Change search
Refine search result
12 1 - 50 of 57
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Abrahão, Silvia
    et al.
    Universitat Politècnica de València, ESP.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Message from the Artifact Evaluation Chairs of ICSE 20212021In: Proceedings - International Conference on Software Engineering, IEEE Computer Society , 2021Conference paper (Other academic)
  • 2.
    Angermeir, Florian
    et al.
    Tech Univ Munich, DEU.
    Voggenreiter, Markus
    Siemens Technol, Mumbai, DEU.
    Moyon, Fabiola
    Tech Univ Munich, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Enterprise-Driven Open Source Software: A Case Study on Security Automation2021In: 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2021), IEEE Computer Society, 2021, no 43rd IEEE/ACM International Conference on Software Engineering - Software Engineering in Practice (ICSE-SEIP) / 43rd ACM/IEEE International Conference on Software Engineering - New Ideas and Emerging Results (ICSE-NIER), p. 278-287Conference paper (Refereed)
    Abstract [en]

    Agile and DevOps are widely adopted by the industry. Hence, integrating security activities with industrial practices. such as continuous integration (CI) pipelines, is necessary to detect security flaws and adhere to regulators' demands early. In this paper, we analyze automated security activities in CI pipelines of enterprise-driven open source software (OSS). This shall allow us, in the long-run, to better understand the extent to which security activities are (or should be) part of automated pipelines. In particular, we mine publicly available OSS repositories and survey a sample of project maintainers to better understand the role that security activities and their related tools play in their CI pipelines. To increase transparency and allow other researchers to replicate our study (and to take different perspectives), we further disclose our research artefacts. Our results indicate that security activities in enterprise-driven OSS projects are scarce and protection coverage is rather low. Only 6.83% of the analyzed 8,243 projects apply security automation in their CI pipelines, even though maintainers consider security to be rather important. This alerts industry to keep the focus on vulnerabilities of 3rd Party software and it opens space for other improvements or practice which we outline in this manuscript.

  • 3. Chuprina, Tatiana
    et al.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Towards Artefact-based Requirements Engineering for Data-Centric Systems2021In: CEUR Workshop Proceedings / [ed] Aydemir F.B.,Gralha C.,Daneva M.,Groen E.C.,Herrmann A.,Mennig P.,Abualhaija S.,Ferrari A.,Guo J.,Guizzardi R.,Horkoff J.,Perini A.,Susi A.,Breaux T.,Franch X.,Ernst N.,Paja E.,Seyff N., CEUR-WS , 2021, Vol. 2857Conference paper (Refereed)
    Abstract [en]

    Many modern software-intensive systems employ artificial intelligence / machine-learning (AI/ML) components and are, thus, inherently data-centric. The behaviour of such systems depends on typically large amounts of data processed at run-Time rendering such non-deterministic systems as complex. This complexity growth affects our understanding on needs and practices in Requirements Engineering (RE). There is, however, still little guidance on how to handle requirements for such systems effectively: What are, for example, typical quality requirements classes What modelling concepts do we rely on or which levels of abstraction do we need to consider In fact, how to integrate such concepts into approaches for a more traditional RE still needs profound investigations. In this research preview paper, we report on ongoing efforts to establish an artefact-based RE approach for the development of datacentric systems (DCSs). To this end, we sketch a DCS development process with the newly proposed requirements categories and data-centric artefacts and briefly report on an ongoing investigation of current RE challenges in industry developing data-centric systems. © 2021 CEUR-WS. All rights reserved.

    Download full text (pdf)
    fulltext
  • 4.
    Dehghani, Razieh
    et al.
    Sharif University of Technology, IRN.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Ramsin, Raman
    Sharif University of Technology, IRN.
    On Understanding the Relation of Knowledge and Confidence to Requirements Quality2021In: REQUIREMENTS ENGINEERING: FOUNDATION FOR SOFTWARE QUALITY (REFSQ 2021) / [ed] Dalpiaz F., Spoletini P., Springer Science and Business Media Deutschland GmbH , 2021, Vol. 12685, p. 208-224Conference paper (Refereed)
    Abstract [en]

    [Context and Motivation] Software requirements are affected by the knowledge and confidence of software engineers. Analyzing the interrelated impact of these factors is difficult because of the challenges of assessing knowledge and confidence. [Question/Problem] This research aims to draw attention to the need for considering the interrelated effects of confidence and knowledge on requirements quality, which has not been addressed by previous publications. [Principal ideas/results] For this purpose, the following steps have been taken: 1) requirements quality was defined based on the instructions provided by the ISO29148:2011 standard, 2) we selected the symptoms of low qualified requirements based on ISO29148:2011, 3) we analyzed five Software Requirements Specification (SRS) documents to find these symptoms, 3) people who have prepared the documents were categorized in four classes to specify the more/less knowledge and confidence they have regarding the symptoms, and 4) finally, the relation of lack of enough knowledge and confidence to symptoms of low quality was investigated. The results revealed that the simultaneous deficiency of confidence and knowledge has more negative effects in comparison with a deficiency of knowledge or confidence. [Contribution] In brief, this study has achieved these results: 1) the realization that a combined lack of knowledge and confidence has a larger effect on requirements quality than only one of the two factors, 2) the relation between low qualified requirements and requirements engineers’ needs for knowledge and confidence, and 3) variety of requirements engineers’ needs for knowledge based on their abilities to make discriminative and consistent decisions. © 2021, Springer Nature Switzerland AG.

    Download full text (pdf)
    fulltext
  • 5.
    Dorner, Michael
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Šmite, Darja
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Czerwonka, Jacek
    Microsoft Research, USA.
    Only Time Will Tell: Modelling Information Diffusion in Code Review with Time-Varying Hypergraphs2022In: ESEM '22: Proceedings of the 16th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement / [ed] Madeiral F., Lassenius C., Lassenius C., Conte T., Mannisto T., Association for Computing Machinery (ACM), 2022, p. 195-204Conference paper (Refereed)
    Abstract [en]

    Background: Modern code review is expected to facilitate knowledge sharing: All relevant information, the collective expertise, and meta-information around the code change and its context become evident, transparent, and explicit in the corresponding code review discussion. The discussion participants can leverage this information in the following code reviews; the information diffuses through the communication network that emerges from code review. Traditional time-aggregated graphs fall short in rendering information diffusion as those models ignore the temporal order of the information exchange: Information can only be passed on if it is available in the first place.

    Aim: This manuscript presents a novel model based on time-varying hypergraphs for rendering information diffusion that overcomes the inherent limitations of traditional, time-aggregated graph-based models. 

    Method: In an in-silico experiment, we simulate an information diffusion within the internal code review at Microsoft and show the empirical impact of time on a key characteristic of information diffusion: the number of reachable participants. 

    Results: Time-aggregation significantly overestimates the paths of information diffusion available in communication networks and, thus, is neither precise nor accurate for modelling and measuring the spread of information within communication networks that emerge from code review. 

    Conclusion: Our model overcomes the inherent limitations of traditional, static or time-aggregated, graph-based communication models and sheds the first light on information diffusion through code review. We believe that our model can serve as a foundation for understanding, measuring, managing, and improving knowledge sharing in code review in particular and information diffusion in software engineering in general.

    Download full text (pdf)
    fulltext
  • 6.
    Ernst, Neil A.
    et al.
    University of Victoria, CAN.
    Carver, Jeffrey C.
    University of Alabama, USA.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Torchiano, Marco
    Politecnico di Torino, ITA.
    Understanding peer review of software engineering papers2021In: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 26, no 5, article id 103Article in journal (Refereed)
    Abstract [en]

    Context: Peer review is a key activity intended to preserve the quality and integrity of scientific publications. However, in practice it is far from perfect. Objective: We aim at understanding how reviewers, including those who have won awards for reviewing, perform their reviews of software engineering papers to identify both what makes a good reviewing approach and what makes a good paper. Method: We first conducted a series of interviews with recognised reviewers in the software engineering field. Then, we used the results of those interviews to develop a questionnaire used in an online survey and sent out to reviewers from well-respected venues covering a number of software engineering disciplines, some of whom had won awards for their reviewing efforts. Results: We analyzed the responses from the interviews and from 175 reviewers who completed the online survey (including both reviewers who had won awards and those who had not). We report on several descriptive results, including: Nearly half of award-winners (45%) are reviewing 20+ conference papers a year, while 28% of non-award winners conduct that many. The majority of reviewers (88%) are taking more than two hours on journal reviews. We also report on qualitative results. Our findings suggest that the most important criteria of a good review is that it should be factual and helpful, which ranked above others such as being detailed or kind. The most important features of papers that result in positive reviews are a clear and supported validation, an interesting problem, and novelty. Conversely, negative reviews tend to result from papers that have a mismatch between the method and the claims and from papers with overly grandiose claims. Further insights include, if not limited to, that reviewers view data availability and its consistency as being important or that authors need to make their contribution of the work very clear in their paper. Conclusions: Based on the insights we gained through our study, we conclude our work by compiling a proto-guideline for reviewing. One hope we associate with our work is to contribute to the ongoing debate and contemporary effort to further improve our peer review models in the future. © 2021, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.

