of Cologne, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wehrle, Andreas
    Allianz Deutschland AG, DEU.
    Henao, Pablo Restrepo
    Netlight Consulting GmbH, DEU.
    Yousefi, Parisa
    Ericsson, SWE.
    Juricic, Tedi
    Ericsson, SWE.
    Radduenz, Jeannette
    Allianz Deutschland AG, DEU.
    Wiecher, Carsten
    Leopold Kostal GmbH & Co. KG, DEU.
    Automatic creation of acceptance tests by extracting conditionals from requirements: NLP approach and case study2023In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 197, article id 111549Article in journal (Refereed)
    Abstract [en]

    Acceptance testing is crucial to determine whether a system fulfills end-user requirements. However, the creation of acceptance tests is a laborious task entailing two major challenges: (1) practitioners need to determine the right set of test cases that fully covers a requirement, and (2) they need to create test cases manually due to insufficient tool support. Existing approaches for automatically deriving test cases require semi-formal or even formal notations of requirements, though unrestricted natural language is prevalent in practice. In this paper, we present our tool-supported approach CiRA (Conditionals in Requirements Artifacts) capable of creating the minimal set of required test cases from conditional statements in informal requirements. We demonstrate the feasibility of CiRA in a case study with three industry partners. In our study, out of 578 manually created test cases, 71.8% can be generated automatically. Additionally, CiRA discovered 80 relevant test cases that were missed in manual test case design. CiRA is publicly available at www.cira.bth.se/demo/. © 2022

  • 18.
    Fischbach, Jannik
    et al.
    Qualicen GmbH, DEU.
    Springer, Tobias
    Technical University of Munich, DEU.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Femmer, Henning
    Qualicen GmbH, DEU.
    Vogelsang, Andreas
    University of Cologne, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fine-Grained Causality Extraction from Natural Language Requirements Using Recursive Neural Tensor Networks2021In: Proceedings of the IEEE International Conference on Requirements Engineering / [ed] Yue T., Mirakhorli M., IEEE Computer Society , 2021, p. 60-69Conference paper (Refereed)
    Abstract [en]

    [Context:] Causal relations (e.g., If A, then B) are prevalent in functional requirements. For various applications of AI4RE, e.g., the automatic derivation of suitable test cases from requirements, automatically extracting such causal statements are a basic necessity. [Problem:] We lack an approach that is able to extract causal relations from natural language requirements in fine-grained form. Specifically, existing approaches do not consider the combinatorics between causes and effects. They also do not allow to split causes and effects into more granular text fragments (e.g., variable and condition), making the extracted relations unsuitable for automatic test case derivation. [Objective Contributions:] We address this research gap and make the following contributions: First, we present the Causality Treebank, which is the first corpus of fully labeled binary parse trees representing the composition of 1,571 causal requirements. Second, we propose a fine-grained causality extractor based on Recursive Neural Tensor Networks. Our approach is capable of recovering the composition of causal statements written in natural language and achieves a F1 score of 74% in the evaluation on the Causality Treebank. Third, we disclose our open data sets as well as our code to foster the discourse on the automatic extraction of causality in the RE community. © 2021 IEEE.

  • 19.
    Franch, Xavier
    et al.
    Universitat Politcnica de Catalunya (UPC), ESP.
    Glinz, Martin
    University of Zurich, CHE.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Seyff, Norbert
    University of Zurich, CHE.
    A Study about the Knowledge and Use of Requirements Engineering Standards in Industry2022In: IEEE Transactions on Software Engineering, ISSN 0098-5589, E-ISSN 1939-3520, Vol. 48, no 9, p. 3310-3325Article in journal (Refereed)
    Abstract [en]

    The use of standards is considered a vital part of any engineering discipline. So one could expect that standards play an important role in Requirements Engineering (RE) as well. However, little is known about the actual knowledge and use of RE-related standards in industry. <i>Objective</i>. In this article, we investigate to which ex-tent standards and related artifacts such as templates or guidelines are known and used by RE practitioners. <i>Method</i>. To this end, we have conducted an online survey. We could analyze the replies from 90 RE practitioners using a combination of closed and open-text questions. <i>Results</i>. Our results indicate that the knowledge and use of standards and related artifacts in RE may be less widespread than one might expect from an engineering perspective. For example, about 45% of the respondents working as requirements engineers or business analysts do not know at least one of the two core standards in RE. Participants in our study mostly use standards rather by personal decision than imposed by their company, customer, or regulator. Beyond insufficient knowledge, we also found cultural and organizational factors impeding the widespread adoption of standards in RE. <i>Conclusions</i>. Overall, our results provide empirically informed insights into the actual use of standards and related artifacts in RE practice and indirectly about the value that the current standards create for RE practitioners. IEEE

  • 20.
    Franch, Xavier
    et al.
    Universitat Politecnica de Catalunya, ESP.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vogelsang, Andreas
    Technische Universitat Berlin, DEU.
    Heldal, Rogardt
    Western Norway University of Applied Sciences, NOR.
    Knauss, Eric
    Chalmers tekniska högskola, SWE.
    Oriol, Marc
    Universitat Politecnica de Catalunya, ESP.
    Travassos, Guilherme
    Federal University of Rio de Janeiro, BRA.
    Carver, Jeffrey C.
    University of Alabama, USA.
    Zimmermann, Thomas
    Microsoft Corporation, USA.
    How do Practitioners Perceive the Relevance of Requirements Engineering Research?2022In: IEEE Transactions on Software Engineering, ISSN 0098-5589, E-ISSN 1939-3520, Vol. 48, no 6, p. 1947-1964Article in journal (Refereed)
    Abstract [en]

