Common-cause analysis in human-software interaction: system design, error control mechanism, and prevention

This study involves an experiment in the human aspects of systems design in the area of software development. Its overall objectives are to develop a cognitive paradigm including a new model of common cause human-domain error and a common cause error function to define internal common cause human-domain errors and also to determine how to control and prevent common cause errors according to human-software information processing, knowledge-based engineering, and intelligent design in human-software interaction;A laboratory study was performed to analyze the common causes of human error in software development and to identify software design factors contributing to the common cause effects in common cause failure redundancy. Three pilot projects with 46 subjects representing three skill levels were used to establish the design for a cognitive experiment. Following this study, a main experiment using ten programming experts was conducted in order to define a new cognitive paradigm, in the aspects of identification, pattern recognition, and behavior domain for internal human domain common-cause errors, using FORTRAN and C. Software development for optimizing the sequence of machine replacement and for optimal inventory management were used as application problem examples;The results and analytical procedures developed in this research can be applied to reliability improvement and cost reduction in software development for many applications. Results are also expected to provide guidelines for user-friendly software development and for more effective design of common software packages

Teams in agile software development: Design principles and examination of human factors

In response to new customer requirements, market dynamics, mergers, and technological innovation, modern software development organizations are adopting agile software development (ASD). Yet, the simple adoption of agile methods such as Scrum or eXtreme programming does not automatically result in a very agile team. While we understand the introduction and adoption of ASD from a methodical perspective, we have yet to explore design principles that guide methodical extensions of ASD, and we need to learn more about the human factors that influence software development teams. This thesis presents four studies. Studies 1 and 2 investigate the methodical extension of ASD by identifying design principles from secondary data. Study 1 extends ASD with processes and practices from user-centered design. Study 2 investigates early activities that precede development activities. The thesis also investigates human factors of agile software development in studies 3 and 4. Study 3 compares teams along their extents of agility in order to identify influential factors using a multicase study design. Study 4 tests the effects of emotional contagion in virtual software development teams using a large dataset from an open source software repository. Thus, this thesis makes two primary contributions. First, it develops design principles for methodical extensions of ASD; second, it contributes to the human factors that influence software development teams. Managers also receive guidance on the improvement of ASD in their organization

Human Factors in Secure Software Development

While security research has made significant progress in the development of theoretically secure methods, software and algorithms, software still comes with many possible exploits, many of those using the human factor. The human factor is often called ``the weakest link'' in software security. To solve this, human factors research in security and privacy focus on the users of technology and consider their security needs. The research then asks how technology can serve users while minimizing risks and empowering them to retain control over their own data. However, these concepts have to be implemented by developers whose security errors may proliferate to all of their software's users. For example, software that stores data in an insecure way, does not secure network traffic correctly, or otherwise fails to adhere to secure programming best practices puts all of the software's users at risk. It is therefore critical that software developers implement security correctly. However, in addition to security rarely being a primary concern while producing software, developers may also not have extensive awareness, knowledge, training or experience in secure development. A lack of focus on usability in libraries, documentation, and tools that they have to use for security-critical components may exacerbate the problem by blowing up the investment of time and effort needed to "get security right". This dissertation's focus is how to support developers throughout the process of implementing software securely. This research aims to understand developers' use of resources, their mindsets as they develop, and how their background impacts code security outcomes. Qualitative, quantitative and mixed methods were employed online and in the laboratory, and large scale datasets were analyzed to conduct this research. This research found that the information sources developers use can contribute to code (in)security: copying and pasting code from online forums leads to achieving functional code quickly compared to using official documentation resources, but may introduce vulnerable code. We also compared the usability of cryptographic APIs, finding that poor usability, unsafe (possibly obsolete) defaults and unhelpful documentation also lead to insecure code. On the flip side, well-thought out documentation and abstraction levels can help improve an API's usability and may contribute to secure API usage. We found that developer experience can contribute to better security outcomes, and that studying students in lieu of professional developers can produce meaningful insights into developers' experiences with secure programming. We found that there is a multitude of online secure development advice, but that these advice sources are incomplete and may be insufficient for developers to retrieve help, which may cause them to choose un-vetted and potentially insecure resources. This dissertation supports that (a) secure development is subject to human factor challenges and (b) security can be improved by addressing these challenges and supporting developers. The work presented in this dissertation has been seminal in establishing human factors in secure development research within the security and privacy community and has advanced the dialogue about the rigorous use of empirical methods in security and privacy research. In these research projects, we repeatedly found that usability issues of security and privacy mechanisms, development practices, and operation routines are what leads to the majority of security and privacy failures that affect millions of end users

Determination Of Factors That Affect The Process Effectiveness In The Development Of Information Systems

The quality of software is a complex mix of factors (Pressmann, 93).That is why it is extremely difficult to establish a unique, generalized definition for the quality of information systems. Human and social aspects in organizations have been considered up to the present the competency of management, administration and other related areas. Programming and internal design activities are related to product efficiency: requirements analysis and external design activities are related to the effectiveness of the product, project management activities relate to the efficiency of the process and general management activities relate to process effectiveness. Faced with the scarcity of information regarding process effectiveness, the need arises to take information from topics from the field of management. Specifically, part of the topics for organizational behavior and development includes a series of components that determine human and social behavior in organizations; individual behavior, group behavior, leadership, the organizational structure and culture and problems relating to processes of change therein. An association is established for each of these components in the particular context of development of information systems

A framework for understanding the factors influencing pair programming success

Pair programming is one of the more controversial aspects of several Agile system development methods, in particular eXtreme Programming (XP). Various studies have assessed factors that either drive the success or suggest advantages (and disadvantages) of pair programming. In this exploratory study the literature on pair programming is examined and factors distilled. These factors are then compared and contrasted with those discovered in our recent Delphi study of pair programming. Gallis et al. (2003) have proposed an initial framework aimed at providing a comprehensive identification of the major factors impacting team programming situations including pair programming. However, this study demonstrates that the framework should be extended to include an additional category of factors that relate to organizational matters. These factors will be further refined, and used to develop and empirically evaluate a conceptual model of pair programming (success)

Links between the personalities, styles and performance in computer programming

There are repetitive patterns in strategies of manipulating source code. For example, modifying source code before acquiring knowledge of how a code works is a depth-first style and reading and understanding before modifying source code is a breadth-first style. To the extent we know there is no study on the influence of personality on them. The objective of this study is to understand the influence of personality on programming styles. We did a correlational study with 65 programmers at the University of Stuttgart. Academic achievement, programming experience, attitude towards programming and five personality factors were measured via self-assessed survey. The programming styles were asked in the survey or mined from the software repositories. Performance in programming was composed of bug-proneness of programmers which was mined from software repositories, the grades they got in a software project course and their estimate of their own programming ability. We did statistical analysis and found that Openness to Experience has a positive association with breadth-first style and Conscientiousness has a positive association with depth-first style. We also found that in addition to having more programming experience and better academic achievement, the styles of working depth-first and saving coarse-grained revisions improve performance in programming.Comment: 27 pages, 6 figure