Fostering innovation: Factors that attract and retain third party developers in mobile ecosystems

The popularity of smartphones and the related growth of mobile application markets created a need for mobile platform owners to open their software platforms up to third party developers in order to meet user demand for mobile applications. This external innovation provides a tremendous opportunity for mobile platform owners to develop a volume and diversity of products they could not develop in-house, but it also presents challenges in attracting a sufficient number of developers and users in order to harness the two-sided and same-sided network effects required to successfully cultivate a robust mobile ecosystem. The main objective of this study is to investigate the factors which attract and retain third party developers in mobile ecosystems, a topic about which limited study has been conducted to date. To achieve this goal we developed a research framework based on theoretical and industry literature related to the mobile industry. Using this as a basis for our research we interviewed developers for the iOS, Android and Windows Phone platforms as well as an independent expert specialising in research of the telecommunications industry. These interviews provide a list of factors relating to what motivates third party developers to select a particular ecosystem. Factors are presented in terms of economic considerations, the boundary resources within the mobile platforms, the related development community and the reach the ecosystem provides. These factors are detailed and compared concluding that monetary reward, user engagement and market share are the most dominant factors influencing developer choice. This research complements and extends existing research on third party developer motivation in competitive open innovation communities as well as providing insights into the industry for prospective mobile developers

Mobiilien liiketoimintaekosysteemien menestystekijät: laitteistokeskeisistä liiketoimintamalleista sisältöön ja mainontaan

For firms operating in a networked economy or business ecosystems, value creation may be highly dependent on the relationships with other firms, which has added a significant amount of complexity particularly to strategic and product-related decision-making. In systems thinking, a firm is seen as part of a wider economic ecosystem and environment where it influences and is influenced by other firms. Within a business ecosystem, firms coevolve capabilities around innovations, working both cooperatively and competitively to support new products, satisfy customers, and incorporate the following round of innovations. Ecosystems are often formed around platforms on which products and complements are built, and platforms may also facilitate transactions between distinct groups of users in a two or multi-sided market. In this study, established theoretical concepts have been brought together to analyze the success factors of mobile business ecosystems in a holistic manner. Additionally, the impact of the historical legacy and path-dependent evolution of a firm’s previous business activities, capabilities, and assets on decisions the firm has made in its ecosystem and platform strategies is studied, and a novel theoretical concept, ‘angle of entry’, is recognized. Through a qualitative multiple case study of three leading companies in the smartphone business and their respective business ecosystems, eight common success factors are identified that have contributed to the disruption of the smartphone business by these three new entrants from the IT world, replacing the incumbents. Based on the results, it can be stated that all three leading ecosystems utilize, at least to a certain extent, closed source code to protect their differentiating or otherwise significantly value-adding software components. Similarly, the product platforms of all three ecosystems offer sufficiently open application programming interfaces so that device manufacturers, accessory makers, and developers are able to create products and apps with meaningful differentiation.Verkostoituneessa taloudessa tai liiketoimintaekosysteemeissä toimivien yritysten arvonluonti saattaa olla hyvinkin riippuvaista suhteista muihin yrityksiin, mikä on lisännyt erityisesti strategisen ja tuotteisiin liittyvän päätöksenteon kompleksisuutta huomattavasti. Järjestelmäajattelussa yritys nähdään osana laajempaa taloudellista ekosysteemiä ja ympäristöä, jossa se vaikuttaa muihin yrityksiin ja on samalla ympäristönsä vaikutuksen kohteena. Liiketoimintaekosysteemissä yritykset kehittävät yhdessä kyvykkyyksiään innovaatioiden ympärillä tehden yhteistyötä ja kilpaillen samalla tukeakseen uusia tuotteita, tyydyttääkseen asiakkaita ja ottaakseen käyttöön uusia innovaatioita. Ekosysteemeitä muodostuu usein tuotealustojen ympärille, ja lisäksi alustat voivat välittää transaktioita erillisten käyttäjäryhmien välillä nk. kaksi- tai useampipuolisessa markkinassa. Tässä tutkimuksessa on yhdistetty tunnettuja teoreettisia käsitteitä mobiilialan liiketoimintaekosysteemien menestystekijöiden analysoimiseksi kokonaisvaltaisesti. Lisäksi on tutkittu yrityksen historian ja sen toimintojen, kyvykkyyksien ja resurssien polkuriippuvaisen evoluution vaikutuksia sen päätöksiin ekosysteemi- ja tuotealustastrategioissa. Tämän tuloksena on tunnistettu uusi teoriakäsite, ‘tulokulma’. Kolmesta johtavasta älypuhelinliiketoiminnan yrityksestä ja näiden kunkin ekosysteemistä tehdyn kvalitatiivisen monitapaustutkimuksen perusteella työssä tunnistetaan kahdeksan yhteistä menestystekijää, jotka ovat auttaneet näitä IT-maailmasta tulleita tulokasyrityksiä mullistamaan älypuhelinliiketoiminnan syrjäyttäen alan vanhat johtoyritykset. Tulosten perusteella voidaan todeta, että kaikki kolme johtavaa ekosysteemiä hyödyntävät ainakin jossain määrin suljettua lähdekoodia suojatakseen erilaistamista tai muuten merkittävää lisäarvoa tuottavia ohjelmistokomponenttejaan. Samoin kaikkien kolmen ekosysteemin tuotealustat tarjoavat riittävästi avoimia sovellusrajapintoja, jotta laitevalmistajat ja sovelluskehittäjät pystyvät luomaan tarpeeksi erilaistettuja tuotteita ja sovelluksia