  • 7.
    Fabiola Moyón, Constante
    et al.
    Technical University of Munich and Siemens Technology.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Angermeir, Florian
    Siemens Technology and Technical University of Munich.
    Bonvin, Pierre-Louis
    Siemens Technology and Technical University of Munich.
    Voggenreiter, Markus
    LMU Munich.
    RefA: Reference Architecture for Security-compliant DevOps2023Report (Refereed)
    Abstract [en]

    This technical report presents RefA, a reference architecture for security-compliant DevOps. RefA consists of a set of models that illustrate the artefacts and practice areas to consider when implementing secure DevOps lifecycles. In addition, RefA describes people, proceses, and technology aspects to be considered in each practice area. Practitioners can use RefA for the purposes of designing and assessing security compliance of their DevOps lifecycles, while researchers may use RefA as a reference for setting up research roadmaps. RefA models result from combining the profound analysis of the IEC 62443-4-1 standard for secure industrial products development, continuous software engineering literature review, and observations made in practice in context of a large industrial company during the past 5 years. The manuscript constitutes original, previously unpublished research.

    Download full text (pdf)
    fulltext
  • 8.
    Fischbach, Jannik
    et al.
    Netlight Consulting GmbH, Germany.
    Adam, Max
    Technical University of Munich, Germany.
    Dzhagatspanyan, Victor
    Technical University of Munich, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Kosenkov, Oleksandr
    Fortiss GmbH, Germany.
    Elahidoost, Parisa
    Fortiss GmbH, Germany.
    Automatic ESG Assessment of Companies by Mining and Evaluating Media Coverage Data: NLP Approach and Tool2023In: Proceedings - 2023 IEEE International Conference on Big Data, BigData 2023, Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 2823-2830Conference paper (Refereed)
    Abstract [en]

    [Context:] Society increasingly values sustainable corporate behaviour, impacting corporate reputation and customer trust. Hence, companies regularly publish sustainability reports to shed light on their impact on environmental, social, and governance (ESG) factors. [Problem:] Sustainability reports are written by companies and therefore considered a company-controlled source. Contrarily, studies reveal that non-corporate channels (e.g., media coverage) represent the main driver for ESG transparency. However, analysing media coverage regarding ESG factors is challenging since (1) the amount of published news articles grows daily, (2) media coverage data does not necessarily deal with an ESG-relevant topic, meaning that it must be carefully filtered, and (3) the majority of media coverage data is unstructured. [Research Goal:] We aim to automatically extract ESG-relevant information from textual media reactions to calculate an ESG score for a given company. Our goal is to reduce the cost of ESG data collection and make ESG information available to the general public. [Contribution:] Our contributions are three-fold: First, we publish a corpus of 432,411 news headlines annotated as being environmental-, governance-, social-related, or ESG-irrelevant. Second, we present our tool-supported approach called ESG-Miner, capable of automatically analysing and evaluating corporate ESG performance headlines. Third, we demonstrate the feasibility of our approach in an experiment and apply the ESG-Miner on 3000 manually labelled headlines. Our approach correctly processes 96.7% of the headlines and shows great performance in detecting environmental-related headlines and their correct sentiment. © 2023 IEEE.

  • 9.
    Fischbach, Jannik
    et al.
    Qualicen GmbH, DEU.
    Femmer, Henning
    Qualicen GmbH, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vogelsang, Andreas
    University of Cologne, DEU.
    What makes agile test artifacts useful?: An activity-based quality model from a practitioners' perspective2020In: International Symposium on Empirical Software Engineering and Measurement, IEEE Computer Society, 2020, article id 3421462Conference paper (Refereed)
    Abstract [en]

    Background: The artifacts used in Agile software testing and the reasons why these artifacts are used are fairly well-understood. However, empirical research on how Agile test artifacts are eventually designed in practice and which quality factors make them useful for software testing remains sparse. Aims: Our objective is two-fold. First, we identify current challenges in using test artifacts to understand why certain quality factors are considered good or bad. Second, we build an Activity-Based Artifact Quality Model that describes what Agile test artifacts should look like. Method: We conduct an industrial survey with 18 practitioners from 12 companies operating in seven different domains. Results: Our analysis reveals nine challenges and 16 factors describing the quality of six test artifacts from the perspective of Agile testers. Interestingly, we observed mostly challenges regarding language and traceability, which are well-known to occur in non-Agile projects. Conclusions: Although Agile software testing is becoming the norm, we still have little confidence about general do's and don'ts going beyond conventional wisdom. This study is the first to distill a list of quality factors deemed important to what can be considered as useful test artifacts. © 2020 IEEE Computer Society. All rights reserved.

    Download full text (pdf)
    fulltext
  • 10.
    Fischbach, Jannik
    et al.
    Qualicen GmbH, DEU.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Femmer, Henning
    Qualicen GmbH, DEU.
    Vogelsang, Andreas
    University of Cologne, DEU.
    How Do Practitioners Interpret Conditionals in Requirements?2021In: Lecture Notes in Computer Science / [ed] Ardito L., Jedlitschka A., Morisio M., Torchiano M., Springer Science and Business Media Deutschland GmbH , 2021, Vol. 13126, p. 85-102Conference paper (Refereed)
    Abstract [en]

    Context: Conditional statements like “If A and B then C” are core elements for describing software requirements. However, there are many ways to express such conditionals in natural language and also many ways how they can be interpreted. We hypothesize that conditional statements in requirements are a source of ambiguity, potentially affecting downstream activities such as test case generation negatively. Objective: Our goal is to understand how specific conditionals are interpreted by readers who work with requirements. Method: We conduct a descriptive survey with 104 RE practitioners and ask how they interpret 12 different conditional clauses. We map their interpretations to logical formulas written in Propositional (Temporal) Logic and discuss the implications. Results: The conditionals in our tested requirements were interpreted ambiguously. We found that practitioners disagree on whether an antecedent is only sufficient or also necessary for the consequent. Interestingly, the disagreement persists even when the system behavior is known to the practitioners. We also found that certain cue phrases are associated with specific interpretations. Conclusion: Conditionals in requirements are a source of ambiguity and there is not just one way to interpret them formally. This affects any analysis that builds upon formalized requirements (e.g., inconsistency checking, test-case generation). Our results may also influence guidelines for writing requirements. © 2021, Springer Nature Switzerland AG.

  • 11.
    Fischbach, Jannik
    et al.
    Qualicen GmbH, DEU.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Spaans, Arjen
    Qualicen GmbH, DEU.
    Kummeth, Maximilian
    Qualicen GmbH, DEU.
    Vogelsang, Andreas
    University of Cologne, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Automatic Detection of Causality in Requirement Artifacts: The CiRA Approach2021In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Dalpiaz F., Spoletini P., Springer Science and Business Media Deutschland GmbH , 2021, Vol. 12685, p. 19-36Conference paper (Refereed)
    Abstract [en]

    [Context & motivation:] System behavior is often expressed by causal relations in requirements (e.g., If event 1, then event 2). Automatically extracting this embedded causal knowledge supports not only reasoning about requirements dependencies, but also various automated engineering tasks such as seamless derivation of test cases. However, causality extraction from natural language (NL) is still an open research challenge as existing approaches fail to extract causality with reasonable performance. [Question/problem:] We understand causality extraction from requirements as a two-step problem: First, we need to detect if requirements have causal properties or not. Second, we need to understand and extract their causal relations. At present, though, we lack knowledge about the form and complexity of causality in requirements, which is necessary to develop a suitable approach addressing these two problems. [Principal ideas/results:] We conduct an exploratory case study with 14,983 sentences from 53 requirements documents originating from 18 different domains and shed light on the form and complexity of causality in requirements. Based on our findings, we develop a tool-supported approach for causality detection (CiRA, standing for Causality in Requirement Artifacts). This constitutes a first step towards causality extraction from NL requirements. [Contribution:] We report on a case study and the resulting tool-supported approach for causality detection in requirements. Our case study corroborates, among other things, that causality is, in fact, a widely used linguistic pattern to describe system behavior, as about a third of the analyzed sentences are causal. We further demonstrate that our tool CiRA achieves a macro-F 1 score of 82% on real word data and that it outperforms related approaches with an average gain of 11.06% in macro-Recall and 11.43% in macro-Precision. Finally, we disclose our open data sets as well as our tool to foster the discourse on the automatic detection of causality in the RE community. © 2021, Springer Nature Switzerland AG.

