60,521 research outputs found

    Developing quality heathcare software using quality function deployment: A case study based on Sultan Qaboos University Hospital

    Get PDF
    Development of software is one of the most expensive projects undertaken in practice. Traditionally, the rate of failure in software development projects is higher compared to other kinds of projects. This is partly due to the failure in determining software users’ requirements. By using Quality Function Deployment (QFD), this research focuses on identification and prioritization of users’ requirements in the context of developing quality health-care software system for Sultan Qaboos University Hospital (SQUH) in Oman. A total of 95 staff working at eight departments of SQUH were contacted and they were requested to provide their requirements in using hospital information systems. Analytic Hierarchy Process has been integrated with QFD for prioritizing those user requirements. Then, in consultation with a number of software engineers, a list consisting of 30 technical requirements was generated. These requirements are divided into seven categories and all of them are purported to satisfy the user needs. At the end of QFD exercise, continuous mirror backup from backup category, multi-level access from the security and confidentiality category, linkage to databases from application category emerge as technical requirements having higher weights. These technical requirements should receive considerable attention when designing the health-care software system for SQUH.Software quality; Quality function deployment; Healthcare software; Analytic Hierarchy Process

    Comparing AHP and ELECTRE I for prioritizing software requirements

    Get PDF
    Requirement prioritization is a process that allows selection of the “key” candidate requirements, the ones that are the most important for the construction of quality and cost-controlled software. Requirement prioritization brings certain issues and challenges related with the different stakeholders involved in the project, as well as with the prioritization techniques used, which differ in procedures, criteria and metrics. This manuscript compares two multi-criteria decision methods (MCDM), AHP and ELECTRE I, seeking to justify which one is the most feasible in the requirement prioritization process of a real-world case study. To accomplish this aim, several criteria were used to compare the applicability and performance of both MCDMs. In order to reflect reality as close as possible, several stakeholders, including software professionals directly related to the case study, were involved. The results confirm the intuition that ELECTRE I is more easily applicable than AHP. ELECTRE I is subject to fewer mistakes in comparisons of the requirements than the AHP method, as these are carried out differently. In fact, due to its inherent complexity, AHP becomes even impractical in software projects with a large number of requirements

    SecREP : A Framework for Automating the Extraction and Prioritization of Security Requirements Using Machine Learning and NLP Techniques

    Get PDF
    Gathering and extracting security requirements adequately requires extensive effort, experience, and time, as large amounts of data need to be analyzed. While many manual and academic approaches have been developed to tackle the discipline of Security Requirements Engineering (SRE), a need still exists for automating the SRE process. This need stems mainly from the difficult, error-prone, and time-consuming nature of traditional and manual frameworks. Machine learning techniques have been widely used to facilitate and automate the extraction of useful information from software requirements documents and artifacts. Such approaches can be utilized to yield beneficial results in automating the process of extracting and eliciting security requirements. However, the extraction of security requirements alone leaves software engineers with yet another tedious task of prioritizing the most critical security requirements. The competitive and fast-paced nature of software development, in addition to resource constraints make the process of security requirements prioritization crucial for software engineers to make educated decisions in risk-analysis and trade-off analysis. To that end, this thesis presents an automated framework/pipeline for extracting and prioritizing security requirements. The proposed framework, called the Security Requirements Extraction and Prioritization Framework (SecREP) consists of two parts: SecREP Part 1: Proposes a machine learning approach for identifying/extracting security requirements from natural language software requirements artifacts (e.g., the Software Requirement Specification document, known as the SRS documents) SecREP Part 2: Proposes a scheme for prioritizing the security requirements identified in the previous step. For the first part of the SecREP framework, three machine learning models (SVM, Naive Bayes, and Random Forest) were trained using an enhanced dataset the “SecREP Dataset” that was created as a result of this work. Each model was validated using resampling (80% of for training and 20% for validation) and 5-folds cross validation techniques. For the second part of the SecREP framework, a prioritization scheme was established with the aid of NLP techniques. The proposed prioritization scheme analyzes each security requirement using Part-of-speech (POS) and Named Entity Recognition methods to extract assets, security attributes, and threats from the security requirement. Additionally, using a text similarity method, each security requirement is compared to a super-sentence that was defined based on the STRIDE threat model. This prioritization scheme was applied to the extracted list of security requirements obtained from the case study in part one, and the priority score for each requirement was calculated and showcase

    Requirements Prioritization Techniques for Global Software Engineering

    Get PDF
    Increase in globalization of the industry of software requires an exploration of requirements engineering (RE) in software development institutes at multiple locations. Requirements engineering task is very complicated when it is performed at single site, but it becomes too much complex when stakeholder groups define well-designed requirements under language, time zone and cultural limits. Requirements prioritization (RP) is considered as an imperative part of software requirements engineering in which requirements are ranked to develop best-quality software. In this research, a comparative study of the requirements prioritization techniques was done to overcome the challenges initiated by the corporal distribution of stakeholders within the organization at multiple locations. The objective of this study was to make a comparison between five techniques for prioritizing software requirements and to discuss the results for global software engineering. The selected techniques were Analytic Hierarchy Process (AHP), Cumulative Voting (CV), Value Oriented Prioritization (VOP), Binary Search Tree (BST), and Numerical Assignment Technique (NAT). At the end of the research a framework for Global Software Engineering (GSE) was proposed to prioritize the requirements for stakeholders at distributed locations