    Context: The relevance of Requirements Engineering (RE) research to practitioners is vital for a long-term dissemination of research results to everyday practice. Some authors have speculated about a mismatch between research and practice in the RE discipline. However, there is not much evidence to support or refute this perception. Objective: This paper presents the results of a study aimed at gathering evidence from practitioners about their perception of the relevance of RE research and at understanding the factors that influence that perception. Method: We conducted a questionnaire-based survey of industry practitioners with expertise in RE. The participants rated the perceived relevance of 435 scientific papers presented at five top RE-related conferences. Results: The 153 participants provided a total of 2,164 ratings. The practitioners rated RE research as essential or worthwhile in a majority of cases. However, the percentage of non-positive ratings is still higher than we would like. Among the factors that affect the perception of relevance are the paper?s links to industry, the research method used, and respondents? roles. The reasons for positive perceptions were primarily related to the relevance of the problem and the soundness of the solution, while the causes for negative perceptions were more varied. The respondents also provided suggestions for future research, including topics researchers have studied for decades, like elicitation or requirement quality criteria. Conclusions: The study is valuable for both researchers and practitioners. Researchers can use the reasons respondents gave for positive and negative perceptions and the suggested research topics to help make their research more appealing to practitioners and thus more prone to industry adoption. Practitioners can benefit from the overall view of contemporary RE research by learning about research topics that they may not be familiar with, and compare their perception with those of their colleagues to self-assess their positioning towards more academic research. IEEE

  • 21.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Measuring the Fitness-for-Purpose of Requirements: An initial Model of Activities and Attributes2024In: Proceedings of the IEEE International Conference on Requirements Engineering / [ed] Liebel G., Hadar I., Spoletini P., IEEE Computer Society, 2024, p. 398-406Conference paper (Refereed)
    Abstract [en]

    Requirements engineering aims to fulfill a purpose, i.e., inform subsequent software development activities about stakeholders' needs and constraints that must be met by the system under development. The quality of requirements artifacts and processes is determined by how fit for this purpose they are, i.e., how they impact activities affected by them. However, research on requirements quality lacks a comprehensive overview of these activities and how to measure them. In this paper, we specify the research endeavor addressing this gap and propose an initial model of requirements-affected activities and their attributes. We construct a model from three distinct data sources, including both literature and empirical data. The results yield an initial model containing 24 activities and 16 attributes quantifying these activities. Our long-term goal is to develop evidence-based decision support on how to optimize the fitness for purpose of the RE phase to best support the subsequent, affected software development process. We do so by measuring the effect that requirements artifacts and processes have on the attributes of these activities. With the contribution at hand, we invite the research community to critically discuss our research roadmap and support the further evolution of the model. © 2024 IEEE.

  • 22.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Replications, Revisions, and Reanalyses: Managing Variance Theories in Software EngineeringManuscript (preprint) (Other academic)
    Abstract [en]

    Variance theories quantify the variance that one or more independent variables cause in a dependent variable. In software engineering (SE), variance theories are used toquantify—among others—the impact of tools, techniques, andother treatments on software development outcomes. To acquire variance theories, evidence from individual empirical studies needs to be synthesized to more generally valid conclusions. However, research synthesis in SE is mostly limited to meta-analysis, which requires homogeneity of the synthesized studies to infer generalizable variance. In this paper, we aim to extend the practice of research synthesis beyond meta-analysis. To this end, we derive a conceptual framework for the evolution of variance theories and demonstrate its use by applying it to an active research field in SE. The resulting framework allows researchers to put new evidence in a clear relation to an existing body of knowledge and systematically expand the scientific frontier of a studied phenomenon.

    Download full text (pdf)
    fulltext
  • 23.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Qualicen GmbH, GER.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vogelsang, Andreas
    University of Cologne, GER.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Causality in requirements artifacts: prevalence, detection, and impact2023In: Requirements Engineering, ISSN 0947-3602, E-ISSN 1432-010X, Vol. 28, no 1, p. 49-74Article in journal (Refereed)
    Abstract [en]

    Causal relations in natural language (NL) requirements convey strong, semantic information. Automatically extracting such causal information enables multiple use cases, such as test case generation, but it also requires to reliably detect causal relations in the first place. Currently, this is still a cumbersome task as causality in NL requirements is still barely understood and, thus, barely detectable. In our empirically informed research, we aim at better understanding the notion of causality and supporting the automatic extraction of causal relations in NL requirements. In a first case study, we investigate 14.983 sentences from 53 requirements documents to understand the extent and form in which causality occurs. Second, we present and evaluate a tool-supported approach, called CiRA, for causality detection. We conclude with a second case study where we demonstrate the applicability of our tool and investigate the impact of causality on NL requirements. The first case study shows that causality constitutes around 28 % of all NL requirements sentences. We then demonstrate that our detection tool achieves a macro-F 1 score of 82 % on real-world data and that it outperforms related approaches with an average gain of 11.06 % in macro-Recall and 11.43 % in macro-Precision. Finally, our second case study corroborates the positive correlations of causality with features of NL requirements. The results strengthen our confidence in the eligibility of causal relations for downstream reuse, while our tool and publicly available data constitute a first step in the ongoing endeavors of utilizing causality in RE and beyond. © 2022, The Author(s).