    Download full text (pdf)
    fulltext
  • 12.
    Fischbach, Jannik
    et al.
    Netlight Consulting GmbH, DEU.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vogelsang, Andreas
    University of Cologne, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wehrle, Andreas
    Allianz Deutschland AG, DEU.
    Henao, Pablo Restrepo
    Netlight Consulting GmbH, DEU.
    Yousefi, Parisa
    Ericsson, SWE.
    Juricic, Tedi
    Ericsson, SWE.
    Radduenz, Jeannette
    Allianz Deutschland AG, DEU.
    Wiecher, Carsten
    Leopold Kostal GmbH & Co. KG, DEU.
    Automatic creation of acceptance tests by extracting conditionals from requirements: NLP approach and case study2023In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 197, article id 111549Article in journal (Refereed)
    Abstract [en]

    Acceptance testing is crucial to determine whether a system fulfills end-user requirements. However, the creation of acceptance tests is a laborious task entailing two major challenges: (1) practitioners need to determine the right set of test cases that fully covers a requirement, and (2) they need to create test cases manually due to insufficient tool support. Existing approaches for automatically deriving test cases require semi-formal or even formal notations of requirements, though unrestricted natural language is prevalent in practice. In this paper, we present our tool-supported approach CiRA (Conditionals in Requirements Artifacts) capable of creating the minimal set of required test cases from conditional statements in informal requirements. We demonstrate the feasibility of CiRA in a case study with three industry partners. In our study, out of 578 manually created test cases, 71.8% can be generated automatically. Additionally, CiRA discovered 80 relevant test cases that were missed in manual test case design. CiRA is publicly available at www.cira.bth.se/demo/. © 2022

  • 13.
    Fischbach, Jannik
    et al.
    Qualicen GmbH, DEU.
    Springer, Tobias
    Technical University of Munich, DEU.
    Frattini, Julian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Femmer, Henning
    Qualicen GmbH, DEU.
    Vogelsang, Andreas
    University of Cologne, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fine-Grained Causality Extraction from Natural Language Requirements Using Recursive Neural Tensor Networks2021In: Proceedings of the IEEE International Conference on Requirements Engineering / [ed] Yue T., Mirakhorli M., IEEE Computer Society , 2021, p. 60-69Conference paper (Refereed)
    Abstract [en]

    [Context:] Causal relations (e.g., If A, then B) are prevalent in functional requirements. For various applications of AI4RE, e.g., the automatic derivation of suitable test cases from requirements, automatically extracting such causal statements are a basic necessity. [Problem:] We lack an approach that is able to extract causal relations from natural language requirements in fine-grained form. Specifically, existing approaches do not consider the combinatorics between causes and effects. They also do not allow to split causes and effects into more granular text fragments (e.g., variable and condition), making the extracted relations unsuitable for automatic test case derivation. [Objective Contributions:] We address this research gap and make the following contributions: First, we present the Causality Treebank, which is the first corpus of fully labeled binary parse trees representing the composition of 1,571 causal requirements. Second, we propose a fine-grained causality extractor based on Recursive Neural Tensor Networks. Our approach is capable of recovering the composition of causal statements written in natural language and achieves a F1 score of 74% in the evaluation on the Causality Treebank. Third, we disclose our open data sets as well as our code to foster the discourse on the automatic extraction of causality in the RE community. © 2021 IEEE.

  • 14.
    Franch, Xavier
    et al.
    Universitat Politcnica de Catalunya (UPC), ESP.
    Glinz, Martin
    University of Zurich, CHE.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Seyff, Norbert
    University of Zurich, CHE.
    A Study about the Knowledge and Use of Requirements Engineering Standards in Industry2022In: IEEE Transactions on Software Engineering, ISSN 0098-5589, E-ISSN 1939-3520, Vol. 48, no 9, p. 3310-3325Article in journal (Refereed)
    Abstract [en]

    The use of standards is considered a vital part of any engineering discipline. So one could expect that standards play an important role in Requirements Engineering (RE) as well. However, little is known about the actual knowledge and use of RE-related standards in industry. <i>Objective</i>. In this article, we investigate to which ex-tent standards and related artifacts such as templates or guidelines are known and used by RE practitioners. <i>Method</i>. To this end, we have conducted an online survey. We could analyze the replies from 90 RE practitioners using a combination of closed and open-text questions. <i>Results</i>. Our results indicate that the knowledge and use of standards and related artifacts in RE may be less widespread than one might expect from an engineering perspective. For example, about 45% of the respondents working as requirements engineers or business analysts do not know at least one of the two core standards in RE. Participants in our study mostly use standards rather by personal decision than imposed by their company, customer, or regulator. Beyond insufficient knowledge, we also found cultural and organizational factors impeding the widespread adoption of standards in RE. <i>Conclusions</i>. Overall, our results provide empirically informed insights into the actual use of standards and related artifacts in RE practice and indirectly about the value that the current standards create for RE practitioners. IEEE

  • 15.
    Franch, Xavier
    et al.
    Universitat Politecnica de Catalunya, ESP.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vogelsang, Andreas
    Technische Universitat Berlin, DEU.
    Heldal, Rogardt
    Western Norway University of Applied Sciences, NOR.
    Knauss, Eric
    Chalmers tekniska högskola, SWE.
    Oriol, Marc
    Universitat Politecnica de Catalunya, ESP.
    Travassos, Guilherme
    Federal University of Rio de Janeiro, BRA.
    Carver, Jeffrey C.
    University of Alabama, USA.
    Zimmermann, Thomas
    Microsoft Corporation, USA.
    How do Practitioners Perceive the Relevance of Requirements Engineering Research?2022In: IEEE Transactions on Software Engineering, ISSN 0098-5589, E-ISSN 1939-3520, Vol. 48, no 6, p. 1947-1964Article in journal (Refereed)
    Abstract [en]

    Context: The relevance of Requirements Engineering (RE) research to practitioners is vital for a long-term dissemination of research results to everyday practice. Some authors have speculated about a mismatch between research and practice in the RE discipline. However, there is not much evidence to support or refute this perception. Objective: This paper presents the results of a study aimed at gathering evidence from practitioners about their perception of the relevance of RE research and at understanding the factors that influence that perception. Method: We conducted a questionnaire-based survey of industry practitioners with expertise in RE. The participants rated the perceived relevance of 435 scientific papers presented at five top RE-related conferences. Results: The 153 participants provided a total of 2,164 ratings. The practitioners rated RE research as essential or worthwhile in a majority of cases. However, the percentage of non-positive ratings is still higher than we would like. Among the factors that affect the perception of relevance are the paper?s links to industry, the research method used, and respondents? roles. The reasons for positive perceptions were primarily related to the relevance of the problem and the soundness of the solution, while the causes for negative perceptions were more varied. The respondents also provided suggestions for future research, including topics researchers have studied for decades, like elicitation or requirement quality criteria. Conclusions: The study is valuable for both researchers and practitioners. Researchers can use the reasons respondents gave for positive and negative perceptions and the suggested research topics to help make their research more appealing to practitioners and thus more prone to industry adoption. Practitioners can benefit from the overall view of contemporary RE research by learning about research topics that they may not be familiar with, and compare their perception with those of their colleagues to self-assess their positioning towards more academic research. IEEE

  • 16.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Qualicen GmbH, GER.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vogelsang, Andreas
    University of Cologne, GER.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Causality in requirements artifacts: prevalence, detection, and impact2023In: Requirements Engineering, ISSN 0947-3602, E-ISSN 1432-010X, Vol. 28, no 1, p. 49-74Article in journal (Refereed)
    Abstract [en]

    Causal relations in natural language (NL) requirements convey strong, semantic information. Automatically extracting such causal information enables multiple use cases, such as test case generation, but it also requires to reliably detect causal relations in the first place. Currently, this is still a cumbersome task as causality in NL requirements is still barely understood and, thus, barely detectable. In our empirically informed research, we aim at better understanding the notion of causality and supporting the automatic extraction of causal relations in NL requirements. In a first case study, we investigate 14.983 sentences from 53 requirements documents to understand the extent and form in which causality occurs. Second, we present and evaluate a tool-supported approach, called CiRA, for causality detection. We conclude with a second case study where we demonstrate the applicability of our tool and investigate the impact of causality on NL requirements. The first case study shows that causality constitutes around 28 % of all NL requirements sentences. We then demonstrate that our detection tool achieves a macro-F 1 score of 82 % on real-world data and that it outperforms related approaches with an average gain of 11.06 % in macro-Recall and 11.43 % in macro-Precision. Finally, our second case study corroborates the positive correlations of causality with features of NL requirements. The results strengthen our confidence in the eligibility of causal relations for downstream reuse, while our tool and publicly available data constitute a first step in the ongoing endeavors of utilizing causality in RE and beyond. © 2022, The Author(s).

