Benefitting from the Grey Literature in Software Engineering Research

Researchers generally place the most trust in peer-reviewed, published information, such as journals and conference papers. By contrast, software engineering (SE) practitioners typically do not have the time, access or expertise to review and benefit from such publications. As a result, practitioners are more likely to turn to other sources of information that they trust, e.g., trade magazines, online blog-posts, survey results or technical reports, collectively referred to as Grey Literature (GL). Furthermore, practitioners also share their ideas and experiences as GL, which can serve as a valuable data source for research. While GL itself is not a new topic in SE, using, benefitting and synthesizing knowledge from the GL in SE is a contemporary topic in empirical SE research and we are seeing that researchers are increasingly benefitting from the knowledge available within GL. The goal of this chapter is to provide an overview to GL in SE, together with insights on how SE researchers can effectively use and benefit from the knowledge and evidence available in the vast amount of GL

Juegos serios educativos como servicio: retos y desafíos

Cloud computing is a distributed computing technology that facilitates access to the resources in a dynamic, scalable and highly available manner. One of its service models is SaaS (Software as a Service) which allows executing Web applications in a flexible and elastic way while offering collaborative characteristics. The integration of SaaS in educational environments promotes academic performance and facilitates knowledge management, allowing for storage, exchange, access and synchronization of information. On the other hand, educational serious games promote among the people involved: collaboration, communication, social abilities, critical thinking and problem solving. The main objective of this investigation is to analyze the challenges that SaaS, with its collaborative and multitenancy characteristics present to the execution of educational serious games. This is named ESGaaS - Educational Serious Games as a Service. The analysis was developed based on a review of the existing literature through the methodology known as Systematic Mapping Studies (SMS) which facilitated the generation of investigation questions, search strategies, key words and inclusion and exclusion criteria applied to identify articles in several sources. This investigation facilitated the development of a list of functional characteristics that the educational serious games will acquire when used as software for service.La computación en la nube es una tecnología de computación distribuida que ofrece acceso a los recursos de manera dinámica, escalable y con alta disponibilidad. Uno de sus modelos de servicio, es el SaaS (Software as a Service) que permite ejecutar aplicaciones Web de manera flexible y elástica, además de ofrecer características colaborativas. La integración del SaaS en los entornos educativos potencia el rendimiento académico y facilita la gestión del conocimiento permitiendo almacenar, intercambiar, acceder y sincronizar información. Por su parte los juegos serios educativos potencian, entre los involucrados, la colaboración, comunicación, habilidades sociales, pensamiento crítico y resolución de problemas. El objetivo principal de esta investigación consistió en analizar los retos que SaaS, con sus características colaborativas y multiinquilino, ofrece a la ejecución de juegos serios educativos, lo cual denominamos ESGaaS – Juegos Serios Educativos como Servicio. El análisis fue realizado a partir de una revisión de literatura existente a través de la metodología denominada Systematic Mapping Studies (SMS) la cual permitió generar preguntas de investigación, estrategias de búsqueda, palabras claves y criterios de inclusión y exclusión que fueron aplicadas para localizar artículos en diversas fuentes. Como resultado del trabajo se elabora una lista de características funcionales que los juegos serios educativos adquirirían al ser utilizados como software como servicio.Facultad de Informátic

Personalized Guidelines for Design, Implementation and Evaluation of Anti-phishing Interventions

Background: Current anti-phishing interventions, which typically involve one-size-fits-all solutions, suffer from limitations such as inadequate usability and poor implementation. Human-centric challenges in anti-phishing technologies remain little understood. Research shows a deficiency in the comprehension of end-user preferences, mental states, and cognitive requirements by developers and practitioners involved in the design, implementation, and evaluation of anti-phishing interventions. Aims: This study addresses the current lack of resources and guidelines for the design, implementation and evaluation of anti-phishing interventions, by presenting personalized guidelines to the developers and practitioners. Method: Through an analysis of 53 academic studies and 16 items of grey literature studies, we systematically identified the challenges and recommendations within the anti-phishing interventions, across different practitioner groups and intervention types. Results: We identified 22 dominant factors at the individual, technical, and organizational levels, that affected the effectiveness of anti-phishing interventions and, accordingly, reported 41 guidelines based on the suggestions and recommendations provided in the studies to improve the outcome of anti-phishing interventions. Conclusions: Our dominant factors can help developers and practitioners enhance their understanding of human-centric, technical and organizational issues in anti-phishing interventions. Our customized guidelines can empower developers and practitioners to counteract phishing attacks.Comment: This article is accepted for publication at the IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) 202