    Download full text (pdf)
    fulltext
  • 24.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Spinola, Rodrigo
    Virginia Commonwealth University, Richmond, USA.
    Mandic, Vladimir
    University of Novi Sad, Serbia.
    Tausan, Nebojsa
    University of Novi Sad, Serbia.
    Ahmad, Ovais
    Karlstad University.
    Gonzalez-Huerta, Javier
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    An initial Theory to Understand and Manage Requirements Engineering Debt in Practice2023In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 159, article id 107201Article in journal (Refereed)
    Abstract [en]

    Context

    Advances in technical debt research demonstrate the benefits of applying the financial debt metaphor to support decision-making in software development activities. Although decision-making during requirements engineering has significant consequences, the debt metaphor in requirements engineering is inadequately explored.

    Objective

    We aim to conceptualize how the debt metaphor applies to requirements engineering by organizing concepts related to practitioners’ understanding and managing of requirements engineering debt (RED).

    Method

    We conducted two in-depth expert interviews to identify key requirements engineering debt concepts and construct a survey instrument. We surveyed 69 practitioners worldwide regarding their perception of the concepts and developed an initial analytical theory.

    Results

    We propose a RED theory that aligns key concepts from technical debt research but emphasizes the specific nature of requirements engineering. In particular, the theory consists of 23 falsifiable propositions derived from the literature, the interviews, and survey results.

    Conclusions

    The concepts of requirements engineering debt are perceived to be similar to their technical debt counterpart. Nevertheless, measuring and tracking requirements engineering debt are immature in practice. Our proposed theory serves as the first guide toward further research in this area.

    Download full text (pdf)
    IST22_RED
  • 25.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Torkar, Richard
    Chalmers University of Technology.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    A Second Look at the Impact of Passive Voice Requirements on Domain Modeling: Bayesian Reanalysis of an Experiment2024In: Proceedings of the 2024 IEEE/ACM international workshop on methodological issues with empirical studies in software engineering, WSESE 2024, Association for Computing Machinery (ACM), 2024, p. 27-33Conference paper (Refereed)
    Abstract [en]

    The quality of requirements specifications may impact subsequent, dependent software engineering (SE) activities. However, empirical evidence of this impact remains scarce and too often superficial as studies abstract from the phenomena under investigation too much. 1Wo of these abstractions are caused by the lack of frameworks for causal inference and frequentist methods which reduce complex data to binary results. In this study, we aim to demonstrate (1) the use of a causal framework and (2) contrast frequentist methods with more sophisticated Bayesian statistics for causal inference. To this end, we reanalyze the only known controlled experiment investigating the impact of passive voice on the subsequent activity of domain modeling. We follow a framework for statistical causal inference and employ Bayesian data analysis methods to re-investigate the hypotheses of the original study. Our results reveal that the effects observed by the original authors turned out to be much less significant than previously assumed. This study supports the recent call to action in SE research to adopt Bayesian data analysis, including causal frameworks and Bayesian statistics, for more sophisticated causal inference.

    Download full text (pdf)
    fulltext
  • 26.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Torkar, Richard
    Chalmers University of Technology.
    Montgomery, Lloyd
    University of Hamburg, Germany.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Applying bayesian data analysis for causal inference about requirements quality: a controlled experiment2025In: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 30, no 1, article id 29Article in journal (Refereed)
    Abstract [en]

    It is commonly accepted that the quality of requirements specifications impacts subsequent software engineering activities. However, we still lack empirical evidence to support organizations in deciding whether their requirements are good enough or impede subsequent activities. We aim to contribute empirical evidence to the effect that requirements quality defects have on a software engineering activity that depends on this requirement. We conduct a controlled experiment in which 25 participants from industry and university generate domain models from four natural language requirements containing different quality defects. We evaluate the resulting models using both frequentist and Bayesian data analysis. Contrary to our expectations, our results show that the use of passive voice only has a minor impact on the resulting domain models. The use of ambiguous pronouns, however, shows a strong effect on various properties of the resulting domain models. Most notably, ambiguous pronouns lead to incorrect associations in domain models. Despite being equally advised against by literature and frequentist methods, the Bayesian data analysis shows that the two investigated quality defects have vastly different impacts on software engineering activities and, hence, deserve different levels of attention. Our employed method can be further utilized by researchers to improve reliable, detailed empirical evidence on requirements quality. © The Author(s) 2024.

    Download full text (pdf)
    fulltext
  • 27.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Junker, Maximilian
    Qualicen GmbH, DEU.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, DEU.
    Automatic Extraction of Cause-Effect-Relations from Requirements Artifacts2020In: Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, Institute of Electrical and Electronics Engineers Inc. , 2020, p. 561-572, article id 9286079Conference paper (Refereed)
    Abstract [en]

    Background: The detection and extraction of causality from natural language sentences have shown great potential in various fields of application. The field of requirements engineering is eligible for multiple reasons: (1) requirements artifacts are primarily written in natural language, (2) causal sentences convey essential context about the subject of requirements, and (3) extracted and formalized causality relations are usable for a (semi-)automatic translation into further artifacts, such as test cases. Objective: We aim at understanding the value of interactive causality extraction based on syntactic criteria for the context of requirements engineering. Method: We developed a prototype of a system for automatic causality extraction and evaluate it by applying it to a set of publicly available requirements artifacts, determining whether the automatic extraction reduces the manual effort of requirements formalization. Result: During the evaluation we analyzed 4457 natural language sentences from 18 requirements documents, 558 of which were causal (12.52%). The best evaluation of a requirements document provided an automatic extraction of 48.57% cause-effect graphs on average, which demonstrates the feasibility of the approach. Limitation: The feasibility of the approach has been proven in theory but lacks exploration of being scaled up for practical use. Evaluating the applicability of the automatic causality extraction for a requirements engineer is left for future research. Conclusion: A syntactic approach for causality extraction is viable for the context of requirements engineering and can aid a pipeline towards an automatic generation of further artifacts from requirements artifacts. © 2020 ACM.