    Download full text (pdf)
    fulltext
  • 17.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Spinola, Rodrigo
    Virginia Commonwealth University, Richmond, USA.
    Mandic, Vladimir
    University of Novi Sad, Serbia.
    Tausan, Nebojsa
    University of Novi Sad, Serbia.
    Ahmad, Ovais
    Karlstad University.
    Gonzalez-Huerta, Javier
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    An initial Theory to Understand and Manage Requirements Engineering Debt in Practice2023In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 159, article id 107201Article in journal (Refereed)
    Abstract [en]

    Context

    Advances in technical debt research demonstrate the benefits of applying the financial debt metaphor to support decision-making in software development activities. Although decision-making during requirements engineering has significant consequences, the debt metaphor in requirements engineering is inadequately explored.

    Objective

    We aim to conceptualize how the debt metaphor applies to requirements engineering by organizing concepts related to practitioners’ understanding and managing of requirements engineering debt (RED).

    Method

    We conducted two in-depth expert interviews to identify key requirements engineering debt concepts and construct a survey instrument. We surveyed 69 practitioners worldwide regarding their perception of the concepts and developed an initial analytical theory.

    Results

    We propose a RED theory that aligns key concepts from technical debt research but emphasizes the specific nature of requirements engineering. In particular, the theory consists of 23 falsifiable propositions derived from the literature, the interviews, and survey results.

    Conclusions

    The concepts of requirements engineering debt are perceived to be similar to their technical debt counterpart. Nevertheless, measuring and tracking requirements engineering debt are immature in practice. Our proposed theory serves as the first guide toward further research in this area.

    Download full text (pdf)
    IST22_RED
  • 18.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Junker, Maximilian
    Qualicen GmbH, DEU.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, DEU.
    Automatic Extraction of Cause-Effect-Relations from Requirements Artifacts2020In: Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, Institute of Electrical and Electronics Engineers Inc. , 2020, p. 561-572, article id 9286079Conference paper (Refereed)
    Abstract [en]

    Background: The detection and extraction of causality from natural language sentences have shown great potential in various fields of application. The field of requirements engineering is eligible for multiple reasons: (1) requirements artifacts are primarily written in natural language, (2) causal sentences convey essential context about the subject of requirements, and (3) extracted and formalized causality relations are usable for a (semi-)automatic translation into further artifacts, such as test cases. Objective: We aim at understanding the value of interactive causality extraction based on syntactic criteria for the context of requirements engineering. Method: We developed a prototype of a system for automatic causality extraction and evaluate it by applying it to a set of publicly available requirements artifacts, determining whether the automatic extraction reduces the manual effort of requirements formalization. Result: During the evaluation we analyzed 4457 natural language sentences from 18 requirements documents, 558 of which were causal (12.52%). The best evaluation of a requirements document provided an automatic extraction of 48.57% cause-effect graphs on average, which demonstrates the feasibility of the approach. Limitation: The feasibility of the approach has been proven in theory but lacks exploration of being scaled up for practical use. Evaluating the applicability of the automatic causality extraction for a requirements engineer is left for future research. Conclusion: A syntactic approach for causality extraction is viable for the context of requirements engineering and can aid a pipeline towards an automatic generation of further artifacts from requirements artifacts. © 2020 ACM.

    Download full text (pdf)
    fulltext
  • 19.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Lloyd, Montgomery
    Universität Hamburg, DEU.
    Jannik, Fischbach
    Netlight GmbH / fortiss GmbH, DEU.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    A Live Extensible Ontology of Quality Factors for Textual Requirements2022In: Proceedings of the IEEE International Conference on Requirements Engineering / [ed] Knauss E., Mussbacher G., Arora C., Bano M., Schneider, IEEE, 2022, p. 274-280Conference paper (Refereed)
    Abstract [en]

    Quality factors like passive voice or sentence length are commonly used in research and practice to evaluate the quality of natural language requirements since they indicate defects in requirements artifacts that potentially propagate to later stages in the development life cycle. However, as a research community, we still lack a holistic perspective on quality factors. This inhibits not only a comprehensive understanding of the existing body of knowledge but also the effective use and evolution of these factors. To this end, we propose an ontology of quality factors for textual requirements, which includes (1) a structure framing quality factors and related elements and (2) a central repository and web interface making these factors publicly accessible and usable. We contribute the first version of both by applying a rigorous ontology development method to 105 eligible primary studies and construct a first version of the repository and interface. We illustrate the usability of the ontology and invite fellow researchers to a joint community effort to complete and maintain this knowledge repository. We envision our ontology to reflect the community's harmonized perception of requirements quality factors, guide reporting of new quality factors, and provide central access to the current body of knowledge.

    Download full text (pdf)
    fulltext
  • 20.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Montgomery, Lloyd
    Universität Hamburg, DEU.
    Fischbach, Jannik
    Qualicen GmbH, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Requirements Quality Research: a harmonized Theory, Evaluation, and RoadmapManuscript (preprint) (Other academic)
    Abstract [en]

    High-quality requirements minimize the risk of propagating defects to later stages of the software development life-cycle. Achieving a sufficient level of quality is a major goal of requirements engineering. This requires a clear definition and understanding of requirements quality. Though recent publications make an effort at disentangling the complex concept of quality, the requirements quality research community lacks identity and clear structure which guides advances and puts new findings into an holistic perspective. In this research commentary we contribute(1) a harmonized requirements quality theory organizing its core concepts, (2) an evaluation of the current state of requirements quality research, and (3) a research roadmap to guide advancements in the field.

  • 21.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Montgomery, Lloyd
    University of Hamburg, Germany.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Requirements quality research: a harmonized theory, evaluation, and roadmap2023In: Requirements Engineering, ISSN 0947-3602, E-ISSN 1432-010X, Vol. 28, no 4, p. 507-520Article in journal (Refereed)
    Abstract [en]

    High-quality requirements minimize the risk of propagating defects to later stages of the software development life cycle. Achieving a sufficient level of quality is a major goal of requirements engineering. This requires a clear definition and understanding of requirements quality. Though recent publications make an effort at disentangling the complex concept of quality, the requirements quality research community lacks identity and clear structure which guides advances and puts new findings into an holistic perspective. In this research commentary, we contribute (1) a harmonized requirements quality theory organizing its core concepts, (2) an evaluation of the current state of requirements quality research, and (3) a research roadmap to guide advancements in the field. We show that requirements quality research focuses on normative rules and mostly fails to connect requirements quality to its impact on subsequent software development activities, impeding the relevance of the research. Adherence to the proposed requirements quality theory and following the outlined roadmap will be a step toward amending this gap. © 2023, The Author(s).

    Download full text (pdf)
    fulltext
  • 22.
    Frattini, Julian
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Montgomery, Lloyd
    University of Hamburg, Germany.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fischbach, Jannik
    Netlight Consulting GmbH, Germany.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Let’s Stop Building at the Feet of Giants: Recovering unavailable Requirements Quality Artifacts2023In: CEUR Workshop Proceedings / [ed] Ferrari A., Penzenstadler B., Penzenstadler B., Hadar I., Oyedeji S., Abualhaija S., Vogelsang A., Deshpande G., Rachmann A., Gulden J., Wohlgemuth A., Hess A., Fricker S., Guizzardi R., Horkoff J., Perini A., Susi A., Karras O., Dalpiaz F., Moreira A., Amyot D., Spoletini P., CEUR-WS , 2023, Vol. 3378Conference paper (Refereed)
    Abstract [en]

    Requirements quality literature abounds with publications presenting artifacts, such as data sets and tools. However, recent systematic studies show that more than 80% of these artifacts have become unavailable or were never made public, limiting reproducibility and reusability. In this work, we report on an attempt to recover those artifacts. To that end, we requested corresponding authors of unavailable artifacts to recover and disclose them according to open science principles. Our results, based on 19 answers from 35 authors (54% response rate), include an assessment of the availability of requirements quality artifacts and a breakdown of authors’ reasons for their continued unavailability. Overall, we improved the availability of seven data sets and seven implementations. © 2023 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).