DevSecOps metrics: Learning from academics and professionals

DevSecOps is an emerging paradigm that breaks the Security team silo into the DevOps team, adding security practices to the Software Development Lifecycle (SDL) from inception. Security practices, in SDL, are important to avoid data breaches, guarantee compliance with the law and for organizations, it is an obligation to protect customer data. This study aims to identify metrics teams can use to measure the effectiveness of DevSecOps implementation inside organizations. To that end, this study was conducted using a Design Science Research (DSR) as its research methodology, with the intent of producing an artefact containing the most relevant DevSecOps metrics. A total of nine DevSecOps metrics purposed by professionals and academics were identified and listed on the artefact produced by this study. Interviews were conducted with DevSecOps professionals as a method of evaluating if the identified metrics were useful. Through the interviews, it was possible to identify the metrics that are being used by professionals and which are the most useful. Interviewees purposed three additional metrics. This study identifies a total of twelve metrics that can be used to measure effectiveness in DevSecOps.Ao longo dos anos, várias são as abordagens que tem sido adotadas como processo de desenvolvimento de Software, tais como o modelo em Cascata e o desenvolvimento Ágil, mais recentemente o termo DevOps foi introduzido, refere-se a uma abordagem que junta elementos da equipa de desenvolvimento e operações na mesma equipa, de modo a que exista uma coloboração mais próxima e partilha de conhecimento entre estes elementos, com o intuito de se atingir entregas do Software em desenvolvimento com tempos menores, com mais frequência e qualidade. DevSecOps é uma abordagem ao processo de desenvolvimento de Software emergente que junta elementos da equipa de segurança à equipa de DevOps, trazendo práticas de segurança para o ciclo de desenvolvimento de Software. As práticas de segurança são cada vez mais importantes no ciclo de desenvolvimento de software pois visam a evitar violações de dados e verificar o cumprimento da lei. Mais, ganharam extrema importância para as organizações visto que as mesmas têm por obrigação a proteção de dados dos seus clientes. Este estudo pretende identificar métricas, que podem ser utilizadas pelas equipas de modo a medir a eficiência da implementação de DevSecOps nas suas organizações. Para identificar essas métricas, este estudo foi realizado usando como metodologia de investigação uma Ciência de Design, esta metodologia caracteriza-se por ser uma pesquisa orientada a resultados, tendo sido escolhida, com o objetivo de produzir um artefacto, contendo, as métricas para DevSecOps mais relevantes. Foi possível identificar 9 métricas para DevSecOps, sugeridas por profissionais e académicos da área estando estas listadas no artefacto produzido por este estudo. Mais, foram conduzidas entrevistas com os profissionais de DevSecOps com o intuito de avaliar a utilidade das métricas. Com a ajuda das entrevistas, foi possível identificar as métricas utilizadas pelos profissionais e determinar as mais úteis e relevantes. Os entrevistados sugeriram 3 métricas adicionais perfazendo assim 12 métricas incluídas neste documento

Serverless computing: a multivocal literature review

Serverless computing is a cloud computing execution model which enables developers to focus more on business logic rather than on infrastructure or maintenance of servers. This new paradigm has become a source of attraction for developers and organizations alike as it does not only reduce but simply eliminates the overhead of scaling, provisioning and infrastructure altogether. Given the novelty of the phenomenon, this paper is meant to study the phenomenon in a systematic way in order to define the core components of serverless computing, its benefits, challenges and what lies in the foreseen future of the serverless concept. To this end, authors conducted a multivocal literature review in order to better comprehend the state-of-art on serverless computing. The study shows that serverless computing is a solution that allows users to create functions that intercept and operate on data flows in a scalable manner without the need to manage a server, although presents several challenges.publishedVersio

How Does Competition Help Future Learning in Serious Games? An Exploratory Study in Learning Search Engine Optimization

Serious games, many of which are multi-player games, have been commonly used in information technology education and training. Competition can be intuitively associated with games; however, it is not always considered as a necessary attribute of serious games. Particularly, the learning impact results of competition are mixed. Challenge and control are two game attributes that are highly relevant to competition. With the use of a multi-player serious game, SEO War, this study aims to explore the relationships among competition, perceived control, perceived challenge, and self-efficacy in a game-based learning environment. Particularly, it investigates whether competition leads to self-efficacy. It also examines whether perceived challenge and perceived control mediate the relationship between competition and self-efficacy in serious games. This study contributes to the expanding literature on selecting important attributes for serious games, and it advances our understanding of the mechanism of how competition leads to self-efficacy. Moreover, it will help game designers decide on important game attributes through which games can be enhanced

Juegos serios educativos como servicio: retos y desafíos

Cloud computing is a distributed computing technology that facilitates access to the resources in a dynamic, scalable and highly available manner. One of its service models is SaaS (Software as a Service) which allows executing Web applications in a flexible and elastic way while offering collaborative characteristics. The integration of SaaS in educational environments promotes academic performance and facilitates knowledge management, allowing for storage, exchange, access and synchronization of information. On the other hand, educational serious games promote among the people involved: collaboration, communication, social abilities, critical thinking and problem solving. The main objective of this investigation is to analyze the challenges that SaaS, with its collaborative and multitenancy characteristics present to the execution of educational serious games. This is named ESGaaS - Educational Serious Games as a Service. The analysis was developed based on a review of the existing literature through the methodology known as Systematic Mapping Studies (SMS) which facilitated the generation of investigation questions, search strategies, key words and inclusion and exclusion criteria applied to identify articles in several sources. This investigation facilitated the development of a list of functional characteristics that the educational serious games will acquire when used as software for service.La computación en la nube es una tecnología de computación distribuida que ofrece acceso a los recursos de manera dinámica, escalable y con alta disponibilidad. Uno de sus modelos de servicio, es el SaaS (Software as a Service) que permite ejecutar aplicaciones Web de manera flexible y elástica, además de ofrecer características colaborativas. La integración del SaaS en los entornos educativos potencia el rendimiento académico y facilita la gestión del conocimiento permitiendo almacenar, intercambiar, acceder y sincronizar información. Por su parte los juegos serios educativos potencian, entre los involucrados, la colaboración, comunicación, habilidades sociales, pensamiento crítico y resolución de problemas. El objetivo principal de esta investigación consistió en analizar los retos que SaaS, con sus características colaborativas y multiinquilino, ofrece a la ejecución de juegos serios educativos, lo cual denominamos ESGaaS – Juegos Serios Educativos como Servicio. El análisis fue realizado a partir de una revisión de literatura existente a través de la metodología denominada Systematic Mapping Studies (SMS) la cual permitió generar preguntas de investigación, estrategias de búsqueda, palabras claves y criterios de inclusión y exclusión que fueron aplicadas para localizar artículos en diversas fuentes. Como resultado del trabajo se elabora una lista de características funcionales que los juegos serios educativos adquirirían al ser utilizados como software como servicio.Facultad de Informátic

Guidelines to Establish an Office of Student Accessibility Services in Higher Education Institutions

The objective of this paper is to propose a set of guidelines to establish an office of Student Accessibility Services (SAS) in Higher Education Institutions (HEIs). The proposed guidelines help to integrate disjointed knowledge to facilitate its interpretation and implementation during deployment of basic support services in favor of students with disability. These guidelines can help to mitigate complexity in providing SAS for the first time in HEIs. These guidelines cover both the design and implementation of an office of SAS and its management. Knowledge was found through a multivocal literature review (MLR), which allowed to capture not only academic approaches but also vantage points and experiences from practice. Key concepts and aspects were organized into eight components (five related to the design and implementation, and three associated with the management context). An expert appraisal method was used as a proof of concept, which complemented a previously performed preliminary implementation example. Obtained results demonstrated the pertinence of the conceptual proposal and confirmed guidelines capability for full implementation in a real-world scenario.This research work has been co-funded by the Erasmus+ Programme of the European Union, project EduTech (609785-EPP-1-2019-1-ES-EPPKA2-CBHE-JP)

Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees

Currently, cybersecurity plays an essential role in computing and information technology due to its direct effect on organizations’ critical assets and information. Cybersecurity is applied using integrity, availability, and confidentiality to protect organizational assets and information from various malicious attacks and vulnerabilities. The COVID-19 pandemic has generated different cybersecurity issues and challenges for businesses as employees have become accustomed to working from home. Firms are speeding up their digital transformation, making cybersecurity the current main concern. For software and hardware systems protection, organizations tend to spend an excessive amount of money procuring intrusion detection systems, antivirus software, antispyware software, and encryption mechanisms. However, these solutions are not enough, and organizations continue to suffer security risks due to the escalating list of security vulnerabilities during the COVID-19 pandemic. There is a thriving need to provide a cybersecurity awareness and training framework for remote working employees. The main objective of this research is to propose a CAT framework for cybersecurity awareness and training that will help organizations to evaluate and measure their employees’ capability in the cybersecurity domain. The proposed CAT framework will assist different organizations in effectively and efficiently managing security-related issues and challenges to protect their assets and critical information. The developed CAT framework consists of three key levels and twenty-five core practices. Case studies are conducted to evaluate the usefulness of the CAT framework in cybersecurity-based organizational settings in a real-world environment. The case studies’ results showed that the proposed CAT framework can identify employees’ capability levels and help train them to effectively overcome the cybersecurity issues and challenges faced by the organizations

Semi-Automatic Mapping Technique Using Snowballing to Support Massive Literature Searches in Software Engineering

Systematic literature reviews represent an important methodology in Evidence-Based Software Engineering. To define the methodological route in these type of studies, in which a review of quantitative and qualitative aspects of primary studies is carried out to summarize the existing information regarding a particular topic, researchers use protocols that guide the construction of knowledge from research questions. This article presents a process that uses forward Snowballing, which identifies the articles cited in the paper under study and the number of citations as inclusion criteria to complement systematic literature reviews. A process that relies on software tools was designed to apply the Snowballing strategy and to identify the most cited works and those who cite them. To validate the process, a review identified in the literature was used. After comparing the results, new works that were not taken into account but made contributions to the subject of study emerged. The citation index represents the number of times a publication has been referenced in other documents and is used as a mechanism to analyze, measure, or quantitatively assess the impact of said publication on the scientific community. The present study showed how applying Snowballing along with other strategies enables the emergence of works that may be relevant for an investigation given the citations rate. That is, implementing this proposal will allow updating or expanding systematic literature studies through the new works evidenced