    Download full text (pdf)
    fulltext
  • 28.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Lloyd, Montgomery
    Universität Hamburg, DEU.
    Jannik, Fischbach
    Netlight GmbH / fortiss GmbH, DEU.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    A Live Extensible Ontology of Quality Factors for Textual Requirements2022In: Proceedings of the IEEE International Conference on Requirements Engineering / [ed] Knauss E., Mussbacher G., Arora C., Bano M., Schneider, IEEE, 2022, p. 274-280Conference paper (Refereed)
    Abstract [en]

    Quality factors like passive voice or sentence length are commonly used in research and practice to evaluate the quality of natural language requirements since they indicate defects in requirements artifacts that potentially propagate to later stages in the development life cycle. However, as a research community, we still lack a holistic perspective on quality factors. This inhibits not only a comprehensive understanding of the existing body of knowledge but also the effective use and evolution of these factors. To this end, we propose an ontology of quality factors for textual requirements, which includes (1) a structure framing quality factors and related elements and (2) a central repository and web interface making these factors publicly accessible and usable. We contribute the first version of both by applying a rigorous ontology development method to 105 eligible primary studies and construct a first version of the repository and interface. We illustrate the usability of the ontology and invite fellow researchers to a joint community effort to complete and maintain this knowledge repository. We envision our ontology to reflect the community's harmonized perception of requirements quality factors, guide reporting of new quality factors, and provide central access to the current body of knowledge.

    Download full text (pdf)
    fulltext
  • 29.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Montgomery, Lloyd
    Universität Hamburg, DEU.
    Fischbach, Jannik
    Qualicen GmbH, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Requirements Quality Research: a harmonized Theory, Evaluation, and RoadmapManuscript (preprint) (Other academic)
    Abstract [en]

    High-quality requirements minimize the risk of propagating defects to later stages of the software development life-cycle. Achieving a sufficient level of quality is a major goal of requirements engineering. This requires a clear definition and understanding of requirements quality. Though recent publications make an effort at disentangling the complex concept of quality, the requirements quality research community lacks identity and clear structure which guides advances and puts new findings into an holistic perspective. In this research commentary we contribute(1) a harmonized requirements quality theory organizing its core concepts, (2) an evaluation of the current state of requirements quality research, and (3) a research roadmap to guide advancements in the field.

  • 30.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Montgomery, Lloyd
    University of Hamburg, Germany.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Requirements quality research: a harmonized theory, evaluation, and roadmap2023In: Requirements Engineering, ISSN 0947-3602, E-ISSN 1432-010X, Vol. 28, no 4, p. 507-520Article in journal (Refereed)
    Abstract [en]

    High-quality requirements minimize the risk of propagating defects to later stages of the software development life cycle. Achieving a sufficient level of quality is a major goal of requirements engineering. This requires a clear definition and understanding of requirements quality. Though recent publications make an effort at disentangling the complex concept of quality, the requirements quality research community lacks identity and clear structure which guides advances and puts new findings into an holistic perspective. In this research commentary, we contribute (1) a harmonized requirements quality theory organizing its core concepts, (2) an evaluation of the current state of requirements quality research, and (3) a research roadmap to guide advancements in the field. We show that requirements quality research focuses on normative rules and mostly fails to connect requirements quality to its impact on subsequent software development activities, impeding the relevance of the research. Adherence to the proposed requirements quality theory and following the outlined roadmap will be a step toward amending this gap. © 2023, The Author(s).

    Download full text (pdf)
    fulltext
  • 31.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Montgomery, Lloyd
    University of Hamburg, Germany.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Let’s Stop Building at the Feet of Giants: Recovering unavailable Requirements Quality Artifacts2023In: CEUR Workshop Proceedings / [ed] Ferrari A., Penzenstadler B., Penzenstadler B., Hadar I., Oyedeji S., Abualhaija S., Vogelsang A., Deshpande G., Rachmann A., Gulden J., Wohlgemuth A., Hess A., Fricker S., Guizzardi R., Horkoff J., Perini A., Susi A., Karras O., Dalpiaz F., Moreira A., Amyot D., Spoletini P., CEUR-WS , 2023, Vol. 3378Conference paper (Refereed)
    Abstract [en]

    Requirements quality literature abounds with publications presenting artifacts, such as data sets and tools. However, recent systematic studies show that more than 80% of these artifacts have become unavailable or were never made public, limiting reproducibility and reusability. In this work, we report on an attempt to recover those artifacts. To that end, we requested corresponding authors of unavailable artifacts to recover and disclose them according to open science principles. Our results, based on 19 answers from 35 authors (54% response rate), include an assessment of the availability of requirements quality artifacts and a breakdown of authors’ reasons for their continued unavailability. Overall, we improved the availability of seven data sets and seven implementations. © 2023 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).