    Download full text (pdf)
    fulltext
  • 23.
    Gasiba, Tiago Espinha
    et al.
    Siemens AG, DEU.
    Lechner, Ulrike
    Universität der Bundeswehr München, DEU.
    Pinto-Albuquerque, Maria
    Instituto Universitário de Lisboa (ISCTE-IUL), PRT.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Awareness of secure coding guidelines in the industry - A first data analysis2020In: Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 / [ed] Wang G.,Ko R.,Bhuiyan M.Z.A.,Pan Y., Institute of Electrical and Electronics Engineers Inc. , 2020, p. 345-352Conference paper (Refereed)
    Abstract [en]

    Software needs to be secure, in particular, when deployed to critical infrastructures. Secure coding guidelines capture practices in industrial software engineering to ensure the security of code. This study aims to assess the level of awareness of secure coding in industrial software engineering, the skills of software developers to spot weaknesses in software code, avoid them, and the organizational support to adhere to coding guidelines. The approach draws on well-established theories of policy compliance, neutralization theory, and security-related stress and the authors' many years of experience in industrial software engineering and on lessons identified from training secure coding in the industry. The paper presents the questionnaire design for the online survey and the first analysis of data from the pilot study. © 2020 IEEE.

  • 24.
    Gasiba, Tiago Espinha
    et al.
    Siemens AG, DEU.
    Lechner, Ulrike
    Univ Bundeswehr Munchen, DEU.
    Pinto-Albuquerque, Maria
    Inst Univ Lisboa ISCTE IUL, PRT.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Is Secure Coding Education in the Industry Needed?: An Investigation Through a Large Scale Survey2021In: 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), IEEE COMPUTER SOC , 2021, p. 241-252Conference paper (Refereed)
    Abstract [en]

    The Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380 million USD in industrial control systems alone. Since software developers write software, they also introduce these vulnerabilities into the source code. However, secure coding guidelines exist to prevent software developers from writing vulnerable code. This study focuses on the human factor, the software developer, and secure coding, in particular secure coding guidelines. We want to understand the software developersi awareness and compliance to secure coding guidelines and why, if at all, they arenit compliant or aware. We base our results on a large-scale survey on secure coding guidelines, with more than 190 industrial software developers. Our workis main contribution motivates the need to educate industrial software developers on secure coding guidelines, and it gives a list of fifteen actionable items to be used by practitioners in the industry. We also make our raw data openly available for further research.

  • 25.
    Gorschek, Tony
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Solving Problems or Enabling Problem-Solving?: from Purity in Empirical Software Engineering to Effective Co-production (Invited Keynote)2021In: Software Quality: Future Perspectives on Software Engineering Quality / [ed] Winkler D., Biffl S., Mendez D., Wimmer M., Bergsmann J., Springer Science and Business Media Deutschland GmbH , 2021, p. 109-116Conference paper (Refereed)
    Abstract [en]

    Studying and collaborating with any software-intensive organization demands for excellence in empirical software engineering research. The ever-growing complexity and context-dependency of software products, however, demands for more pragmatic and solution-focused research. This is a great opportunity but it also conflicts with the traditional quest for “purity” in research and a very narrow focus of the work. In this short positioning, we elaborate on challenges which emerge from academia-industry collaborations and discuss touch upon pragmatic ways of approaching them along the co-production model which emerged from SERL Sweden. © 2021, Springer Nature Switzerland AG.

  • 26.
    Hehn, Jennifer
    et al.
    Bern University of Applied Sciences, CHE.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Combining Design Thinking and Software Requirements Engineering to Create Human-Centered Software-Intensive Systems2022In: Design Thinking for Software Engineering: Creating Human-oriented Software-intensive Products and Services / [ed] Jennifer Hehn, Daniel Mendez, Walter Brenner, Manfred Broy, Springer, 2022, p. 11-60Chapter in book (Refereed)
    Abstract [en]

    Effective Requirements Engineering is a crucial activity in software-intensive development projects. The human-centric working mode of Design Thinking is considered a powerful way to complement such activities when designing innovative systems. Research has already made great strides to illustrate the benefits of using Design Thinking for Requirements Engineering. However, it has remained mostly unclear how to actually realize a combination of both. In this chapter, we contribute an artifact-based model that integrates Design Thinking and Requirements Engineering for innovative software-intensive systems. Drawing from our research and project experiences, we suggest three strategies for tailoring and integrating Design Thinking and Requirements Engineering with complementary synergies.

  • 27.
    Hehn, Jennifer
    et al.
    Bern University of Applied Sciences, Switzerland.
    Mendez, DanielBlekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.Brenner, WalterUniversity of St. Gallen, Switzerland.Broy, ManfredTechnical University of Munich, Germany.
    Design Thinking for Software Engineering: Creating Human-oriented Software-intensive Products and Service2022Collection (editor) (Other academic)
    Abstract [en]

    Provides guidance to apply design thinking to design innovative software-intensive systemsOffers a comprehensive view on complementary methods and tools for design thinking and software engineeringIncludes essays from prominent academics and experienced practitioners

  • 28.
    Hehn, Jennifer
    et al.
    University of St. Gallen, CHF.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Uebernickel, Falk
    Hasso Plattner Institute, DEU.
    Brenner, Walter
    Universität St. Gallen, CHF.
    Broy, Manfred
    Technical University of Munich, DEU.
    On Integrating Design Thinking for a Human-Centered Requirements Engineering2020In: IEEE Software, ISSN 0740-7459, E-ISSN 1937-4194, Vol. 37, no 2, p. 25-31Article in journal (Refereed)
    Abstract [en]

    In this position paper, we elaborate on the possibilities and needs to integrate Design Thinking into Requirements Engineering. We draw from our research and project experiences to compare what is understood as Design Thinking and Requirements Engineering considering their involved artifacts. We suggest three approaches for tailoring and integrating Design Thinking and Requirements Engineering with complementary synergies and point at open challenges for research and practice. IEEE

  • 29.
    Hoffmann, Marco
    et al.
    QualityMinds GmbH, Germany.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fagerholm, Fabian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Luckhardt, Anton
    The Technical University of Munich (TUM), Germany.
    The human side of Software Engineering Teams: an investigation of contemporary challenges2023In: IEEE Transactions on Software Engineering, ISSN 0098-5589, E-ISSN 1939-3520, Vol. 49, no 1, p. 211-225Article in journal (Refereed)
    Abstract [en]

    There have been numerous recent calls for research on the human side of software engineering and its impact on project success. An analysis of which challenges in software engineering teams are most relevant and frequent is still missing. As teams are more international, it is more frequent that their members have different personal values as well as different communication habits. Additionally, virtual team setups (working geographically separated, remote communication using digital tools and frequently changing team members) are increasingly prevalent. We designed a survey instrument and asked respondents to assess the frequency and criticality of a set of challenges, both within teams as well as between teams and clients. For the team challenges, we asked if mitigation measures were already in place to tackle the challenge. Respondents were also asked to provide information about their team setup. The survey included an instrument to measure Schwartz human values. The survey was first piloted and then distributed to professionals working in software engineering teams. In this article, we report on the results obtained from 192 survey respondents. We present a set of challenges that takes the survey feedback into account and introduce two categories of challenges; inter-personal and intra-personal. We found no evidence for links between personality values and challenges. We found some significant links between the number of distinct nationalities in a team and certain challenges. We found evidence that a higher degree of virtualization leads to an increase of the frequency of some human challenges. We present a set of human challenges in software engineering that can be used for further research on causes and mitigation measures, which serves as our starting point for a theory about causes of contemporary human challenges in software engineering teams. Our findings warrants further research on human challenges in software engineering and gather more evidence and test countermeasures, such as whether the employment of virtual reality software incorporating facial expressions and movements can help establish a less detached way of communication. IEEE

  • 30.
    Iqbal, Tahira
    et al.
    Fortiss GmbH, DEU.
    Seyff, Norbert
    Fachhochschule Nordwestschweiz FHNW, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Generating requirements out of thin air: Towards automated feature identification for new apps2019In: Proceedings - 2019 IEEE 27th International Requirements Engineering Conference Workshops, REW 2019, Institute of Electrical and Electronics Engineers Inc. , 2019, p. 193-199, article id 8933543Conference paper (Refereed)
    Abstract [en]

    App store mining has proven to be a promising technique for requirements elicitation as companies can gain valuable knowledge to maintain and evolve existing apps. However, despite first advancements in using mining techniques for requirements elicitation, little is yet known how to distill requirements for new apps based on existing (similar) solutions and how exactly practitioners would benefit from such a technique. In the proposed work, we focus on exploring information (e.g. app store data) provided by the crowd about existing solutions to identify key features of applications in a particular domain. We argue that these discovered features and other related influential aspects (e.g. ratings) can help practitioners(e.g. software developer) to identify potential key features for new applications. To support this argument, we first conducted an interview study with practitioners to understand the extent to which such an approach would find champions in practice. In this paper, we present the first results of our ongoing research in the context of a larger road-map. Our interview study confirms that practitioners see the need for our envisioned approach. Furthermore, we present an early conceptual solution to discuss the feasibility of our approach. However, this manuscript is also intended to foster discussions on the extent to which machine learning can and should be applied to elicit automated requirements on crowd generated data on different forums and to identify further collaborations in this endeavor. © 2019 IEEE.

