Security Requirements Engineering-The Reluctant Oxymoron

Security is a focus in many systems that are developed today, yet this aspect of systems development is often relegated when the shipping date for a software product looms. This leads to problems post-implementation in terms of patches required to fix security defects or vulnerabilities. A simplistic answer is that if the code was correct in the first instance, then vulnerabilities would not exist. The reality of a complex software artefact is however, driven by other concerns. Rather than probing programs for coding errors that lead to vulnerabilities, it is perhaps more beneficial to look at the root causes of how and why vulnerabilities come to exist in software. This paper explores the reasons why this might be so, uses two simple case studies to illustrate the effects of failing to specify requirements correctly and suggests that software development methods that build in security concerns at the beginning of a project might be the way forward

A Guide to Documenting Software Design for Maximum Software Portability for Software Defined Radios

The use of software defined communications systems is growing incredibly fast. The field of software engineering as a discipline has not adequately addressed the subject of software portability which makes large and costly software development efforts less ready to port to future platforms. By understanding the causes of portability problems, they can either be avoided altogether in development or very well documented so that they are easier to overcome in future efforts. Literature, case studies, and surveys are used to collect opinions and information about large software programs where portability is a desirable characteristic in order to best establish the facts and way forward for future research efforts

A Server Consolidation Solution

Advances in server architecture has enabled corporations the ability to strategically redesign their data centers in order to realign the system infrastructure to business needs. The architectural design of physically and logically consolidating servers into fewer and smaller hardware platforms can reduce data center overhead costs, while adding quality of service. In order for the organization to take advantage of the architectural opportunity a server consolidation project was proposed that utilized blade technology coupled with the virtualization of servers. Physical consolidation reduced the data center facility requirements, while server virtualization reduced the number of required hardware platforms. With the constant threat of outsourcing, coupled with the explosive growth of the organization, the IT managers were challenged to provide increased system services and functionality to a larger user community, while maintaining the same head count. A means of reducing overhead costs associated with the in-house data center was to reduce the required facility and hardware resources. The reduction in the data center footprint required less real estate, electricity, fire suppression infrastructure, and HVAC utilities. In addition, since the numerous stand alone servers were consolidated onto a standard platform system administration became more agile to business opportunities.

Robotic Process Automation from the Design-Capital Perspective – Effects on Technical Debt and Digital Options

Robotic process automation (RPA) is an instantiation of lightweight automation that allows organizations to automate manual business processes quickly and at low cost without modifying the organization’s underlying deep information-systems structures. While RPA endows organizations with digital options (e.g., automation ability, cost savings), its implementation is bound to incur technical debt (i.e., accumulate unwarranted complexity in the IT architecture). The paper reports on an action research study shedding light on how RPA ties in with these two notions of a firm’s design capital: digital options and technical debt. Findings indicate that RPA can create digital options through improvements in knowledge reach, knowledge richness, and process richness. These benefits come at the cost of accumulating technical debt which stems from additional technical complexity and maintenance obligations

Software Acquisition Patterns of Failure and How to Recognize Them

Tenth Annual Acquisition Research Symposium Acquisition ManagementNaval Postgraduate School Acquisition Research ProgramPrepared for the Naval Postgraduate School, Monterey, CANaval Postgraduate School Acquisition Research ProgramApproved for public release; distribution is unlimited

ICSEA 2022: the seventeenth international conference on software engineering advances

The Seventeenth International Conference on Software Engineering Advances (ICSEA 2022), held between October 16th and October 20th, 2022, continued a series of events covering a broad spectrum of software-related topics. The conference covered fundamentals on designing, implementing, testing, validating and maintaining various kinds of software. Several tracks were proposed to treat the topics from theory to practice, in terms of methodologies, design, implementation, testing, use cases, tools, and lessons learned. The conference topics covered classical and advanced methodologies, open source, agile software, as well as software deployment and software economics and education. Other advanced aspects are related to on-time practical aspects, such as run-time vulnerability checking, rejuvenation process, updates partial or temporary feature deprecation, software deployment and configuration, and on-line software updates. These aspects trigger implications related to patenting, licensing, engineering education, new ways for software adoption and improvement, and ultimately, to software knowledge management. There are many advanced applications requiring robust, safe, and secure software: disaster recovery applications, vehicular systems, biomedical-related software, biometrics related software, mission critical software, E-health related software, crisis-situation software. These applications require appropriate software engineering techniques, metrics and formalisms, such as, software reuse, appropriate software quality metrics, composition and integration, consistency checking, model checking, provers and reasoning. The nature of research in software varies slightly with the specific discipline researchers work in, yet there is much common ground and room for a sharing of best practice, frameworks, tools, languages and methodologies. Despite the number of experts we have available, little work is done at the meta level, that is examining how we go about our research, and how this process can be improved. There are questions related to the choice of programming language, IDEs and documentation styles and standard. Reuse can be of great benefit to research projects yet reuse of prior research projects introduces special problems that need to be mitigated. The research environment is a mix of creativity and systematic approach which leads to a creative tension that needs to be managed or at least monitored. Much of the coding in any university is undertaken by research students or young researchers. Issues of skills training, development and quality control can have significant effects on an entire department. In an industrial research setting, the environment is not quite that of industry as a whole, nor does it follow the pattern set by the university. The unique approaches and issues of industrial research may hold lessons for researchers in other domains. We take here the opportunity to warmly thank all the members of the ICSEA 2022 technical program committee, as well as all the reviewers. The creation of such a high-quality conference program would not have been possible without their involvement. We also kindly thank all the authors who dedicated much of their time and effort to contribute to ICSEA 2022. We truly believe that, thanks to all these efforts, the final conference program consisted of top-quality contributions. We also thank the members of the ICSEA 2022 organizing committee for their help in handling the logistics of this event. We hope that ICSEA 2022 was a successful international forum for the exchange of ideas and results between academia and industry and for the promotion of progress in software engineering advances