    Download full text (pdf)
    fulltext
  • 32.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Montgomery, Lloyd
    University of Hamburg, Germany.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Requirements quality research artifacts: Recovery, analysis, and management guideline2024In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 216, article id 112120Article in journal (Refereed)
    Abstract [en]

    Requirements quality research, which is dedicated to assessing and improving the quality of requirements specifications, is dependent on research artifacts like data sets (containing information about quality defects) and implementations (automatically detecting and removing these defects). However, recent research exposed that the majority of these research artifacts have become unavailable or have never been disclosed, which inhibits progress in the research domain. In this work, we aim to improve the availability of research artifacts in requirements quality research. To this end, we (1) extend an artifact recovery initiative, (2) empirically evaluate the reasons for artifact unavailability using Bayesian data analysis, and (3) compile a concise guideline for open science artifact disclosure. Our results include 10 recovered data sets and 7 recovered implementations, empirical support for artifact availability improving over time and the positive effect of public hosting services, and a pragmatic artifact management guideline open for community comments. With this work, we hope to encourage and support adherence to open science principles and improve the availability of research artifacts for the requirements research quality community. © 2024 The Author(s)

    Download full text (pdf)
    fulltext
  • 33.
    Gasiba, Tiago Espinha
    et al.
    Siemens AG, DEU.
    Lechner, Ulrike
    Universität der Bundeswehr München, DEU.
    Pinto-Albuquerque, Maria
    Instituto Universitário de Lisboa (ISCTE-IUL), PRT.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Awareness of secure coding guidelines in the industry - A first data analysis2020In: Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 / [ed] Wang G.,Ko R.,Bhuiyan M.Z.A.,Pan Y., Institute of Electrical and Electronics Engineers Inc. , 2020, p. 345-352Conference paper (Refereed)
    Abstract [en]

    Software needs to be secure, in particular, when deployed to critical infrastructures. Secure coding guidelines capture practices in industrial software engineering to ensure the security of code. This study aims to assess the level of awareness of secure coding in industrial software engineering, the skills of software developers to spot weaknesses in software code, avoid them, and the organizational support to adhere to coding guidelines. The approach draws on well-established theories of policy compliance, neutralization theory, and security-related stress and the authors' many years of experience in industrial software engineering and on lessons identified from training secure coding in the industry. The paper presents the questionnaire design for the online survey and the first analysis of data from the pilot study. © 2020 IEEE.

  • 34.
    Gasiba, Tiago Espinha
    et al.
    Siemens AG, DEU.
    Lechner, Ulrike
    Univ Bundeswehr Munchen, DEU.
    Pinto-Albuquerque, Maria
    Inst Univ Lisboa ISCTE IUL, PRT.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Is Secure Coding Education in the Industry Needed?: An Investigation Through a Large Scale Survey2021In: 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), IEEE COMPUTER SOC , 2021, p. 241-252Conference paper (Refereed)
    Abstract [en]

    The Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380 million USD in industrial control systems alone. Since software developers write software, they also introduce these vulnerabilities into the source code. However, secure coding guidelines exist to prevent software developers from writing vulnerable code. This study focuses on the human factor, the software developer, and secure coding, in particular secure coding guidelines. We want to understand the software developersi awareness and compliance to secure coding guidelines and why, if at all, they arenit compliant or aware. We base our results on a large-scale survey on secure coding guidelines, with more than 190 industrial software developers. Our workis main contribution motivates the need to educate industrial software developers on secure coding guidelines, and it gives a list of fifteen actionable items to be used by practitioners in the industry. We also make our raw data openly available for further research.

  • 35.
    Gorschek, Tony
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Solving Problems or Enabling Problem-Solving?: from Purity in Empirical Software Engineering to Effective Co-production (Invited Keynote)2021In: Software Quality: Future Perspectives on Software Engineering Quality / [ed] Winkler D., Biffl S., Mendez D., Wimmer M., Bergsmann J., Springer Science and Business Media Deutschland GmbH , 2021, p. 109-116Conference paper (Refereed)
    Abstract [en]

    Studying and collaborating with any software-intensive organization demands for excellence in empirical software engineering research. The ever-growing complexity and context-dependency of software products, however, demands for more pragmatic and solution-focused research. This is a great opportunity but it also conflicts with the traditional quest for “purity” in research and a very narrow focus of the work. In this short positioning, we elaborate on challenges which emerge from academia-industry collaborations and discuss touch upon pragmatic ways of approaching them along the co-production model which emerged from SERL Sweden. © 2021, Springer Nature Switzerland AG.

  • 36.
    Hehn, Jennifer
    et al.
    Bern University of Applied Sciences, CHE.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Combining Design Thinking and Software Requirements Engineering to Create Human-Centered Software-Intensive Systems2022In: Design Thinking for Software Engineering: Creating Human-oriented Software-intensive Products and Services / [ed] Jennifer Hehn, Daniel Mendez, Walter Brenner, Manfred Broy, Springer, 2022, p. 11-60Chapter in book (Refereed)
    Abstract [en]

    Effective Requirements Engineering is a crucial activity in software-intensive development projects. The human-centric working mode of Design Thinking is considered a powerful way to complement such activities when designing innovative systems. Research has already made great strides to illustrate the benefits of using Design Thinking for Requirements Engineering. However, it has remained mostly unclear how to actually realize a combination of both. In this chapter, we contribute an artifact-based model that integrates Design Thinking and Requirements Engineering for innovative software-intensive systems. Drawing from our research and project experiences, we suggest three strategies for tailoring and integrating Design Thinking and Requirements Engineering with complementary synergies.

