Agile, Web Engineering and Capability Maturity ModelI ntegration : A systematic literature review

Context Agile approaches are an alternative for organizations developing software, particularly for those who develop Web applications. Besides, CMMI (Capability Maturity Model Integration) models are well-established approaches focused on assessing the maturity of an organization that develops software. Web Engineering is the field of Software Engineering responsible for analyzing and studying the specific characteristics of the Web. The suitability of an Agile approach to help organizations reach a certain CMMI maturity level in Web environments will be very interesting, as they will be able to keep the ability to quickly react and adapt to changes as long as their development processes get mature. Objective This paper responds to whether it is feasible or not, for an organization developing Web systems, to achieve a certain maturity level of the CMMI-DEV model using Agile methods. Method The proposal is analyzed by means of a systematic literature review of the relevant approaches in the field, defining a characterization schema in order to compare them to introduce the current state-of-the-art. Results The results achieved after the systematic literature review are presented, analyzed and compared against the defined schema, extracting relevant conclusions for the different dimensions of the problem: compatibility, compliance, experience, maturity and Web. Conclusion It is concluded that although the definition of an Agile approach to meet the different CMMI maturity levels goals could be possible for an organization developing Web systems, there is still a lack of detailed studies and analysis on the field

Evaluating Software Architectures: Development Stability and Evolution

We survey seminal work on software architecture evaluationmethods. We then look at an emerging class of methodsthat explicates evaluating software architectures forstability and evolution. We define architectural stabilityand formulate the problem of evaluating software architecturesfor stability and evolution. We draw the attention onthe use of Architectures Description Languages (ADLs) forsupporting the evaluation of software architectures in generaland for architectural stability in specific

Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)

There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software

Utilising the Software Engineering Methods and Theory framework to critically evaluate software engineering practice in the South African banking industry

A research report submitted to the Faculty of Engineering and The Built Environment of the University of Witwatersrand, Johannesburg In partial fulfilment of the requirements for the Degree of Master of Science in Engineering September 2015In recent years, software has become the cornerstone of banking and new business products are directly dependant on software. The delivery cycles for new features is now related to market share. This drive to use software as a vehicle for competitive advantage has created an environment in which software development of new business systems are increasingly on the critical path of many projects. An organisation’s portfolio of software intensive projects is situated within this complexity and organisations attempt to mitigate the risks associated with these complexities by implementing software development processes and practices. A key problem facing the modern bank is how to define and build a software development process that caters for both the traditional and increasingly agile genres of software development characteristics in a consistent and manageable way. The banks attempt to address this problem through continuous methodology and process improvements. Comparing and assessing non-standardised software engineering lifecycle models without a common framework is a complex and subjective task. A standardised language is important for simplifying the task for developing new methods and practices or for analysing and documenting existing practices. The Software Engineering Methods and Theory (SEMAT) initiative has developed a standardised kernel of essential concepts, together with a language that describes the essence of software engineering. This kernel, called the Essence, has recently become an Object Management Group (OMG) standard. The Essence kernel, together with its language, can be used as the underpinning theory to analyse an existing method and help provide insights that can drive method enhancements. The research report proposes a simple, actionable analysis framework to assist organisations to assess, review and develop their software engineering methods. The core concepts of the methodology are identified and mapped to the Essence concepts. The governance model of the Essence is mapped to the governance model of the industry model and a set of practices is identified and documented in the Essence language. The mapping and resulting analysis can be used to test the validity of the Essence theory in practice and identify areas for improvement in both the method and the Essence standard. The analysis framework has been applied to an operational software development lifecycle of a large South African bank. A mapping of the Essence concepts to the governance model and method documented in the lifecycle was completed. This mapping revealed that the Essence is a valid tool and can be used to describe a method in practice. Furthermore it is useful as an analysis framework to assess the governance model that manages and measures the progress of an endeavour in the Bank. The case study and resulting analysis demonstrate that the Essence standard can be used to analyse a methodology and identify areas for improvement. The analysis also identified areas for improvement in the Essence specification

Identificación de estructuras sintácticas en corpus: un enfoque para encontrar áreas de conocimiento en disciplinas dirigidas por proyectos