  • 31.
    Klymenko, Oleksandra
    et al.
    Technical University of Munich, DEU.
    Kosenkov, Oleksandr
    Fortiss GmbH, DEU.
    Meisenbacher, Stephen
    Technical University of Munich, DEU.
    Elahidoost, Parisa
    Fortiss GmbH, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Matthes, Florian
    Fortiss GmbH, DEU.
    Understanding the Implementation of Technical Measures in the Process of Data Privacy Compliance: A Qualitative Study2022In: ESEM '22: Proceedings of the 16th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement / [ed] Madeiral F., Lassenius C., Conte T., Mannisto T., IEEE Computer Society, 2022, p. 261-271Conference paper (Refereed)
    Abstract [en]

    Background: Modern privacy regulations, such as the General Data Protection Regulation (GDPR), address privacy in software systems in a technologically agnostic way by mentioning general "technical measures"for data privacy compliance rather than dictating how these should be implemented. An understanding of the concept of technical measures and how exactly these can be handled in practice, however, is not trivial due to its interdisciplinary nature and the necessary technical-legal interactions. Aims: We aim to investigate how the concept of technical measures for data privacy compliance is understood in practice as well as the technical-legal interaction intrinsic to the process of implementing those technical measures. Methods: We follow a research design that is 1) exploratory in nature, 2) qualitative, and 3) interview-based, with 16 selected privacy professionals in the technical and legal domains. Results: Our results suggest that there is no clear mutual understanding and commonly accepted approach to handling technical measures. Both technical and legal roles are involved in the implementation of such measures. While they still often operate in separate spheres, a predominant opinion amongst the interviewees is to promote more interdisciplinary collaboration. Conclusions: Our empirical findings confirm the need for better interaction between legal and engineering teams when implementing technical measures for data privacy. We posit that interdisciplinary collaboration is paramount to a more complete understanding of technical measures, which currently lacks a mutually accepted notion. Yet, as strongly suggested by our results, there is still a lack of systematic approaches to such interaction. Therefore, the results strengthen our confidence in the need for further investigations into the technical-legal dynamic of data privacy compliance. © 2022 Association for Computing Machinery.

  • 32.
    Kosenkov, Oleksandr
    et al.
    Fortiss GmbH, DEU.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Vision for an artefact-based approach to regulatory requirements engineering2021In: International Symposium on Empirical Software Engineering and Measurement, IEEE Computer Society , 2021, p. 1-6, article id 36Conference paper (Refereed)
    Abstract [en]

    Background: Nowadays, regulatory requirements engineering (regulatory RE) faces challenges of interdisciplinary nature that cannot be tackled due to existing research gaps. Aims: We envision an approach to solve some of the challenges related to the nature and complexity of regulatory requirements, the necessity for domain knowledge, and the involvement of legal experts in regulatory RE. Method:We suggest the qualitative analysis of regulatory texts combined with the further case study to develop an empirical foundation for our research. Results: We outline our vision for the application of extended artefact-based modeling for regulatory RE. Conclusions: Empirical methodology is an essential instrument to address interdisciplinarity and complexity in regulatory RE. Artefact-based modeling supported by empirical results can solve a particular set of problems while not limiting the application of other methods and tools and facilitating the interaction between different fields of practice and research. © 2021 IEEE Computer Society. All rights reserved.

  • 33.
    Lenarduzzi, Valentina
    et al.
    Lut University, FIN.
    Fucci, Davide
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    On the perceived harmfulness of requirement smells: An empirical study2020In: CEUR Workshop Proceedings / [ed] Sabetzadeh M.,Vogelsang A.,Abualhaija S.,Borg M.,Dalpiaz F.,Daneva M.,Fernandez N.C.,Franch X.,Fucci D.,Gervasi V.,Groen E.,Guizzardi R.,Herrmann A.,Horkoff J.,Mich L.,Perini A.,Susi A., CEUR-WS , 2020, Vol. 2584Conference paper (Refereed)
    Abstract [en]

    Technical debt is considered to have negative effects to the long term success of software projects. However, how the debt metaphor applies to requirements engineering is yet not significantly explored. Previ- ously, we proposed a framework to identify Requirements Debt (ReD) in three stages of the software development lifecycle. One of these stages is the formalization of stakeholder needs into natural language requirement specifications. In this work, we propose a live study aiming at surveying requirements engineering experts to gain further insights on the issues taking place at this stage and how they fit in our definition of ReD. Copyright © 2020 for this paper by its authors.

    Download full text (pdf)
    On the perceived harmfulness of requirement smells: An empirical study
  • 34.
    Mendez, Daniel
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Graziotin, Daniel
    University of Stuttgart, GER.
    Seibold, Heidi
    Ludwig-Maximilians-University Munich, GER.
    Open Science in Software Engineering2020In: Contemporary Empirical Methods in Software Engineering / [ed] Michael Felderer, Guilherme Horta Travassos, Springer, 2020, p. 477-501Chapter in book (Refereed)
    Abstract [en]

    Open science describes the movement of making any research artifact available to the public and includes, but is not limited to, open access, open data, and open source. While open science is becoming generally accepted as a norm in other scientific disciplines, in software engineering, we are still struggling in adapting open science to the particularities of our discipline, rendering progress in our scientific community cumbersome. In this chapter, we reflect upon the essentials in open science for software engineering including what open science is, why we should engage in it, and how we should do it. We particularly draw from our experiences made as conference chairs implementing open science initiatives and as researchers actively engaging in open science to critically discuss challenges and pitfalls and to address more advanced topics such as how and under which conditions to share preprints, what infrastructure and licence model to cover, or how do it within the limitations of different reviewing models, such as double-blind reviewing. Our hope is to help establishing a common ground and to contribute to make open science a norm also in software engineering.

    Download full text (pdf)
    fulltext
  • 35.
    Mendez, Daniel
    et al.
    Technical University of Munich, Germany.
    Monperrus, Martin
    KTH Royal Institute of Technology.
    Feldt, Robert
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Zimmermann, Thomas
    Microsoft Research, United States.
    The open science initiative of the Empirical Software Engineering journal2019In: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 24, no 3, p. 1057-1060Article in journal (Refereed)
  • 36.
    Moyon, Fabiola
    et al.
    Technical University of Munich (TUM) and Siemens CT, DEU.
    Almeida, Pamela
    Universidad San Francisco de Quito (USFQ), ECU.
    Riofrio, Daniel
    Universidad San Francisco de Quito (USFQ), ECU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Kalinowski, Marcos
    Pontifical Catholic University of Rio de Janeiro, BRA.
    Security Compliance in Agile Software Development: A Systematic Mapping Study2020In: Proceedings - 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020 / [ed] Martini A.,Wimmer M.,Skavhaug A., Institute of Electrical and Electronics Engineers Inc. , 2020, p. 413-420, article id 9226365Conference paper (Refereed)
    Abstract [en]

    Companies adopting agile development tend to face challenges in complying with security norms. Existing research either focuses on how to integrate security into agile methods or on discussing compliance issues of agile methods but independently of the regulation type, in particular of security standards. A comprehensive overview of this scattered field is still missing and we know little about how to achieve security compliance in agile software development. Existing secondary studies (mapping studies and literature reviews) analyze publications on secure agile development, but they do not analyze implications of security standard compliance, e.g., integration of specific standard requirements or compliance assessments. To close this gap, we report on a systematic mapping study. Starting with a set of 2,383 papers, our work distills 11 relevant publications addressing security compliance in agile software development. With this study, we contribute by describing the maturity of the field, as well as domains where security compliant agile software engineering was investigated. Moreover, we make explicit which phases of a secure development process are covered by the field and which agile principles are analyzed when aiming at compliance with international security standards, country-specific security regulations, industry-specific security standards, and other well-known security frameworks. © 2020 IEEE.