  • 37.
    Hehn, Jennifer
    et al.
    Bern University of Applied Sciences, Switzerland.
    Mendez, DanielBlekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.Brenner, WalterUniversity of St. Gallen, Switzerland.Broy, ManfredTechnical University of Munich, Germany.
    Design Thinking for Software Engineering: Creating Human-oriented Software-intensive Products and Service2022Collection (editor) (Other academic)
    Abstract [en]

    Provides guidance to apply design thinking to design innovative software-intensive systemsOffers a comprehensive view on complementary methods and tools for design thinking and software engineeringIncludes essays from prominent academics and experienced practitioners

  • 38.
    Hehn, Jennifer
    et al.
    University of St. Gallen, CHF.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Uebernickel, Falk
    Hasso Plattner Institute, DEU.
    Brenner, Walter
    Universität St. Gallen, CHF.
    Broy, Manfred
    Technical University of Munich, DEU.
    On Integrating Design Thinking for a Human-Centered Requirements Engineering2020In: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194, Vol. 37, no 2, p. 25-31Article in journal (Refereed)
    Abstract [en]

    In this position paper, we elaborate on the possibilities and needs to integrate Design Thinking into Requirements Engineering. We draw from our research and project experiences to compare what is understood as Design Thinking and Requirements Engineering considering their involved artifacts. We suggest three approaches for tailoring and integrating Design Thinking and Requirements Engineering with complementary synergies and point at open challenges for research and practice. IEEE

  • 39.
    Hoffmann, Marco
    et al.
    QualityMinds GmbH, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fagerholm, Fabian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Luckhardt, Anton
    The Technical University of Munich (TUM), Germany.
    The human side of Software Engineering Teams: an investigation of contemporary challenges2023In: IEEE Transactions on Software Engineering, ISSN 0098-5589, E-ISSN 1939-3520, Vol. 49, no 1, p. 211-225Article in journal (Refereed)
    Abstract [en]

    There have been numerous recent calls for research on the human side of software engineering and its impact on project success. An analysis of which challenges in software engineering teams are most relevant and frequent is still missing. As teams are more international, it is more frequent that their members have different personal values as well as different communication habits. Additionally, virtual team setups (working geographically separated, remote communication using digital tools and frequently changing team members) are increasingly prevalent. We designed a survey instrument and asked respondents to assess the frequency and criticality of a set of challenges, both within teams as well as between teams and clients. For the team challenges, we asked if mitigation measures were already in place to tackle the challenge. Respondents were also asked to provide information about their team setup. The survey included an instrument to measure Schwartz human values. The survey was first piloted and then distributed to professionals working in software engineering teams. In this article, we report on the results obtained from 192 survey respondents. We present a set of challenges that takes the survey feedback into account and introduce two categories of challenges; inter-personal and intra-personal. We found no evidence for links between personality values and challenges. We found some significant links between the number of distinct nationalities in a team and certain challenges. We found evidence that a higher degree of virtualization leads to an increase of the frequency of some human challenges. We present a set of human challenges in software engineering that can be used for further research on causes and mitigation measures, which serves as our starting point for a theory about causes of contemporary human challenges in software engineering teams. Our findings warrants further research on human challenges in software engineering and gather more evidence and test countermeasures, such as whether the employment of virtual reality software incorporating facial expressions and movements can help establish a less detached way of communication. IEEE

  • 40.
    Iqbal, Tahira
    et al.
    Fortiss GmbH, DEU.
    Seyff, Norbert
    Fachhochschule Nordwestschweiz FHNW, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Generating requirements out of thin air: Towards automated feature identification for new apps2019In: Proceedings - 2019 IEEE 27th International Requirements Engineering Conference Workshops, REW 2019, Institute of Electrical and Electronics Engineers Inc. , 2019, p. 193-199, article id 8933543Conference paper (Refereed)
    Abstract [en]

    App store mining has proven to be a promising technique for requirements elicitation as companies can gain valuable knowledge to maintain and evolve existing apps. However, despite first advancements in using mining techniques for requirements elicitation, little is yet known how to distill requirements for new apps based on existing (similar) solutions and how exactly practitioners would benefit from such a technique. In the proposed work, we focus on exploring information (e.g. app store data) provided by the crowd about existing solutions to identify key features of applications in a particular domain. We argue that these discovered features and other related influential aspects (e.g. ratings) can help practitioners(e.g. software developer) to identify potential key features for new applications. To support this argument, we first conducted an interview study with practitioners to understand the extent to which such an approach would find champions in practice. In this paper, we present the first results of our ongoing research in the context of a larger road-map. Our interview study confirms that practitioners see the need for our envisioned approach. Furthermore, we present an early conceptual solution to discuss the feasibility of our approach. However, this manuscript is also intended to foster discussions on the extent to which machine learning can and should be applied to elicit automated requirements on crowd generated data on different forums and to identify further collaborations in this endeavor. © 2019 IEEE.

  • 41.
    Jedrzejewski, Felix
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Thode, Lukas
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Lavesson, Niklas
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Adversarial Machine Learning in Industry: A Systematic Literature Review2024In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 145, article id 103988Article, review/survey (Refereed)
    Abstract [en]

    Adversarial Machine Learning (AML) discusses the act of attacking and defending Machine Learning (ML) Models, an essential building block of Artificial Intelligence (AI). ML is applied in many software-intensive products and services and introduces new opportunities and security challenges. AI and ML will gain even more attention from the industry in the future, but threats caused by already-discovered attacks specifically targeting ML models are either overseen, ignored, or mishandled. Current AML research investigates attack and defense scenarios for ML in different industrial settings with a varying degree of maturity with regard to academic rigor and practical relevance. However, to the best of our knowledge, a synthesis of the state of academic rigor and practical relevance is missing. This literature study reviews studies in the area of AML in the context of industry, measuring and analyzing each study's rigor and relevance scores. Overall, all studies scored a high rigor score and a low relevance score, indicating that the studies are thoroughly designed and documented but miss the opportunity to include touch points relatable for practitioners. © 2024 The Author(s)

