ESPAC model: Extended software process assessment and certification model for agile and secure software processes

In today’s business environment, agile and secure software processes are essential since they bring high quality and secured software to market faster and more cost-effectively.Unfortunately, some software practitioners are not following the proper practices of both processes when developing software.There exist various studies which assess the quality of software process; nevertheless, their focus is on the conventional software process. Furthermore, they do not consider weight values in the assessment although each evaluation criterion might have different importance on the project.Consequently, software certification is needed to give conformance on the quality of agile and secure software processes.Therefore, the objective of this paper is to propose ESPAC (Extended Software Process Assessment and Certification) Model which addresses both software processes and considers the weight values during the assessment.The model has been constructed by using deductive approach, whereby the theoretical and exploratory studies were conducted in order to determine the components of the proposed model. The ESPAC Model consists of six components, which are the target, evaluation criteria, reference standard, data gathering technique, assessment phases and synthesis technique.The proposed model has been validated by seven software practitioners from the practical perspectives through focus group discussion. The validation result shows that the ESPAC Model gained their satisfaction and able to be practically executed in the real environment

An exploratory study on secure software practices among software practitioners in Malaysia

Rapid growths of computers, mobile phones and Internet technology have created ways for irresponsible people to undertake computer crimes. Millions of users across the globe have fallen as victims to computer crimes, including Malaysia.It is due to current software environment which is more complex, distributed, keeps confidential data and easily exposed to malicious attacks. Consequently, secure software process is increasingly gaining much importance among software practitioners and researchers.However, even though its importance has been revealed, only few studies were conducted regarding its current practice in the software industry, especially in Malaysia.Thus, an exploratory study is conducted among software practitioners in Malaysia to study their experiences and practices on the secure software process in the real-world projects.This paper discusses the findings from the study, which involved 93 software practitioners. Structured questionnaire is utilized for data collection purpose whilst statistical methods such as frequency, mean, and cross tabulation are used for data analysis.Outcomes from this study reveal that software practitioners are becoming increasingly aware on the importance of secure software process, however, they lack of appropriate implementation of the practices

RRS Discovery Cruise DY086, 12 November – 19 December 2017. Controls over Ocean Mesopelagic Carbon Storage (COMICS)

This cruise was the first of two cruises focussed on the functioning of the mesopelagic zone, the region between approximately 100 and 500 m depth. Both cruises are funded by the NERC large grant “Controls over Ocean Mesopelagic Carbon Storage” (COMICS). The general objective of this cruise was to test the hypothesis that variability in surface community structure drives variability in the flux of material through the mesopelagic. A particular focus was to evaluate the role of large diatom blooms which are hypothesised to have very shallow mineralisation length scales. The highly seasonal nature and rapid changes in the community structure of such events requires multiple observations across the bloom progression. This first cruise, COMICS1, sampled the highly productive region downstream of South Georgia in the vicinity of British Antarctic Survey station P3 (52.40 S, 40.06 W). Our sampling strategy was to fully characterize the ecosystems in the epipelagic and upper mesopelagic zone during repeated visits of the same site. We had originally planned to sample a second station further South (P2) but abandoned this plan owing to the inability to find a suitable deployment region for the PELAGRA sediment traps and the presence of several large icebergs. Instead, we focussed our efforts on station P3, which was considered biologically more interesting. At P3, we arrived in the middle of a diatom bloom allowing us to follow in detail the decline of the phytoplankton bloom over the coming weeks. Each visit took ~7 days and we conducted 3 full cycles (P3A, P3B and P3C) during 15 Nov – 22 Nov, 29 Nov – 5 Dec, and 9 Dec – 15 Dec. In total, 345 events were completed in 32 days of scienc