46,661 research outputs found
Agile, Web Engineering and Capability Maturity ModelI ntegration : A systematic literature review
Context
Agile approaches are an alternative for organizations developing software, particularly for those who develop Web applications. Besides, CMMI (Capability Maturity Model Integration) models are well-established approaches focused on assessing the maturity of an organization that develops software. Web Engineering is the field of Software Engineering responsible for analyzing and studying the specific characteristics of the Web. The suitability of an Agile approach to help organizations reach a certain CMMI maturity level in Web environments will be very interesting, as they will be able to keep the ability to quickly react and adapt to changes as long as their development processes get mature.
Objective
This paper responds to whether it is feasible or not, for an organization developing Web systems, to achieve a certain maturity level of the CMMI-DEV model using Agile methods.
Method
The proposal is analyzed by means of a systematic literature review of the relevant approaches in the field, defining a characterization schema in order to compare them to introduce the current state-of-the-art.
Results
The results achieved after the systematic literature review are presented, analyzed and compared against the defined schema, extracting relevant conclusions for the different dimensions of the problem: compatibility, compliance, experience, maturity and Web.
Conclusion
It is concluded that although the definition of an Agile approach to meet the different CMMI maturity levels goals could be possible for an organization developing Web systems, there is still a lack of detailed studies and analysis on the field
Evaluating Software Architectures: Development Stability and Evolution
We survey seminal work on software architecture evaluationmethods. We then look at an emerging class of methodsthat explicates evaluating software architectures forstability and evolution. We define architectural stabilityand formulate the problem of evaluating software architecturesfor stability and evolution. We draw the attention onthe use of Architectures Description Languages (ADLs) forsupporting the evaluation of software architectures in generaland for architectural stability in specific
Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)
There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software
Utilising the Software Engineering Methods and Theory framework to critically evaluate software engineering practice in the South African banking industry
A research report submitted to the Faculty of Engineering and The Built Environment of the University of Witwatersrand, Johannesburg
In partial fulfilment of the requirements for the Degree of Master of Science in Engineering
September 2015In recent years, software has become the cornerstone of banking and new business products are
directly dependant on software. The delivery cycles for new features is now related to market share.
This drive to use software as a vehicle for competitive advantage has created an environment in
which software development of new business systems are increasingly on the critical path of many
projects. An organisation’s portfolio of software intensive projects is situated within this complexity
and organisations attempt to mitigate the risks associated with these complexities by implementing
software development processes and practices. A key problem facing the modern bank is how to
define and build a software development process that caters for both the traditional and
increasingly agile genres of software development characteristics in a consistent and manageable
way.
The banks attempt to address this problem through continuous methodology and process
improvements. Comparing and assessing non-standardised software engineering lifecycle models
without a common framework is a complex and subjective task. A standardised language is
important for simplifying the task for developing new methods and practices or for analysing and
documenting existing practices.
The Software Engineering Methods and Theory (SEMAT) initiative has developed a standardised
kernel of essential concepts, together with a language that describes the essence of software
engineering. This kernel, called the Essence, has recently become an Object Management Group
(OMG) standard. The Essence kernel, together with its language, can be used as the underpinning
theory to analyse an existing method and help provide insights that can drive method
enhancements.
The research report proposes a simple, actionable analysis framework to assist organisations to
assess, review and develop their software engineering methods. The core concepts of the
methodology are identified and mapped to the Essence concepts. The governance model of the
Essence is mapped to the governance model of the industry model and a set of practices is identified
and documented in the Essence language. The mapping and resulting analysis can be used to test
the validity of the Essence theory in practice and identify areas for improvement in both the method
and the Essence standard.
The analysis framework has been applied to an operational software development lifecycle of a large
South African bank. A mapping of the Essence concepts to the governance model and method
documented in the lifecycle was completed. This mapping revealed that the Essence is a valid tool
and can be used to describe a method in practice. Furthermore it is useful as an analysis framework
to assess the governance model that manages and measures the progress of an endeavour in the
Bank.
The case study and resulting analysis demonstrate that the Essence standard can be used to analyse
a methodology and identify areas for improvement. The analysis also identified areas for
improvement in the Essence specification
Identificación de estructuras sintácticas en corpus: un enfoque para encontrar áreas de conocimiento en disciplinas dirigidas por proyectos
Los cuerpos de conocimiento y los estándares de gestiĂłn de proyectos se definen como conjuntos de mĂ©todos y prácticas probados que los practicantes aplican ampliamente para gestionar proyectos en disciplinas particulares. Dado que los cuerpos de conocimiento dependen de la disciplina a la que pertenecen, cuando se aplican por fuera de sus disciplinas fallan en lograr sus propĂłsitos. Para mejorar los cuerpos de conocimiento, en algunas propuestas se realizan comparaciones entre ellos. Particularmente, algunos autores proponen la adopciĂłn de nuevos elementos como áreas de conocimiento resultantes de los procesos de comparaciĂłn. Sin embargo, tales propuestas de obtienen de manera empĂrica y dependen del juicio subjetivo de los autores. Esas propuestas se pueden mejorar mediante la formalizaciĂłn de la adopciĂłn de nuevos elementos cuando se comparan los cuerpos de conocimiento. En consecuencia, en este artĂculo se propone un mĂ©todo de formalizaciĂłn para adoptar áreas de conocimiento al comparar estándares, mediante la identificaciĂłn de estructuras sintácticas en corpus de gestiĂłn de proyectos. Al formalizar la adopciĂłn de áreas de conocimiento, se permite la mejora de los cuerpos de conocimiento de manera independiente al autor que los promueve.Bodies of knowledge and project management standards are defined as sets of proven methods and practices widely applied by practitioners for managing projects in particular disciplines. Since bodies of knowledge are discipline-dependent, when they are applied outside their discipline, they fail in accomplishing their purpose. Aiming to improve such bodies of knowledge, some proposals are made by performing comparisons among them. Particularly, some authors propose the adoption of new elements such as knowledge areas as a result of comparison processes. However, such proposals are empirically obtained and they are dependent on the author’s judgment. Such proposals can be improved by formalizing the adoption of new elements when comparing bodies of knowledge. Consequently, in this paper, we propose a formalization method for adopting knowledge areas when comparing standards by identifying syntactic structures in project management corpus. By formalizing knowledge area adoption, we allow for improving bodies of knowledge in an author-independent way
Towards a Formalization of a Framework to Express and Reason about Software Engineering Methods
Software Engineering is considered a knowledge-intensive discipline, in which knowledge creation, collection and sharing is an uninterrupted process. However, a large part of this knowledge exists in a tacit form and depends on practitioners. Therefore defining a mechanism to transform tacit knowledge into explicit one is of upmost importance. This paper presents a formalization approach to represent Software Engineering practitioners' tacit knowledge, which is related to their ways of working, as a set of explicit statements. The formalization is based on KUALI-BEH, which is a normative kernel extension of ESSENCE formal specification, and consists of three parts: an ontology to share a common representation of knowledge as a set of concepts; a Situational Method Engineering based algebra that represents well-defined method properties and operations; and a knowledge representation of the ontology and algebra using Description Logics. The main objectives of this initial formalization are to improve communication among humans and machines, computational inference and reuse of knowledge
Recommended from our members
OntoEng: A design method for ontology engineering in information systems
This paper addresses the design problem relating to ontology engineering in the discipline of information systems. Ontology engineering is a realm that covers issues related to ontology development and use throughout its life span. Nowadays, ontology as a new innovation promises to improve the design, semantic integration, and utilization of information systems. Ontologies are the backbone of knowledge-based systems. In addition, they establish sharable and reusable common understanding of specific domains amongst people, information systems, and software agents. Notwithstanding, the ontology engineering literature does not provide adequate guidance on how to build, evaluate, and maintain ontologies. On the basis of the
gathered experience during the development of V4 Telecoms Business Model Ontology as well as the conducted integration of the related literature from the design science paradigm, this paper introduces OntoEng and its application as a novel systematic design
method for ontology engineering
A Concurrent Perspective on Smart Contracts
In this paper, we explore remarkable similarities between multi-transactional
behaviors of smart contracts in cryptocurrencies such as Ethereum and classical
problems of shared-memory concurrency. We examine two real-world examples from
the Ethereum blockchain and analyzing how they are vulnerable to bugs that are
closely reminiscent to those that often occur in traditional concurrent
programs. We then elaborate on the relation between observable contract
behaviors and well-studied concurrency topics, such as atomicity, interference,
synchronization, and resource ownership. The described
contracts-as-concurrent-objects analogy provides deeper understanding of
potential threats for smart contracts, indicate better engineering practices,
and enable applications of existing state-of-the-art formal verification
techniques.Comment: 15 page
- …