    Download full text (pdf)
    fulltext
  • 42.
    Klymenko, Oleksandra
    et al.
    Technical University of Munich, DEU.
    Kosenkov, Oleksandr
    Fortiss GmbH, DEU.
    Meisenbacher, Stephen
    Technical University of Munich, DEU.
    Elahidoost, Parisa
    Fortiss GmbH, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Matthes, Florian
    Fortiss GmbH, DEU.
    Understanding the Implementation of Technical Measures in the Process of Data Privacy Compliance: A Qualitative Study2022In: ESEM '22: Proceedings of the 16th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement / [ed] Madeiral F., Lassenius C., Conte T., Mannisto T., IEEE Computer Society, 2022, p. 261-271Conference paper (Refereed)
    Abstract [en]

    Background: Modern privacy regulations, such as the General Data Protection Regulation (GDPR), address privacy in software systems in a technologically agnostic way by mentioning general "technical measures"for data privacy compliance rather than dictating how these should be implemented. An understanding of the concept of technical measures and how exactly these can be handled in practice, however, is not trivial due to its interdisciplinary nature and the necessary technical-legal interactions. Aims: We aim to investigate how the concept of technical measures for data privacy compliance is understood in practice as well as the technical-legal interaction intrinsic to the process of implementing those technical measures. Methods: We follow a research design that is 1) exploratory in nature, 2) qualitative, and 3) interview-based, with 16 selected privacy professionals in the technical and legal domains. Results: Our results suggest that there is no clear mutual understanding and commonly accepted approach to handling technical measures. Both technical and legal roles are involved in the implementation of such measures. While they still often operate in separate spheres, a predominant opinion amongst the interviewees is to promote more interdisciplinary collaboration. Conclusions: Our empirical findings confirm the need for better interaction between legal and engineering teams when implementing technical measures for data privacy. We posit that interdisciplinary collaboration is paramount to a more complete understanding of technical measures, which currently lacks a mutually accepted notion. Yet, as strongly suggested by our results, there is still a lack of systematic approaches to such interaction. Therefore, the results strengthen our confidence in the need for further investigations into the technical-legal dynamic of data privacy compliance. © 2022 Association for Computing Machinery.

  • 43.
    Kosenkov, Oleksandr
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Elahidoost, Parisa
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Fortiss GmbH, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mohanani, Rahul
    University of Jyväskylä, Finland.
    Systematic mapping study on requirements engineering for regulatory compliance of software systems2025In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 178, article id 107622Article, review/survey (Refereed)
    Abstract [en]

    Context: As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. We argue that, as with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering—i.e., during requirements engineering (RE).

    Objectives: In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS.

    Method: We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles, and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle process areas. We retrieved 6914 studies published from 2017 (January 1) until 2023 (December 31) from four academic databases, which we filtered down to 280 relevant primary studies.

    Results: We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices addressing challenges. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts in developing principles and practices. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields (privacy, quality) and application domains (healthcare, software development, avionics). Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation.

    Conclusion: Our findings highlight the need for an in-depth investigation of stakeholders’ roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice. 

    Download full text (pdf)
    fulltext
  • 44.
    Kosenkov, Oleksandr
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, Germany.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Regulatory Requirements Engineering in Large Enterprises: An Interview Study on the European Accessibility Act2025In: Product-Focused Software Process Improvement / [ed] Dietmar Pfahl, Javier Gonzalez Huerta, Jil Klünder, Hina Anwar, Springer Science+Business Media B.V., 2025, Vol. 15452, p. 204-220Conference paper (Refereed)
    Abstract [en]

    Context: Regulations, such as the European Accessibility Act (EAA), impact the engineering of software products and services. Managing that impact while providing meaningful inputs to development teams is one of the emerging requirements engineering (RE) challenges.

    Problem: Enterprises conduct Regulatory Impact Analysis (RIA) to consider the effects of regulations on software products offered and formulate requirements at an enterprise level. Despite its practical relevance, we are unaware of any studies on this large-scale regulatory RE process.

    Methodology: We conducted an exploratory interview study of RIA in three large enterprises. We focused on how they conduct RIA, emphasizing cross-functional interactions, and using the EAA as an example.

    Results: RIA, as a regulatory RE process, is conducted to address the needs of executive management and central functions. It involves coordination between different functions and levels of enterprise hierarchy. Enterprises use artifacts to support interpretation and communication of the results of RIA. Challenges to RIA are mainly related to the execution of such coordination and managing the knowledge involved.

    Conclusion: RIA in large enterprises demands close coordination of multiple stakeholders and roles. Applying interpretation and compliance artifacts is one approach to support such coordination. However, there are no established practices for creating and managing such artifacts. 

  • 45.
    Kosenkov, Oleksandr
    et al.
    Fortiss GmbH, DEU.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vision for an artefact-based approach to regulatory requirements engineering2021In: International Symposium on Empirical Software Engineering and Measurement, IEEE Computer Society , 2021, p. 1-6, article id 36Conference paper (Refereed)
    Abstract [en]

    Background: Nowadays, regulatory requirements engineering (regulatory RE) faces challenges of interdisciplinary nature that cannot be tackled due to existing research gaps. Aims: We envision an approach to solve some of the challenges related to the nature and complexity of regulatory requirements, the necessity for domain knowledge, and the involvement of legal experts in regulatory RE. Method:We suggest the qualitative analysis of regulatory texts combined with the further case study to develop an empirical foundation for our research. Results: We outline our vision for the application of extended artefact-based modeling for regulatory RE. Conclusions: Empirical methodology is an essential instrument to address interdisciplinarity and complexity in regulatory RE. Artefact-based modeling supported by empirical results can solve a particular set of problems while not limiting the application of other methods and tools and facilitating the interaction between different fields of practice and research. © 2021 IEEE Computer Society. All rights reserved.

