Management of quality requirements in agile and rapid software development: A systematic mapping study

Context: Quality requirements (QRs) describe the desired quality of software, and they play an important role in the success of software projects. In agile software development (ASD), QRs are often ill-defined and not well addressed due to the focus on quickly delivering functionality. Rapid software development (RSD) approaches (e.g., continuous delivery and continuous deployment), which shorten delivery times, are more prone to neglect QRs. Despite the significance of QRs in both ASD and RSD, there is limited synthesized knowledge on their management in those approaches. Objective: This study aims to synthesize state-of-the-art knowledge about QR management in ASD and RSD, focusing on three aspects: bibliometric, strategies, and challenges. Research method: Using a systematic mapping study with a snowballing search strategy, we identified and structured the literature on QR management in ASD and RSD. Results: We found 156 primary studies: 106 are empirical studies, 16 are experience reports, and 34 are theoretical studies. Security and performance were the most commonly reported QR types. We identified various QR management strategies: 74 practices, 43 methods, 13 models, 12 frameworks, 11 advices, 10 tools, and 7 guidelines. Additionally, we identified 18 categories and 4 non-recurring challenges of managing QRs. The limited ability of ASD to handle QRs, time constraints due to short iteration cycles, limitations regarding the testing of QRs and neglect of QRs were the top categories of challenges. Conclusion: Management of QRs is significant in ASD and is becoming important in RSD. This study identified research gaps, such as the need for more tools and guidelines, lightweight QR management strategies that fit short iteration cycles, investigations of the link between QRs challenges and technical debt, and extension of empirical validation of existing strategies to a wider context. It also synthesizes QR management strategies and challenges, which may be useful for practitioners.Peer ReviewedPostprint (author's final draft

Requirements Engineering

Requirements Engineering (RE) aims to ensure that systems meet the needs of their stakeholders including users, sponsors, and customers. Often consid- ered as one of the earliest activities in software engineering, it has developed into a set of activities that touch almost every step of the software development process. In this chapter, we reflect on how the need for RE was first recognised and how its foundational concepts were developed. We present the seminal papers on four main activities of the RE process, namely (i) elicitation, (ii) modelling & analysis, (iii) as- surance, and (iv) management & evolution. We also discuss some current research challenges in the area, including security requirements engineering as well as RE for mobile and ubiquitous computing. Finally, we identify some open challenges and research gaps that require further exploration

0028/2009 - Problemas na Elicitação de Requisitos: Uma visão de pesquisa/literatura

A primeira fase na engenharia de requisitos é a elicitação de requisitos, na qual as informações sobre as necessidades do cliente são adquiridas, sendo crucial e crítica e podendo comprometer todas as etapas subseqüentes do desenvolvimento. O presente relatório apresenta um levantamento dos problemas que ocorrem durante a elicitação de requisitos citados na literatura da área

Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications

Interactive assessment of simulated service qualities by business stakeholders: principles and research issues

We present the principles of an approach supporting the stakeholder involvement in a software process for service-oriented systems in a form of assessing the perceived quality of the software under development in its usage context. This method relies on interactive simulation of service performance and reliability; simulation models are parameterized by the factors influencing service execution; business stakeholders experience simulated service qualities in simulated usage contexts and assess this experience; the obtained assessments can be later used throughout the system lifecycle as a means of control for the quality of the software under development.Наведено принципи підходу, що підтримує участь зацікавлених осіб у процесі розробки сервіс-орієнтованих програмних систем у вигляді оцінювання сприйманої якості розроблюваної системи в контексті її використання. Цей підхід спирається на інтерактивне імітаційне моделювання продуктивності та надійності сервісів; параметрами імітаційних моделей є фактори, що впливають на виконання сервісів; зацікавлені особи висловлюють своє відношення до значень продуктивності та надійності, отриманих при взаємодії з імітаційними моделями якості сервісів у рамках виконання імітаційних моделей їх контекстів використання, надані оцінки можуть бути використані на різних етапах життєвого циклу програмного забезпечення як засоби контролю його якості

A PRISMA-driven systematic mapping study on system assurance weakeners

Context: An assurance case is a structured hierarchy of claims aiming at demonstrating that a given mission-critical system supports specific requirements (e.g., safety, security, privacy). The presence of assurance weakeners (i.e., assurance deficits, logical fallacies) in assurance cases reflects insufficient evidence, knowledge, or gaps in reasoning. These weakeners can undermine confidence in assurance arguments, potentially hindering the verification of mission-critical system capabilities. Objectives: As a stepping stone for future research on assurance weakeners, we aim to initiate the first comprehensive systematic mapping study on this subject. Methods: We followed the well-established PRISMA 2020 and SEGRESS guidelines to conduct our systematic mapping study. We searched for primary studies in five digital libraries and focused on the 2012-2023 publication year range. Our selection criteria focused on studies addressing assurance weakeners at the modeling level, resulting in the inclusion of 39 primary studies in our systematic review. Results: Our systematic mapping study reports a taxonomy (map) that provides a uniform categorization of assurance weakeners and approaches proposed to manage them at the modeling level. Conclusion: Our study findings suggest that the SACM (Structured Assurance Case Metamodel) -- a standard specified by the OMG (Object Management Group) -- may be the best specification to capture structured arguments and reason about their potential assurance weakeners

Decision support for choice of security solution: the Aspect-Oriented Risk Driven Development (AORDD)framework

In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions.\ud \ud This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework

Integrating Human Factors with Structured Analysis and Design Methods

Current human factors input to system development is effected through methods, tools and guidelines. Although the input prompts the consideration of human factors concerns during system design, reports have highlighted inadequacies with respect to the scope, granularity, format and timing of the contributions, e.g. Smith, 1986; Chapanis and Burdurka, 1990; Sutcliffe, 1989; etc. The thesis argues that such problems are obviated if design needs of both Software Engineering and Human Factors are appropriately represented within an overall system design cycle. Intersecting concerns may then be identified for explicit accommodation by the design agenda. To derive an overall design cycle, current conceptions for the individual disciplines should be examined. Since these conceptions are expressed at a lower level as methods, an overall design cycle may be instantiated more specifically by integrating compatible methods from the two disciplines. Methodological integration is desirable as design inter-dependencies and roles may be defined explicitly. More effective inter-disciplinary communication may also accrue from the use of a common set of notations. Methodological integration is facilitated if the design scope, process and notation of individual methods are well defined. Such characteristics are found in a class of Software Engineering methods commonly referred to as structured analysis and design methods. Unfortunately, the same are not currently to be found for human factors since its methods are generally unstructured and focus only on later design stages. 1 Thus, a pre-requisite for integration is the derivation of a reasonably complete and structured human factors method. Since well developed Software Engineering methods already exist, it would be appropriate (for the purposes of methodological integration) to structure human factors methods around specific structured analysis and design methods. The undertaking is exemplified by the present research for the Jackson System Development method. In other words, the scope of the thesis comprises the derivation, test and integration of a structured human factors method with the Jackson System Development method. In conclusion, the research contributes to the Human Factors discipline in two respects. Firstly, it informs the research community on how similar work with other structured analysis and design methods may be set up. Secondly, it offers designers an extended Jackson System Development method that facilitates the incorporation of human factors during system development

Ontology based contextualization and context constraints management in web service processes

The flexibility and dynamism of service-based applications impose shifting the validation process to runtime; therefore, runtime monitoring of dynamic features attached to service-based systems is becoming an important direction of research that motivated the definition of our work. We propose an ontology based contextualization and a framework and techniques for managing context constraints in a Web service process for dynamic requirements validation monitoring at process runtime. Firstly, we propose an approach to define and model dynamic service context attached to composition and execution of services in a service process at run-time. Secondly, managing context constraints are defined in a framework, which has three main processes for context manipulation and reasoning, context constraints generation, and dynamic instrumentation and validation monitoring of context constraints. The dynamic requirements attached to service composition and execution are generated as context constraints. The dynamic service context modeling is investigated based on empirical analysis of application scenarios in the classical business domain and analysing previous models in the literature. The orientation of context aspects in a general context taxonomy is considered important. The Ontology Web Language (OWL) has many merits on formalising dynamic service context such as shared conceptualization, logical language support for composition and reasoning, XML based interoperability, etc. XML-based constraint representation is compatible with Web service technologies. The analysis of complementary case study scenarios and expert opinions through a survey illustrate the validity and completeness of our context model. The proposed techniques for context manipulation, context constraints generation, instrumentation and validation monitoring are investigated through a set of experiments from an empirical evaluation. The analytical evaluation is also used to evaluate algorithms. Our contributions and evaluation results provide a further step towards developing a highly automated dynamic requirements management system for service processes at process run-time

A Safety-Case Approach to the Ethics of Autonomous Vehicles

© 2019 Taylor & Francis. This is an Accepted Manuscript of an article published by Taylor & Francis at https://doi.org/10.1080/09617353.2019.1697918Autonomous Vehicles (AVs) have significant ethical and safety implications. Questions of informed consent and risk acceptance are of primary importance, as is an explicit identification of the ethical principles underlying these decisions. In this paper we present a process framework for producing an ethics assurance case, which can be used to translate ethical imperatives into design decisions and safety management practices. The process and resultant assurance case integrate ethical considerations into the wider engineering lifecycle, providing a tool to demonstrate that design and safety management decisions reflect an identified ethical position.Peer reviewe