  • 37.
    Moyón, Fabiola
    et al.
    Siemens AG, DEU.
    Bayr, Christoph
    Technical University of Munich, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Dännart, Sebastian
    Infodas GmbH, DEU.
    Beckers, Kristian
    Siemens AG, DEU.
    A Light-Weight Tool for the Self-assessment of Security Compliance in Software Development: An Industry Case2020In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Chatzigeorgiou A.,Dondi R.,Herodotou H.,Kapoutsis C.,Manolopoulos Y.,Papadopoulos G.A.,Sikora F., Springer , 2020, p. 403-416Conference paper (Refereed)
    Abstract [en]

    Companies are often challenged to modify and improve their software development processes in order to make them compliant with security standards. The complexity of these processes renders it difficult for practitioners to validate and foresee the effort required for compliance assessments. Further, performing gap analyses when processes are not yet mature enough is costly and involving auditors in early stages is, in our experience, often inefficient. An easier and more productive approach is conducting a self-assessment. However, practitioners, in particular developers, quality engineers, and product owners face difficulties to identify security-relevant process artifacts as required by standards. They would benefit from a proper and light-weight tool to perform early compliance assessments of their processes w.r.t. security standards before entering an in-depth audit. In this paper, we report on our current effort at Siemens Corporate Technology to develop such a light-weight assessment tool to assess the security compliance of software development processes with the IEC 62443-4-1 standard, and we discuss first results from an interview-based evaluation. © 2020, Springer Nature Switzerland AG.

  • 38.
    Moyón, Fabiola
    et al.
    Technical University of Munich and Siemens, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, DEU.
    Beckers, Kristian
    Social Engineering Academy, DEU.
    Klepper, Sebastian
    Technical University of Munich, DEU.
    How to Integrate Security Compliance Requirements with Agile Software Engineering at Scale?2020In: Lecture Notes in Computer Science / [ed] Morisio M.,Torchiano M.,Jedlitschka A., Springer Science+Business Media B.V., 2020, Vol. 12562, p. 69-87Conference paper (Refereed)
    Abstract [en]

    Integrating security into agile software development is an open issue for research and practice. Especially in strongly regulated industries, complexity increases not only when scaling agile practices but also when aiming for compliance with security standards. To achieve security compliance in a large-scale agile context, we developed S2C-SAFe: An extension of the Scaled Agile Framework that is compliant to the security standard IEC 62443-4-1 for secure product development. In this paper, we present the framework and its evaluation by agile and security experts within Siemens’ large-scale project ecosystem. We discuss benefits and limitations as well as challenges from a practitioners’ perspective. Our results indicate that S2C-SAFe contributes to successfully integrating security compliance with lean and agile development in regulated environments. We also hope to raise awareness for the importance and challenges of integrating security in the scope of Continuous Software Engineering. © 2020, Springer Nature Switzerland AG.

    Download full text (pdf)
    fulltext
  • 39.
    Moyón, Fabiola
    et al.
    Siemens Technology, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Beckers, Kristian
    Social Engineering Academy, DEU.
    Klepper, Sebastian
    Technical University Munich TUM, DEU.
    Using Process Models to Understand Security Standards2021In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Science and Business Media Deutschland GmbH , 2021, Vol. 12607, p. 458-471Conference paper (Refereed)
    Abstract [en]

    Many industrial software development processes today have to comply with security standards such as the IEC 62443-4-1. These standards, written in natural language, are ambiguous and complex to understand. This is especially true for non-security experts. Security practitioners thus invest much effort into comprehending standards and, later, into introducing them to development teams. However, our experience in the industry shows that development practitioners might very well also read such standards, but nevertheless end up inviting experts for interpretation (or confirmation). Such a scenario is not in tune with current trends and needs of increasing velocity in continuous software engineering. In this paper, we propose a tool-supported approach to make security standards more precise and easier to understand for both non-security as well as security experts by applying process models. This approach emerges from a large industrial company and encompasses so far the IEC 62443-4–1 standard. We further present a case study with 16 industry practitioners showing how the approach improves communication between development and security compliance practitioners. © 2021, Springer Nature Switzerland AG.

  • 40.
    Moyón, Fabiola
    et al.
    Siemens CT and Technical University of Munich, DEU.
    Soares, Rafael Iankowski
    Instituto Universitário de Lisboa (ISCTE-IUL), PRT.
    Pinto-Albuquerque, Maria
    Instituto Universitário de Lisboa (ISCTE-IUL), PRT.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, DEU.
    Beckers, Kristian
    Social Engineering Academy, DEU.
    Integration of Security Standards in DevOps Pipelines: An Industry Case Study2020In: Lecture Notes in Computer Science / [ed] Morisio M.,Torchiano M.,Jedlitschka A., Springer Science+Business Media B.V., 2020, Vol. 12562, p. 434-452Conference paper (Refereed)
    Abstract [en]

    In the last decade, companies adopted DevOps as a fast path to deliver software products according to customer expectations, with well aligned teams and in continuous cycles. As a basic practice, DevOps relies on pipelines that simulate factory swim-lanes. The more automation in the pipeline, the shorter a lead time is supposed to be. However, applying DevOps is challenging, particularly for industrial control systems (ICS) that support critical infrastructures and that must obey to rigorous requirements from security regulations and standards. Current research on security compliant DevOps presents open gaps for this particular domain and in general for systematic application of security standards. In this paper, we present a systematic approach to integrate standard-based security activities into DevOps pipelines and highlight their automation potential. Our intention is to share our experiences and help practitioners to overcome the trade-off between adding security activities into the development process and keeping a short lead time. We conducted an evaluation of our approach at a large industrial company considering the IEC 62443-4-1 security standard that regulates ICS. The results strengthen our confidence in the usefulness of our approach and artefacts, and in that they can support practitioners to achieve security compliance while preserving agility including short lead times. © 2020, Springer Nature Switzerland AG.

  • 41.
    Ouriques, Raquel
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fagerholm, Fabian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. Aalto University, Finland.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. Fortiss, Germany.
    Bern, Baldvin Gislason
    Axis Communications.
    An investigation of causes and effects of trust in Boundary Artefacts2023In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 158, article id 107170Article in journal (Refereed)
    Abstract [en]

    Context: Boundary Artefacts (BAs) support software development activities in many aspects because it carries lots of information in the same object that can be used and interpreted by several social groups within an organisation. When the BAs are inconsistent regarding their content, such as many meanings or lack of contextual information, their efficiency is reduced because stakeholders will not trust them. Objective: This study aimed to understand the implications of differences in the perception of trust on software projects and their influence on stakeholders' behaviour. Methods: We conducted an exploratory case study to observe the creation and utilisation of one specific BA and the implications of differences in trust and their influence on stakeholders' behaviour. Results : Our investigation has shown that practitioners adding and adjusting existing content do not entirely understand the stakeholders' needs. Together with the partial management of the content, trust is impacted. When the content of BAs does not meet the trust factors, specifically reliability and predictability, the stakeholders cannot execute their tasks appropriately, and several implications affect the software development project. Additionally, they create workarounds to supply their needs. Conclusion: The differences in trust in BAs affect software projects in different areas of the organisation and interfere with the task execution of various stakeholders. The decrease in trust results from inconsistencies in the content associated with the lack of management of the BA. A structured strategy for representing and managing a BA's content seems appropriate to increase trust levels and efficiency.

    Download full text (pdf)
    fulltext
  • 42.
    Ouriques, Raquel
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fagerholm, Fabian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gislason Bern, Baldvin
    Axis Communications.
    Preliminary Guideline for Creating Boundary Artefacts in Software EngineeringManuscript (preprint) (Other academic)
    Abstract [en]

    Context: Software development benefits from having Boundary Artefacts (BAs),as a single artefact can supply stakeholders with different boundaries, facilitatingcollaboration among social worlds. When those artefacts display inconsistencies,such as incorrect information, the practitioners have decreased trust in the BA. Astrust is an essential factor guiding the utilisation of BAs in software projects, it isnecessary to understand which principles should be observed when creating them.

    Objective: This study aimed at develop and validate a preliminary guidelinesupport the creation of trustworthy BAs.

    Method: We followed a multi-step approach. We developed our guideline througha literature review and previous results from our case study. Second, we submittedthe guideline for an expert evaluation via two workshops and a survey. At last, weadjusted our guideline by incorporating the feedback obtained during the workshops.

    Results: We grouped the principles collected from a literature review into threecategories. The first category (Scope) focuses on the scope, displaying principlesreferring to defining each boundary’s target audience, needs, and terminology. Thesecond category (Structure) relates to how the artefact’s content is structured tomeet stakeholders’ needs. The third (Management) refers to principles that canguide the establishment of practices to manage the artefact throughout time. Theexpert validation revealed that the principles contribute to creating trustworthy BAsat different levels. Also, the relevance of the guideline and its usefulness.

    Conclusions: The guideline strengthen BA traits such as shared understanding,plasticity and ability to transfer. Practitioners can utilise the guideline to guide thecreation or even evaluate current practices for existing BAs

  • 43.
    Ouriques, Raquel
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Fagerholm, Fabian
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Connecting the Dots of Knowledge in Agile Software DevelopmentManuscript (preprint) (Other academic)
    Abstract [en]

    This article discusses the importance of managing knowledge as a resource due to its great potential to create economic value. We detail the types of knowledge resources, the challenges associated with their management, and potential solutions to maximise their utility. Our contribution is based on empirical studies performed in an industry context. 