The Joint Program Dilemma: Analyzing the Pervasive Role That Social Dilemmas Play in Undermining Acquisition Success

Tenth Annual Acquisition Research Symposium Acquisition ManagementExcerpt from the Proceedings of the Tenth Annual Acquisition Research Symposium Acquisition ManagementNaval Postgraduate School Acquisition Research ProgramPrepared for the Naval Postgraduate School, Monterey, CANaval Postgraduate School Acquisition Research ProgramApproved for public release; distribution is unlimited

Data-Driven Decision Making as a Tool to Improve Software Development Productivity

The worldwide software project failure rate, based on a survey of information technology software manager\u27s view of user satisfaction, product quality, and staff productivity, is estimated to be between 24% and 36% and software project success has not kept pace with the advances in hardware. The problem addressed by this study was the limited information about software managers\u27 experiences with data-driven decision making (DDD) in agile software organizations as a tool to improve software development productivity. The purpose of this phenomenological study was to explore how agile software managers view DDD as a tool to improve software development productivity and to understand how agile software development organizations may use DDD now and in the future to improve software development productivity. Research questions asked about software managers\u27, project managers\u27, and agile coaches\u27 lived experiences with DDD via a set of interview questions. The conceptual framework for the research was based on the 3 critical dimensions of software organization productivity improvement: people, process, and tools, which were defined by the Software Engineering Institute\u27s Capability Maturity Model Integrated published in 2010. Organizations focus on processes to align the people, procedures and methods, and tools and equipment to improve productivity. Positive social change could result from a better understanding of DDD in an agile software development environment; this increased understanding of DDD could enable organizations to create more products, offer more jobs, and better compete in a global economy

Democracy in a Virtual World: EVE Online\u27s Council of Stellar Management and the Power of Influence

Interest in virtual worlds has grown within academia and popular culture. Virtual worlds are persistent, technologically-mediated, social spaces. Academic literature focuses on issues such as identity, sociality, economics, and governance. However studies of governance focus on internal or external modes of control; less attention has been paid to institutions of governance that operate within both the virtual and real worlds. In EVE Online, the Council of Stellar Management (CSM) represents a joint venture between developers and users to shape the direction of EVE\u27s virtual society. As a group of elected representatives, the CSM represents societal interests to the game\u27s developer, Crowd Control Productions (CCP). The CSM structures the relationship between CCP and the player base, and shapes how these institutions manage the development process. At the same time, cultural and political conventions of EVE\u27s players at times work against these structures as CCP and the CSM seek to attend to their own interests. In this thesis, I examine the intersection of culture, power, and governance, and illustrate the consequences these negotiations of power have for the inhabitants of EVE Online. The historical circumstances that led to the CSM\u27s creation shape its reception among the community. As a model of governance, the CSM was designed as a deliberative democracy to generate community consensus. This feedback is channeled to developers through elected representatives. However, these channels of information hindered discussions necessary for true democracy. I examine how power is generated, leveraged, and mediated by the two cultures in which the CSM is embedded: EVE and Icelandic cultures. I also illustrate the authority and legitimacy of the CSM from the standpoint of its constituents. The CSM is understood within the same cultural frameworks as in-game power structures. Primary research was carried out during a one-year period in 2012. During this time, I joined SKULL SQUADRON, a large corporation with a neutral diplomatic mission. Snowball sampling was used to find informants. Three main methods were used to interview participants: face-to-face interviews, text-based interviews through EVE\u27s communication channels, and voice interviews conducted over Skype, an internet-based communications program