    A POS Tagging Approach to Capture Security Requirements within an Agile Software Development Process

    Get PDF
    Software use is an inescapable reality. Computer systems are embedded into devices from the mundane to the complex and significantly impact daily life. Increased use expands the opportunity for malicious use which threatens security and privacy. Factors such as high profile data breaches, rising cost due to security incidents, competitive advantage and pending legislation are driving software developers to integrate security into software development rather than adding security after a product has been developed. Security requirements must be elicited, modeled, analyzed, documented and validated beginning at the initial phases of the software engineering process rather than being added at later stages. However, approaches to developing security requirements have been lacking which presents barriers to security requirements integration during the requirements phase of software development. In particular, software development organizations working within short development lifecycles (often characterized as agile lifecycle) and minimal resources need a light and practical approach to security requirements engineering that can be easily integrated into existing agile processes. In this thesis, we present an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small, agile organizations. The approach is based on identifying candidate security goals, categorizing security goals based on security principles, understanding the stakeholder goals to develop preliminary security requirements and prioritizing preliminary security requirements. The identification activity consists of part of speech (POS) tagging of requirements related artifacts for security terminology to discover candidate security goals. The categorization activity applies a general security principle to candidate goals. Elicitation activities are undertaken to gain a deeper understanding of the security goals from stakeholders. Elicited goals are prioritized using risk management techniques and security requirements are developed from validated goals. Security goals may fail the validation activity, requiring further iterations of analysis, elicitation, and prioritization activities until stakeholders are satisfied with or have eliminated the security requirement. Finally, candidate security requirements are output which can be further modeled, defined and validated using other approaches. A security requirements repository is integrated into our proposed approach for future security requirements refinement and reuse. We validate the framework through an industrial case study with a small, agile software development organization

    Using card sorting technique to classify requirements change

    Full text link
    Requirements Volatility is considered to be a major source of risk to the management of large and complex software projects. The ability to characterise the nature and origins of requirements change during software development is important and can lead organisations towards more effective management of changing requirements. This paper focuses on a study to establish how practitioners classify requirements change requests. We used the Card Sorting method to identify categories of change requests that software developers use in practice. Card sorting is a knowledge elicitation method that is commonly used for capturing information about different ways of representing domain knowledge. This study has allowed us to get valuable insights into the way practitioners classify change requests and to understand their perspectives on classification. This classification is a valuable source of information in prioritizing change requests and assessing their impact. Our findings from the card sorting exercise further reveal that the criteria used for categorization are related to the role the practitioner plays in the software development team and the nature and extent of their responsibilities. © 2004 IEEE

    Toward collisions produced in requirements rankings: A qualitative approach and experimental study

    Full text link
    Requirements prioritization is an important issue that determines the way requirements are selected and processed in software projects. There already exist specific methods to classify and prioritize requirements, most of them based on quantitative measures. However, most of existing approaches do not consider collisions, which are an important concern in large-scale requirements sets and, more specifically, in agile development processes where requirements have to be uniquely selected for each software increment. In this paper, we propose QMPSR (Qualitative Method for Prioritizing Software Requirements), an approach that features the prioritization of requirements by considering qualitative elements that are related to the project's priorities. Our approach highlights a prioritization method that has proven to reduce collisions in software requirements rankings. Furthermore, QMPSR improves accuracy in classification when facing large-scale requirements sets, featuring no scalability problems as the number of requirements increases. We formally introduce QMPSR and then define prioritization effort and collision metrics to carry out comprehensive experiments involving different sets of requirements, comparing our approach with well-known existing prioritization methods. The experiments have provided satisfactory results, overcoming existing approaches and ensuring scalabilityThis work was partially supported by the Spanish Government [grant number RTI2018-095255-B-I00 ] and the Madrid Research Council [grant number P2018/TCS-4314

    Towards a Systematic Literature Review of Non-Functional Requirement Prioritization Approaches

    Get PDF
    The success of any software system depends on implementation of functional requirements followed by non-functional ones. There are various studies about prioritizing functional requirements and improving the prioritization techniques, but the work related to non-functional requirements prioritization is limited and there are no guidelines about which technique to be executed under particular circumstances. This paper does an empirical systematic review of the literature to identify and critically review the disseminated work based on empirical studies of software industries or presenting the non-functional requirement (NFR) prioritization approaches. The literature review yielded various insights; prominent amongst them includes, ad-hoc manner of NFR prioritization, neglection of NFRs, and the need for validation of existing NFR prioritization approaches on live data set with large number of NFRs which are always changing
    • 

    corecore