Human Factors in Secure Software Development

While security research has made significant progress in the development of theoretically secure methods, software and algorithms, software still comes with many possible exploits, many of those using the human factor. The human factor is often called ``the weakest link'' in software security. To solve this, human factors research in security and privacy focus on the users of technology and consider their security needs. The research then asks how technology can serve users while minimizing risks and empowering them to retain control over their own data. However, these concepts have to be implemented by developers whose security errors may proliferate to all of their software's users. For example, software that stores data in an insecure way, does not secure network traffic correctly, or otherwise fails to adhere to secure programming best practices puts all of the software's users at risk. It is therefore critical that software developers implement security correctly. However, in addition to security rarely being a primary concern while producing software, developers may also not have extensive awareness, knowledge, training or experience in secure development. A lack of focus on usability in libraries, documentation, and tools that they have to use for security-critical components may exacerbate the problem by blowing up the investment of time and effort needed to "get security right". This dissertation's focus is how to support developers throughout the process of implementing software securely. This research aims to understand developers' use of resources, their mindsets as they develop, and how their background impacts code security outcomes. Qualitative, quantitative and mixed methods were employed online and in the laboratory, and large scale datasets were analyzed to conduct this research. This research found that the information sources developers use can contribute to code (in)security: copying and pasting code from online forums leads to achieving functional code quickly compared to using official documentation resources, but may introduce vulnerable code. We also compared the usability of cryptographic APIs, finding that poor usability, unsafe (possibly obsolete) defaults and unhelpful documentation also lead to insecure code. On the flip side, well-thought out documentation and abstraction levels can help improve an API's usability and may contribute to secure API usage. We found that developer experience can contribute to better security outcomes, and that studying students in lieu of professional developers can produce meaningful insights into developers' experiences with secure programming. We found that there is a multitude of online secure development advice, but that these advice sources are incomplete and may be insufficient for developers to retrieve help, which may cause them to choose un-vetted and potentially insecure resources. This dissertation supports that (a) secure development is subject to human factor challenges and (b) security can be improved by addressing these challenges and supporting developers. The work presented in this dissertation has been seminal in establishing human factors in secure development research within the security and privacy community and has advanced the dialogue about the rigorous use of empirical methods in security and privacy research. In these research projects, we repeatedly found that usability issues of security and privacy mechanisms, development practices, and operation routines are what leads to the majority of security and privacy failures that affect millions of end users

Rakennuksen käyttöjärjestelmän luonti: kokonaisvaltainen lähestymistapa

Purpose of this thesis is to examine requirements for a building operating system from a holistic perspective. To understand the context of the subject, an extensive literature review was carried out which explores the evolution of operating systems alongside the history of computing, unravelling the concept of an operating system. In addition, various building information systems, including building automation systems and internet of things systems are reviewed in order to understand modern and future trends of building technology. Furthermore, literature review investigates telecommunications and digital identity authentication through their evolution and standardisation towards interoperability, to provide knowledge on how to achieve interoperability in building systems. An interview study was conducted as the empirical part of the study in order to complement the theoretical framework of the thesis. A dozen building digitalisation experts were interviewed, inquiring their insights on the current and future situation of building systems. More closely, open systems, open data, platform ownership, disruption, killer applications, user-centredness, and Finland’s opportunities were discussed in respect of the building operating system. Building operating system requires connection between various technology inside a building, and collaboration between various parties who use and manage the building. The system should exploit open standards and enable open data. User-centred development should be encouraged for the benefits of end users. The system needs to expand globally to achieve critical mass and unleash its full potential as a platform. Each building with similar properties should have the same features, being able to use same services and applications in any building with an operating system, thus enabling portability. The system requires convenient software development kits, application programming interfaces and abstractions for the needs of software and service developers. A vibrant developer community is required to expand the platform and enable a wide range of services and applications.Tämän diplomityön tarkoituksena on tutkia rakennuksen käyttöjärjestelmän holistisia vaatimuksia. Laaja kirjallisuuskatsaus tehtiin aiheen ymmärtämiseksi, joka tutkii käyttöjärjestelmien evoluutiota rinnakkain tietojenkäsittelyn historian kanssa, tarkoituksena hahmottaa käyttöjärjestelmän käsitettä. Lisäksi, eri rakennusten tietojärjestelmiä, mukaan lukien rakennusautomaatiojärjestelmiä ja esineiden internet -järjestelmiä käytiin läpi ymmärtääkseen nykyisiä ja tulevia trendejä rakennusteknologiassa. Edelleen kirjallisuuskatsaus tutkii televiestintää ja sähköistä tunnistautumista niiden kehityksen ja standardisoinnin kautta kohti yhteentoimivuutta, tarjoten tietoa siitä, miten yhteentoimivuutta voitaisiin kehittää rakennusjärjestelmissä. Haastattelututkimus tehtiin diplomityön empiirisenä osuutena, jonka tarkoituksena oli laajentaa työn teoreettista viitekehystä. Tusina rakennusten digitalisaation asiantuntijaa haastateltiin, joilta kysyttiin rakennusjärjestelmien nykytilasta ja tulevaisuudesta. Lähemmin, keskustelut käsittelivät avoimia järjestelmiä, avointa dataa, alustan omistajuutta, disruptiota, menestyssovelluksia, käyttäjäkeskeisyyttä sekä Suomen kansainvälistä potentiaalia rakennuksen käyttöjärjestelmän näkökulmasta. Rakennuksen käyttöjärjestelmä vaatii rakennuksen sisällä olevien eri teknologioiden yhteenliittämisen, sekä yhteistyötä rakennusta käyttävien ja hallinnoivien osapuolten välillä. Järjestelmän pitäisi hyödyntää avoimia standardeja ja mahdollistaa avoimen datan käytön. Käyttäjäkeskeistä suunnittelua pitäisi kannustaa loppukäyttäjien etuja suosien. Järjestelmän täytyy levitä globaalisti saavuttaakseen kriittisen massan ja ottaakseen käyttöön sen koko potentiaalin. Jokaisella samankaltaisella rakennuksella täytyisi olla käytössään yhtäläiset ominaisuudet, mahdollistaen samojen palveluiden ja sovellusten käytön missä tahansa käyttöjärjestelmää käyttävässä rakennuksessa, täten mahdollistaen siirrettävyyden. Järjestelmä vaatii sopivat ohjelmointirajapinnat, abstraktiot ja ohjelmistokehykset sovellus- ja palvelukehittäjien tarpeita varten. Laaja kehitysyhteisö vaaditaan alustan levittämiseksi ja sovellustarjonnan laajentamiseksi