Los cuerpos de conocimiento y los estándares de gestión de proyectos se definen como conjuntos de métodos y prácticas probados que los practicantes aplican ampliamente para gestionar proyectos en disciplinas particulares. Dado que los cuerpos de conocimiento dependen de la disciplina a la que pertenecen, cuando se aplican por fuera de sus disciplinas fallan en lograr sus propósitos. Para mejorar los cuerpos de conocimiento, en algunas propuestas se realizan comparaciones entre ellos. Particularmente, algunos autores proponen la adopción de nuevos elementos como áreas de conocimiento resultantes de los procesos de comparación. Sin embargo, tales propuestas de obtienen de manera empírica y dependen del juicio subjetivo de los autores. Esas propuestas se pueden mejorar mediante la formalización de la adopción de   nuevos   elementos cuando se  comparan  los cuerpos  de  conocimiento.  En consecuencia, en este artículo se propone un método de formalización para adoptar áreas de conocimiento al comparar estándares, mediante la identificación de estructuras sintácticas en corpus de gestión de proyectos. Al formalizar la adopción de áreas de conocimiento, se permite la mejora de los cuerpos de conocimiento de manera independiente al autor que los promueve.Bodies of knowledge and project management standards are defined as sets of proven methods and practices widely applied by practitioners for managing projects in particular disciplines. Since bodies of knowledge are discipline-dependent, when they are applied outside their discipline, they fail in accomplishing their purpose. Aiming to improve such bodies of knowledge, some proposals are made by performing comparisons among them. Particularly, some authors propose the adoption of new elements such as knowledge areas as a result of comparison processes. However, such proposals are empirically obtained and they are dependent on the author’s judgment. Such proposals can be improved by formalizing the adoption of new elements when comparing bodies of knowledge. Consequently, in this paper, we propose a formalization method for adopting knowledge areas when comparing standards by identifying syntactic structures in project management corpus. By formalizing knowledge area adoption, we allow for improving bodies of knowledge in an author-independent way

Towards a Formalization of a Framework to Express and Reason about Software Engineering Methods

Software Engineering is considered a knowledge-intensive discipline, in which knowledge creation, collection and sharing is an uninterrupted process. However, a large part of this knowledge exists in a tacit form and depends on practitioners. Therefore defining a mechanism to transform tacit knowledge into explicit one is of upmost importance. This paper presents a formalization approach to represent Software Engineering practitioners' tacit knowledge, which is related to their ways of working, as a set of explicit statements. The formalization is based on KUALI-BEH, which is a normative kernel extension of ESSENCE formal specification, and consists of three parts: an ontology to share a common representation of knowledge as a set of concepts; a Situational Method Engineering based algebra that represents well-defined method properties and operations; and a knowledge representation of the ontology and algebra using Description Logics. The main objectives of this initial formalization are to improve communication among humans and machines, computational inference and reuse of knowledge

OntoEng: A design method for ontology engineering in information systems

This paper addresses the design problem relating to ontology engineering in the discipline of information systems. Ontology engineering is a realm that covers issues related to ontology development and use throughout its life span. Nowadays, ontology as a new innovation promises to improve the design, semantic integration, and utilization of information systems. Ontologies are the backbone of knowledge-based systems. In addition, they establish sharable and reusable common understanding of specific domains amongst people, information systems, and software agents. Notwithstanding, the ontology engineering literature does not provide adequate guidance on how to build, evaluate, and maintain ontologies. On the basis of the gathered experience during the development of V4 Telecoms Business Model Ontology as well as the conducted integration of the related literature from the design science paradigm, this paper introduces OntoEng and its application as a novel systematic design method for ontology engineering

A Concurrent Perspective on Smart Contracts

In this paper, we explore remarkable similarities between multi-transactional behaviors of smart contracts in cryptocurrencies such as Ethereum and classical problems of shared-memory concurrency. We examine two real-world examples from the Ethereum blockchain and analyzing how they are vulnerable to bugs that are closely reminiscent to those that often occur in traditional concurrent programs. We then elaborate on the relation between observable contract behaviors and well-studied concurrency topics, such as atomicity, interference, synchronization, and resource ownership. The described contracts-as-concurrent-objects analogy provides deeper understanding of potential threats for smart contracts, indicate better engineering practices, and enable applications of existing state-of-the-art formal verification techniques.Comment: 15 page