  • 44.
    Prechelt, Lutz
    et al.
    Freie Universität Berlin, DEU.
    Graziotin, Daniel
    University of Stuttgart, Stuttgart, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Double-blind is good but open would be better: Perceptions of peer review in the SE community2020In: Software Engineering Notes: an Informal Newsletter of The Specia, ISSN 0163-5948, E-ISSN 1943-5843, Vol. 45, no 3, p. 16-16Article in journal (Refereed)
    Abstract [en]

    Peer review in software engineering is considered, same as for other disciplines, to be a key element of the research process, yet it is often perceived as not to work fully well. To understand the pains and gains in the peer review system, we ran a survey with open and closed questions with the authors and PC members of ICSE 2014/2015/2016. We received 241 responses (29% response rate). 67% of the respondents identified themselves as professors. We analyzed the responses quantitatively and qualitatively (with open coding). All questions were optional. Agreement scales had 10 points, so mild levels of agreement could be expressed but there was no undecided middle point. The resulting article appeared in Information and Software Technology in 2018 [1] and we also disclosed the anonymized data set [2].

  • 45.
    Sjöberg, Peter
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. Volvo Construction Equipment, Västerås, Sweden.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Gorschek, Tony
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Contemporary Challenges when Developing Cyber-Physical Systems of Systems - A Case Study2023In: Proceedings - 2023 IEEE/ACM 11th International Workshop on Software Engineering for Systems-of-Systems and Software Ecosystems, SESoS 2023, Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 46-53Conference paper (Refereed)
    Abstract [en]

    Digitalization has created service business opportunities for machine manufacturing companies. But creating these cyber-physical systems of systems effectively constitutes a critical measure of success in practice. At the same time, the body of knowledge in software engineering provides little guidance on how to manage this evolution. To contribute to closing this gap in the long run via problem-driven research, we need to first understand which contemporary challenges and needs are encountered in industry. To this end, we conducted a series of semi-structured interviews at a machine manufacturing company, that is expanding its service offerings utilizing digitalization, where we explored how such systems are engineered and what challenges and needs are encountered. © 2023 IEEE.

    Download full text (pdf)
    fulltext
  • 46.
    Stray, Viktoria
    et al.
    University of Oslo, NOR.
    Hoda, Rashina
    Monash University, AUS.
    Paasivaara, Maria
    LUT University, FIN.
    Lenarduzzi, Valentina
    University of Oulu, FIN.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Theories in Agile Software Development: Past, Present, and Future Introduction to the XP 2020 Special Section2022In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 152, article id 107058Article in journal (Refereed)
    Abstract [en]

    Over the last two decades, agile software development has gained popularity among software engineering researchers and practitioners. However, the development and use of theories in agile research remain relatively low. While analyzing publications on agile software development in the Scopus database from the last decade, we found that only 7% of the papers used or developed a theory. This trend seems stable. However, it is promising that most theory-centric studies use or propose theories to address cognitive and behavioral aspects of people working in agile development. We argue that these aspects build fundamental pillars in agile software development. In this special section, we introduce extended versions of four papers selected from the XP2020 Conference. These papers make valuable contributions to aspects of learning and behavior in agile software development. We encourage researchers to be more theory-centric in their future empirical studies of agile methods and practices by familiarizing themselves with existing theories and applying and developing theories. This way, they can contribute to a reliable, evidence-based body of knowledge in our community. © 2022

  • 47.
    Uebernickel, Falk
    et al.
    Institute University of Potsdam, DEU.
    Plattner, Hasso
    Institute University of Potsdam, DEU.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Wiesche, Manuel
    TU Dortmund, DEU.
    Söllner, Matthias
    University of Kassel, DEU.
    Human-centered design for digital innovations2021In: Proceedings of the Annual Hawaii International Conference on System Sciences, IEEE Computer Society , 2021, Vol. 2020-JanuaryConference paper (Other academic)
    Download full text (pdf)
    fulltext
  • 48.
    Usman, Muhammad
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Felderer, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. University of Innsbruck, AUT.
    Unterkalmsteiner, Michael
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Klotins, Eriks
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, DEU.
    Alégroth, Emil
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    Compliance Requirements in Large-Scale Software Development: An Industrial Case Study2020In: Lecture Notes in Computer Science / [ed] Morisio M.,Torchiano M.,Jedlitschka A., Springer-Verlag Tokyo Inc., 2020, Vol. 12562, p. 385-401Conference paper (Refereed)
    Abstract [en]

    Regulatory compliance is a well-studied area, including research on how to model, check, analyse, enact, and verify compliance of software. However, while the theoretical body of knowledge is vast, empirical evidence on challenges with regulatory compliance, as faced by industrial practitioners particularly in the Software Engineering domain, is still lacking. In this paper, we report on an industrial case study which aims at providing insights into common practices and challenges with checking and analysing regulatory compliance, and we discuss our insights in direct relation to the state of reported evidence. Our study is performed at Ericsson AB, a large telecommunications company, which must comply to both locally and internationally governing regulatory entities and standards such as GDPR. The main contributions of this work are empirical evidence on challenges experienced by Ericsson that complement the existing body of knowledge on regulatory compliance. © 2020, Springer Nature Switzerland AG.

    Download full text (pdf)
    fulltext
  • 49.
    Villamizar, Hugo
    et al.
    Pontifical Catholic University of Rio de Janeiro, BRA.
    Anderlin Neto, Amadeu
    Pontifical Catholic University of Rio de Janeiro, BRA.
    Kalinowski, M.
    Pontifical Catholic University of Rio de Janeiro, BRA.
    Garcia, Alessandro Fabricio
    Pontifical Catholic University of Rio de Janeiro, BRA.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    An approach for reviewing security-related aspects in agile requirements specifications of web applications2019In: International Requirements Engineering Conference / [ed] Damian, D; Perini, A; Lee, SW, IEEE Computer Society , 2019, p. 86-97Conference paper (Refereed)
    Abstract [en]

    Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them result in overall project failure due to incorrect or missing quality characteristics such as security. There are several concerns that make security difficult to deal with; for instance, (1) when stakeholders discuss general requirements in meetings, they are often unaware that they should also discuss security-related topics, and (2) they typically do not have enough expertise in security. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically involved. The goal of this paper is to design and evaluate an approach for reviewing security-related aspects in agile requirements specifications of web applications. The approach considers user stories and security specifications as input and relates those user stories to security properties via Natural Language Processing. Based on the related security properties, our approach then identifies high-level security requirements from the Open Web Application Security Project to be verified and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via two controlled experiment trials. We compare the effectiveness and efficiency of novice inspectors verifying security aspects in agile requirements using our approach against using the complete list of high-level security requirements. The (statistically significant) results indicate that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency. © 2019 IEEE.

  • 50.
    Villamizar, Hugo
    et al.
    Pontifical Catholic University of Rio de Janeiro, BRA.
    Kalinowski, Marcos
    Pontifical Catholic University of Rio de Janeiro, BRA.
    Garcia, Alessandro F.
    Pontifical Catholic University of Rio de Janeiro, BRA.
    Mendez, Daniel
    Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
    An efficient approach for reviewing security-related aspects in agile requirements specifications of web applications2020In: Requirements Engineering, ISSN 0947-3602, E-ISSN 1432-010X, Vol. 25, no 4, p. 439-468, article id Special Issue: SIArticle in journal (Refereed)
    Abstract [en]

    Defects in requirement specifications can have severe consequences during the software development life cycle. Some of them may result in poor product quality and/or time and budget overrun due to incorrect or missing quality characteristics, such as security. This characteristic requires special attention in web applications because they have become a target for manipulating sensible data. Several concerns make security difficult to deal with. For instance, security requirements are often misunderstood and improperly specified due to lack of security expertise and emphasis on security during early stages of software development. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically produced. To tackle this problem, we designed an approach for reviewing security-related aspects in agile requirements specifications of web applications. Our proposal considers user stories and security specifications as inputs and relates those user stories to security properties via natural language processing. Based on the related security properties, our approach identifies high-level security requirements from the Open Web Application Security Project (OWASP) to be verified and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via three experimental trials conducted with 56 novice software engineers, measuring effectiveness, efficiency, usefulness and ease of use. We compare our approach against using: (1) the OWASP high-level security requirements and (2) a perspective-based approach as proposed in contemporary state of the art. The results strengthen our confidence that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency. © 2020, Springer-Verlag London Ltd., part of Springer Nature.

    Download full text (pdf)
    fulltext
12 1 - 50 of 57
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf