International conference on software engineering and knowledge engineering: Session chair

The Thirtieth International Conference on Software Engineering and Knowledge Engineering (SEKE 2018) will be held at the Hotel Pullman, San Francisco Bay, USA, from July 1 to July 3, 2018. SEKE2018 will also be dedicated in memory of Professor Lofti Zadeh, a great scholar, pioneer and leader in fuzzy sets theory and soft computing. The conference aims at bringing together experts in software engineering and knowledge engineering to discuss on relevant results in either software engineering or knowledge engineering or both. Special emphasis will be put on the transference of methods between both domains. The theme this year is soft computing in software engineering & knowledge engineering. Submission of papers and demos are both welcome

Can using Fagan Inspections improve the quality of specification in 2011? A Case Study

In this paper, we explore why Fagan Inspections have become obsolete in the software industry, given the body of evidence which supports their use to improve the quality of software artefacts and the software development process. Since the late 1970’s, much has been written about how Fagan Inspections improve the quality of both processes and outputs of the software development process. The literature indicates that the Fagan Inspection technique can improve quality of software (or other software development artefacts) by a reduction in defects of 60 – 90%. However, recent literature suggests that inspection techniques in general and Fagan Inspections in particular, are no longer used. A study in 1998 found that respondents used inspections either irregularly or not at all. Teams often review artefacts informally, but believe that they are performing an inspection or formal review. The lack of rigour in the review process results in reduced benefits and more defects in the artefacts. To explore this situation, we conducted a case study with a local enterprise and we report on the early findings. These suggest that the introduction of Fagan Inspections may have a number of benefits before they have even been introduced fully, including recognition of flaws in the current development process, development of technical knowledge relating to the software process domain, and improved team relations and a ‘quality’ culture. In addition, the personnel using Fagan Inspection gain experience in the production of ‘quality’ artefacts

A mapping study on documentation in Continuous Software Development

Context: With an increase in Agile, Lean, and DevOps software methodologies over the last years (collectively referred to as Continuous Software Development (CSD)), we have observed that documentation is often poor. Objective: This work aims at collecting studies on documentation challenges, documentation practices, and tools that can support documentation in CSD. Method: A systematic mapping study was conducted to identify and analyze research on documentation in CSD, covering publications between 2001 and 2019. Results: A total of 63 studies were selected. We found 40 studies related to documentation practices and challenges, and 23 studies related to tools used in CSD. The challenges include: informal documentation is hard to understand, documentation is considered as waste, productivity is measured by working software only, documentation is out-of-sync with the software and there is a short-term focus. The practices include: non-written and informal communication, the usage of development artifacts for documentation, and the use of architecture frameworks. We also made an inventory of numerous tools that can be used for documentation purposes in CSD. Overall, we recommend the usage of executable documentation, modern tools and technologies to retrieve information and transform it into documentation, and the practice of minimal documentation upfront combined with detailed design for knowledge transfer afterwards. Conclusion: It is of paramount importance to increase the quantity and quality of documentation in CSD. While this remains challenging, practitioners will benefit from applying the identified practices and tools in order to mitigate the stated challenges

Specifying Requirements for Modern Software Development: A Test-Oriented Methodology

Most modern computer systems operate in distributed environments. To develop and test such applications, services, and systems, it is necessary to consider the physical devices, architectures, communication, security and deployment mechanisms involved. However, the requirements’ specification process still replicates that of traditional applications: details remain implicit and are hidden in the description. As a result, specifications are difficult to identify and, ultimately, tests are designed in the traditional way: they overlook constraints and fail to achieve the desired effects. Our objective is to design a methodology for specifying requirements in both traditional software and applications deployed in distributed environments. We present an iterative and incremental requirements specification methodology. This methodology allows us to describe functional requirements and incorporate non-functional or quality constraints, which is the main contribution of this proposal. To ensure that quality requirements are specified during the design phase, the methodology proposes a series of phases, stages and artefacts that ensure the discovery and consideration of these requirements. In order to find out the strengths and weaknesses of our methodology, we have carried out a comparative study with other similar proposals in the literature. To this end, evaluation criteria were defined by considering standards and good practices in Requirements Engineering. The results of the comparative study show that our methodology constitutes a solid procedure for a detailed requirements specification from the beginning of the software development cycle. This represents an advance over the rest of the proposals studied. Our methodology contributes to the simplification of the design and execution phases of software testing, enabling traceability between the specified requirements and the designed test cases

An Efficient Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them may result in poor product quality and/or time and budget overruns due to incorrect or missing quality characteristics, such as security. This characteristic requires special attention in web applications because they have become a target for manipulating sensible data. Several concerns make security difficult to deal with. For instance, security requirements are often misunderstood and improperly specified due to lack of security expertise and emphasis on security during early stages of software development. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically produced. To tackle this problem, we designed an approach for reviewing security-related aspects in agile requirements specifications of web applications. Our proposal considers user stories and security specifications as inputs and relates those user stories to security properties via Natural Language Processing. Based on the related security properties, our approach identifies high-level security requirements from the Open Web Application Security Project (OWASP) to be verified, and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via three experiment trials conducted with 56 novice software engineers, measuring effectiveness, efficiency, usefulness, and ease of use. We compare our approach against using: (1) the OWASP high-level security requirements, and (2) a perspective-based approach as proposed in contemporary state of the art. The results strengthen our confidence that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency.Comment: Preprint accepted for publication at the Requirements Engineering journal. arXiv admin note: text overlap with arXiv:1906.1143

State of agile contracting in the software industry and the public sector, results of a systematic mapping of the literature

Context: Agile approaches are the answer to the rigid framework for traditional software development. These focus on creating products based on communication and continuous collaboration between the client and supplier, which are detailed characteristics in documents; it is also true that the contractual agreements for such approaches continue to be structured according to the restrictions of the traditional development of software products. Meticulous specifications and restrictions such as time, cost and scope are just some of the fixed conditions of the contractual agreement. In this sense, traditional contracts do not respond adequately to agile software development and, for this reason, agile contracts emerge as a framework of agreement that stipulates the conditions that are clearly necessary to allow development under these approaches. Methodology: a systematic mapping of the literature is presented that aims to show a current panorama of agile contracting for software development and its application in different sectors of the economy with an emphasis on the public sector. Results: The results obtained show few examples of the application of agile contracts, especially in the public sector; suggesting research opportunities and the generation of proposals in this context. Conclusions: It has been concluded that the contracting methods used by public institutions can be an obstacle to agile approaches. In addition, this document presents recommendations for adjusting contracts that seek to facilitate developments approached from the perspective of agile approaches in the public sector