Agile Processes in Software Engineering and Extreme Programming – Workshops

This open access book constitutes papers from the 5 research workshops, the poster presentations, as well as two panel discussions which were presented at XP 2021, the 22nd International Conference on Agile Software Development, which was held online during June 14-18, 2021. XP is the premier agile software development conference combining research and practice. It is a unique forum where agile researchers, practitioners, thought leaders, coaches, and trainers get together to present and discuss their most recent innovations, research results, experiences, concerns, challenges, and trends. XP conferences provide an informal environment to learn and trigger discussions and welcome both people new to agile and seasoned agile practitioners. The 18 papers included in this volume were carefully reviewed and selected from overall 37 submissions. They stem from the following workshops: 3rd International Workshop on Agile Transformation 9th International Workshop on Large-Scale Agile Development 1st International Workshop on Agile Sustainability 4th International Workshop on Software-Intensive Business 2nd International Workshop on Agility with Microservices Programmin

The Dilemma of Security Smells and How to Escape It

A single mobile app can now be more complex than entire operating systems ten years ago, thus security becomes a major concern for mobile apps. Unfortunately, previous studies focused rather on particular aspects of mobile application security and did not provide a holistic overview of security issues. Therefore, they could not accurately understand the fundamental flaws to propose effective solutions to common security problems. In order to understand these fundamental flaws, we followed a hybrid strategy, i.e., we collected reported issues from existing work, and we actively identified security-related code patterns that violate best practices in software development. We further introduced the term ``security smell,'' i.e., a security issue that could potentially lead to a vulnerability. As a result, we were able to establish comprehensive security smell catalogues for Android apps and related components, i.e., inter-component communication, web communication, app servers, and HTTP clients. Furthermore, we could identify a dilemma of security smells, because most security smells require unique fixes that increase the code complexity, which in return increases the risk of introducing more security smells. With this knowledge, we investigate the interaction of our security smells with the 192 Mitre CAPEC attack mechanism categories of which the majority could be mitigated with just a few additional security measures. These measures, a String class with behavior and the more thorough use of secure default values and paradigms, would simplify the application logic and at the same time largely increase security if implemented appropriately. We conclude that application security has to focus on the String class, which has not largely changed over the last years, and secure default values and paradigms since they are the smallest common denominator for a strong foundation to build resilient applications. Moreover, we provide an initial implementation for a String class with behavior, however the further exploration remains future work. Finally, the term ``security smell'' is now widely used in academia and eases the communication among security researchers

Service platform strategy : social networking and mobile service platform perspectives

Thesis (S.M. in Engineering and Management)--Massachusetts Institute of Technology, Engineering Systems Division, System Design and Management Program, 2011.Cataloged from PDF version of thesis.Includes bibliographical references (p. 99-101).The significance of the service platform is increasing, while studies on this phenomenon remain scarce and insufficient. Most of the researches focus on products, market segmentation and how platform triggers innovation and there's a lack of researches that focus on services, the fast growing industry nowadays. In analyzing the service platform, it is important to understand the interactions between different players, such as application developers, content providers, network operators, and users. For that purpose, a value network analysis which analyzes the interactions for creating value between the key players is more suitable than the common value chain analysis which is one-directional and sequential. This thesis adopts the value network approach in an attempt to analyze the two different types of service platform, that is, social networking platform and mobile service platform. The Social Networking Service (SNS) is evolving beyond the bounds of a simple personal network and is gradually transforming into a social networking platform where SNS information is used to develop various new services. This thesis examines the positioning and interaction of the key players for the social networking platform and the values that the key players can gain and capture. The mobile service platform is becoming more important, as 3G mobile technologies are mature and widespread and the smartphone market is growing rapidly. For the mobile service platform, the market players are engaged in a severe competition to control the market through various strategies. The biggest current issue in the mobile market is the movement to open platform strategy to build an ecosystem in which third-party developers can participate. This thesis also examines the positioning and interaction of the key players surrounding the mobile service platform and the values that the key players can gain and capture. Ultimately, this thesis aims to suggest service platform strategies for service platform providers and third party developers from the perspectives of social networking platform and mobile service platform. For that purpose, case studies are conducted in depth. In this thesis, the term "service platform" is defined as a set of interfaces provided for the development of applications or contents as service and software grow into one.by Jang Hoon Yoo.S.M.in Engineering and Managemen