  • 46.
    Kosenkov, Oleksandr
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. Fortiss GmbH, Munich, Germany.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Munich, Germany.
    On Developing an Artifact-Based Approach to Regulatory Requirements Engineering2024In: Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024 / [ed] Liebel, G, Hadar I, Spoletini, P, Institute of Electrical and Electronics Engineers (IEEE), 2024, p. 262-271Conference paper (Refereed)
    Abstract [en]

    Context: Regulatory acts are a challenging source when eliciting, interpreting, and analyzing requirements. Requirements engineers often need to involve legal experts who, however, may often not be available. This raises the need for approaches to regulatory Requirements Engineering (RE) covering and integrating both legal and engineering perspectives. Problem: Regulatory RE approaches need to capture and reflect both the elementary concepts and relationships from a legal perspective and their seamless transition to concepts used to specify software requirements. No existing approach considers explicating and managing legal domain knowledge and engineering-legal coordination. Method: We conducted focus group sessions with legal researchers to identify the core challenges to establishing a regulatory RE approach. Based on our findings, we developed a candidate solution and conducted a first conceptual validation to assess its feasibility. Results: We introduce the first version of our Artifact Model for Regulatory Requirements Engineering (AM4RRE) and its conceptual foundation. It provides a blueprint for applying legal (modelling) concepts and well-established RE concepts. Our initial results suggest that artifact-centric RE can be applied to managing legal domain knowledge and engineering-legal coordination. Conclusions: The focus groups that served as a basis for building our model and the results from the expert validation both strengthen our confidence that we already provide a valuable basis for systematically integrating legal concepts into RE. This overcomes contemporary challenges to regulatory RE and serves as a basis for exposure to critical discussions in the community before continuing with the development of tool-supported extensions and large-scale empirical evaluations in practice. © 2024 IEEE.

  • 47.
    Lenarduzzi, Valentina
    et al.
    Lut University, FIN.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    On the perceived harmfulness of requirement smells: An empirical study2020In: CEUR Workshop Proceedings / [ed] Sabetzadeh M.,Vogelsang A.,Abualhaija S.,Borg M.,Dalpiaz F.,Daneva M.,Fernandez N.C.,Franch X.,Fucci D.,Gervasi V.,Groen E.,Guizzardi R.,Herrmann A.,Horkoff J.,Mich L.,Perini A.,Susi A., CEUR-WS , 2020, Vol. 2584Conference paper (Refereed)
    Abstract [en]

    Technical debt is considered to have negative effects to the long term success of software projects. However, how the debt metaphor applies to requirements engineering is yet not significantly explored. Previ- ously, we proposed a framework to identify Requirements Debt (ReD) in three stages of the software development lifecycle. One of these stages is the formalization of stakeholder needs into natural language requirement specifications. In this work, we propose a live study aiming at surveying requirements engineering experts to gain further insights on the issues taking place at this stage and how they fit in our definition of ReD. Copyright © 2020 for this paper by its authors.

    Download full text (pdf)
    On the perceived harmfulness of requirement smells: An empirical study
  • 48.
    Mendez, Daniel
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Graziotin, Daniel
    University of Stuttgart, GER.
    Seibold, Heidi
    Ludwig-Maximilians-University Munich, GER.
    Open Science in Software Engineering2020In: Contemporary Empirical Methods in Software Engineering / [ed] Michael Felderer, Guilherme Horta Travassos, Springer, 2020, p. 477-501Chapter in book (Refereed)
    Abstract [en]

    Open science describes the movement of making any research artifact available to the public and includes, but is not limited to, open access, open data, and open source. While open science is becoming generally accepted as a norm in other scientific disciplines, in software engineering, we are still struggling in adapting open science to the particularities of our discipline, rendering progress in our scientific community cumbersome. In this chapter, we reflect upon the essentials in open science for software engineering including what open science is, why we should engage in it, and how we should do it. We particularly draw from our experiences made as conference chairs implementing open science initiatives and as researchers actively engaging in open science to critically discuss challenges and pitfalls and to address more advanced topics such as how and under which conditions to share preprints, what infrastructure and licence model to cover, or how do it within the limitations of different reviewing models, such as double-blind reviewing. Our hope is to help establishing a common ground and to contribute to make open science a norm also in software engineering.

    Download full text (pdf)
    fulltext
  • 49.
    Mendez, Daniel
    et al.
    Technical University of Munich, Germany.
    Monperrus, Martin
    KTH Royal Institute of Technology.
    Feldt, Robert
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Zimmermann, Thomas
    Microsoft Research, United States.
    The open science initiative of the Empirical Software Engineering journal2019In: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 24, no 3, p. 1057-1060Article in journal (Refereed)
  • 50.
    Mendez, Daniel
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Moreira, Ana
    NOVA University of Lisbon, Portugal.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    REFSQ 2024: Joint Proceedings of Workshops, Doctoral Symposium, Posters & Tools Track, and Education and Training Track—Preface2024In: CEUR Workshop Proceedings, Technical University of Aachen , 2024Conference paper (Other academic)
    Abstract [en]

    This document is the preface of the Joint Proceedings of Workshops, Doctoral Symposium, Posters & Tools Track, and Education and Training Track of the 30th International Working Conference on Requirement Engineering: Foundation for Software Quality (REFSQ 2024), 8th—11th April 2024, held in Winterthur, Switzerland. © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).

    Download full text (pdf)
    fulltext
12 1 - 50 of 78
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf