lmproving the Situation of Analytical Quality Assurance in Agile Product Developments

With growing prevalence, agile methodology also pervades domains which adhered to conventional models for decades. At the same time, the demand for safety critical applications and thus rigorous quality assurance increases. This raises the question whether agile methodology is able to support the required level of quality assurance. This master’s thesis aims at analyzing the situation of analytical quality assurance in agile environments in order to identify shortcomings and provide potential solutions. The author derives an initial hypothesis based on his own professional experience, stating that analytical quality assurance is not sufficiently considered by agile development models and agile transformation. This hypothesis is split into eight sub-hypotheses, each describing a particular problem or challenge. Qualitative interviews with seven experts and complementary literature researches are performed to confirm given hypotheses, identify further challenges, and collect appropriate solution proposals. Eventually, based on the elicited data, five hypotheses as well as the initial hypothesis are corroborated and five new challenges are added. Furthermore, twenty-six potential solutions for relevant hypotheses are collected and presented. The solutions comprise established approaches, such as Dynamic System Development Model or Explorative Testing but also innovative ideas, including the Three-Field Agile approach publicized by this thesis. Altogether, it is found that agile methodology largely not supports traditional analytical quality assurance in its concepts and even worse, some of the core principles are contradictive. However, numerous solutions are found and presented that address particular discrepancies and have the capability to ease the pictured situation

Contribution to Software Development Method based on Generalized Requirement Approach

Requirements’ gathering is one of the first steps in the software development process. Gathering business requirements, when the final product requirements are dictated by a known client, can be a difficult process. Even if the client knows their own business best, often their idea about a new business product is obscure, and described by general terms that contribute very much to common misunderstandings among the participants. Business requirement verification when the requirements are gathered using text and graphics can be a slow, error-prone, and expensive process. Misunderstandings and omitted requirements cause the need for revisions and increase project costs and delays. This research work proposes a new approach to the business software development process and is focused on the client’s understanding of how the business software development process works as well as a demonstration of the business requirement practices during requirement negotiation process. While the current software development process validates the business requirement at the end of the development process, this method implementation enables business requirement validation during the requirement negotiation phase. The process of the business requirement negotiation is guided by a set of predefined questions. These questions are guidelines for specifying a sufficient level of requirement details for generating executable code that is able to demonstrate each requirement. Effective implementation of the proposed method requires employment of the GRA Framework. Besides providing guidelines for requirement specification, the Framework shall create executable and provide the test environment for a requirement demonstration. This dissertation implements an example framework that is built around a central repository. Stored within the repository is the data collected during the requirement negotiations process. Access to the repository is managed by a Web interface that enables a collaborative and paperless environment. The result is that the data is stored in one place and updates are reflected to the stakeholders immediately. The executable code is generated by the Generator, a module that provides general programming units that are able to create source code files, databases, SQL statements, classes and methods, navigation menus, and demo applications, all from the data stored in the data repository. The generated software can then be used for the business requirement demonstration. This method assumes that any further development process is built around the requirements repository, which can provide continuous tracking of implementation changes. Besides readily documenting, tracking, and validating the requirements, this method addresses multiple requirement management syndromes such as the insufficient requirements description details provision, the IKIWISI (“I’ll know it when I see it”) Syndrome, the Yes, But Syndrome (“That is not exactly what I mean”), and the Undiscovered Ruins Syndrome (“Now that I see it, I have another requirement to add”).

Rapid Software Development Life Cycle in Small Projects

Small software projects are becoming more usual nowadays. Whether a small project is conducted privately or professionally, the management of the project and its phases is much easier with proper tools and frameworks. The research target of this thesis is to find out a proper life cycle model for small software projects. This thesis is conducted for Softwarehouse, a professional division of IT services in the University of Turku. The official guide for Scrum framework is adhered in software development but when it comes to formally managing various phases of a software project (planning, design, implementation, testing, reviewing etc.) there is room for improvement. Managing software projects with a proper set of tools and procedures would be beneficial as Softwarehouse works on many projects concurrently. The intended life cycle model has to be formal and heavy enough so that the benefits of agile project management can be received. However too rigid a model can be too arduous and exhausting to use, which could result in the decrease of Softwarehouse’s production volume. Therefore the model has to be light enough to maintain rapid software development and creative atmosphere within the Softwarehouse. This thesis begins by giving outline of existing software development life cycle models and followed by relevant literary exploration. After this the research case is explained in greater detail. These give the foundation and rationale to propose a suitable model. The model is experimented empirically and reviewed by partaking personnel. The results are reviewed and discussed. Finally topics for future research are suggested

Suuryrityksen syyt ja keinot tehdä systemaattista kasvuyritysyhteistyötä

The collaboration between startups and corporations could be mutually beneficial, but due to their fundamentally different characteristics, this relationship may be challenging. Research has examined different collaboration methods but has left us without a clear answer for how startup engagement evolves and is optimally organized. Managers demand a better understanding of the best practices of engagement activity. This study aims to shed light on both the process of systematic startup engagement and the organization’s journey towards it. Building on the prior literature of startup engagement, this study addresses why and with which motives a corporation ends up systematically engaging with startups, with what methods, and how it incorporates this systematic collaboration into its existing operations. Based on a literature review and theories of startup engagement, and more generally, the paradigm of open innovation, semi-structured interviews were conducted resting on the inductive qualitative research methodology. In total, ten large Finnish companies from the basic and technology-driven industry were interviewed. Analysis of the responses indicates that startup engagement is an efficient and increasingly popular method to explore avenues for future growth and renewal. Even though some differences were identified, the similarities between the two inspected organizational fields were significant. The engagement goal of ‘enhancing current and generating new business’ was visible in each company. Of the three found content priorities, the engagement results most often related to the area of ‘new technologies and services’. The five suggested dimensions of the transition from informal collaboration towards systematic engagement operations, and the concept for systematic startup engagement, represent the most significant theoretical contributions of the study. Both experienced collaborators and companies at the beginning of their startup engagement journey can benefit from the findings. Clear goals and content priorities are a necessity for prosperous systematic startup collaboration. The generated value for startups materializes during the engagement, and can best be improved through feedback from both business representatives and startups. The four found pre-requisites for systematic startup engagement that each corporation should address are internal commitment to open corporate culture, continuous internal dialogue, defined ownership for each case, and predefining the budget and other resources. The success of engagement depends on the level of systematicity, ability to prioritization when necessary, buffering startups form bureaucracy, and continually improving internal commitment – representing four critical success factors for the engagement.Yhteistyö suur- ja kasvuyritysten välillä voi olla molempia hyödyttävää, mutta johtuen näiden tahojen hyvin perustavanlaatuisista eroavaisuuksista, yhteistyösuhde voi olla hyvin haastava. Aiempi tutkimus on käsitellyt yhteistyön malleja, mutta jättänyt systemaattisen kasvuyritysyhteistyön kehittymisen ja organisoinnin vähälle huomiolle. Johtajat tarvitsevat parempaa käsitystä yhteistyön parhaista käytänteistä. Tämän tutkimuksen tarkoitus on kasvattaa ymmärrystä systemaattisen yhteistyön prosessista ja organisaation matkasta kohti sitä. Aikaisempaan kirjallisuutta täydentäen, tämä tutkimus käsittelee sitä, miksi ja millä motiivein suuryritys päätyy systemaattiseen yhteistyöhön kasvuyrityksen kanssa, millä metodein, ja miten yritys sisällyttää tämän toiminnan osaksi sen päivittäisiä operaatioita. Puolistrukturoidut kysymyshaastattelut toteutettiin noudattaen induktiivista laadullista metodologiaa. Pohjan tutkimukselle luo kasvuyritysyhteistyöhön ja laajemmin avoimen innovoinnin paradigmaan liittyvä kirjallisuuskatsaus. Tutkimukseen osallistui kymmenen suurta suomalaista yritystä perusteollisuudesta ja teknologiavetoiselta toimialalta. Tulokset osoittavat, että kasvuyritysyhteistyö on tehokas ja jatkuvasti yleistyvä tapa selvittää ja realisoida kasvu- ja uudistumisalueita. Löydetyistä eroavaisuuksista huolimatta samankaltaisuudet kahden tutkitun toimialan välillä olivat huomattavia. Yhteistyön tavoite nykyisen liiketoiminnan kehittämisestä ja uuden luomisesta oli nähtävillä jokaisessa haastatellussa yrityksessä. Kolmesta löydetystä sisällöllisestä painopistealueesta yhteistyö useimmiten liittyi uuteen teknologiaan ja palveluihin. Tutkimuksella oli kaksi pääasiallista teoreettista merkitystä: esitetty konsepti systemaattiselle kasvuyritysyhteistyölle sekä viisi löydettyä ulottuvuutta, jotka määrittelevät toiminnan systemaattisuuden. Sekä kokeneet yritykset että vasta kasvuyritysyhteistyötä aloittavat voivat hyöytä löydöksistä. Selkeät tavoitteet ja yhteistyön sisällön painopistealueet ovat edellytys onnistuneelle kasvuyritysyhteistyölle. Luotu arvo kasvuyrityksille konkretisoituu yhteistyön aikana, ja sitä voi parhaiten kehittää kysymällä palautetta liiketoiminnan edustajilta ja kasvuyrityksiltä itseltään. Neljä löydettyä systemaattisen kasvuyritysyhteistyön ennakkoedellytystä, joita jokaisen yrityksen tulisi tarkastella, ovat sisäinen sitoutuminen, jatkuva sisäinen dialogi, määritelty omistajuus yksittäisistä yhteistyöhankkeista sekä ennalta määritellyt resurssit. Yhteistyön menestyksen ratkaisee lopulta systemaattisuuden taso, kyky yhteistyön priorisointiin tarpeen vaatiessa, kasvuyritysten suojeleminen byrokratialta ja jatkuva organisaation sisäisen sitoutumisen kasvattaminen. Nämä neljä osa-aluetta edustavat yhteistyön kriittisiä menestystekijöitä

Customer Discovery and Customer Validation in Lean Software Startups

The traditional business models and the traditionally successful development methods that have been distinctive to the industrial era, do not satisfy the needs of modern IT companies. Due to the rapid nature of IT markets, the uncertainty of new innovations‟ success and the overwhelming competition with established companies, startups need to make quick decisions and eliminate wasted resources more effectively than ever before. There is a need for an empirical basis on which to build business models, as well as evaluate the presumptions regarding value and profit. Less than ten years ago, the Lean software development principles and practices became widely well-known in the academic circles. Those practices help startup entrepreneurs to validate their learning, test their assumptions and be more and more dynamical and flexible. What is special about today‟s software startups is that they are increasingly individual. There are quantitative research studies available regarding the details of Lean startups. Broad research with hundreds of companies presented in a few charts is informative, but a detailed study of fewer examples gives an insight to the way software entrepreneurs see Lean startup philosophy and how they describe it in their own words. This thesis focuses on Lean software startups‟ early phases, namely Customer Discovery (discovering a valuable solution to a real problem) and Customer Validation (being in a good market with a product which satisfies that market). The thesis first offers a sufficiently compact insight into the Lean software startup concept to a reader who is not previously familiar with the term. The Lean startup philosophy is then put into a real-life test, based on interviews with four Finnish Lean software startup entrepreneurs. The interviews reveal 1) whether the Lean startup philosophy is actually valuable for them, 2) how can the theory be practically implemented in real life and 3) does theoretical Lean startup knowledge compensate a lack of entrepreneurship experience. A reader gets familiar with the key elements and tools of Lean startups, as well as their mutual connections. The thesis explains why Lean startups waste less time and money than many other startups. The thesis, especially its research sections, aims at providing data and analysis simultaneously.Siirretty Doriast

Mitigating Insider Threat Risks in Cyber-physical Manufacturing Systems

Cyber-Physical Manufacturing System (CPMS)—a next generation manufacturing system—seamlessly integrates digital and physical domains via the internet or computer networks. It will enable drastic improvements in production flexibility, capacity, and cost-efficiency. However, enlarged connectivity and accessibility from the integration can yield unintended security concerns. The major concern arises from cyber-physical attacks, which can cause damages to the physical domain while attacks originate in the digital domain. Especially, such attacks can be performed by insiders easily but in a more critical manner: Insider Threats. Insiders can be defined as anyone who is or has been affiliated with a system. Insiders have knowledge and access authentications of the system\u27s properties, therefore, can perform more serious attacks than outsiders. Furthermore, it is hard to detect or prevent insider threats in CPMS in a timely manner, since they can easily bypass or incapacitate general defensive mechanisms of the system by exploiting their physical access, security clearance, and knowledge of the system vulnerabilities. This thesis seeks to address the above issues by developing an insider threat tolerant CPMS, enhanced by a service-oriented blockchain augmentation and conducting experiments & analysis. The aim of the research is to identify insider threat vulnerabilities and improve the security of CPMS. Blockchain\u27s unique distributed system approach is adopted to mitigate the insider threat risks in CPMS. However, the blockchain limits the system performance due to the arbitrary block generation time and block occurrence frequency. The service-oriented blockchain augmentation is providing physical and digital entities with the blockchain communication protocol through a service layer. In this way, multiple entities are integrated by the service layer, which enables the services with less arbitrary delays while retaining their strong security from the blockchain. Also, multiple independent service applications in the service layer can ensure the flexibility and productivity of the CPMS. To study the effectiveness of the blockchain augmentation against insider threats, two example models of the proposed system have been developed: Layer Image Auditing System (LIAS) and Secure Programmable Logic Controller (SPLC). Also, four case studies are designed and presented based on the two models and evaluated by an Insider Attack Scenario Assessment Framework. The framework investigates the system\u27s security vulnerabilities and practically evaluates the insider attack scenarios. The research contributes to the understanding of insider threats and blockchain implementations in CPMS by addressing key issues that have been identified in the literature. The issues are addressed by EBIS (Establish, Build, Identify, Simulation) validation process with numerical experiments and the results, which are in turn used towards mitigating insider threat risks in CPMS

GHOST - safe-guarding home IoT environments with personalised real-time risk control

We present the European research project GHOST, (Safe-guarding home IoT environments with personalised real-time risk control), which challenges the traditional cyber security solutions for the IoT by proposing a novel reference architecture that is embedded in an adequately adapted smart home network gateway, and designed to be vendor-independent. GHOST proposes to lead a paradigm shift in consumer cyber security by coupling usable security with transparency and behavioural engineering

Self-Learning Production Control using Algorithms of Artificial Intelligence

Manufacturing companies are facing an increasingly turbulent market - a market defined by products growing in complexity and shrinking product life cycles. This leads to a boost in planning complexity accompanied by higher error sensitivity. In practice, IT systems and sensors integrated into the shop floor in the context of Industry 4.0 are used to deal with these challenges. However, while existing research provides solutions in the field of pattern recognition or recommended actions, a combination of the two approaches is neglected. This leads to an overwhelming amount of data without contributing to an improvement of processes. To address this problem, this study presents a new platform-based concept to collect and analyze the high-resolution data with the use of self-learning algorithms. Herby, patterns can be identified and reproduced, allowing an exact prediction of the future system behavior. Artificial intelligence maximizes the automation of the reduction and compensation of disruptive factors

Naming the Pain in Requirements Engineering: A Design for a Global Family of Surveys and First Results from Germany

For many years, we have observed industry struggling in defining a high quality requirements engineering (RE) and researchers trying to understand industrial expectations and problems. Although we are investigating the discipline with a plethora of empirical studies, they still do not allow for empirical generalisations. To lay an empirical and externally valid foundation about the state of the practice in RE, we aim at a series of open and reproducible surveys that allow us to steer future research in a problem-driven manner. We designed a globally distributed family of surveys in joint collaborations with different researchers and completed the first run in Germany. The instrument is based on a theory in the form of a set of hypotheses inferred from our experiences and available studies. We test each hypothesis in our theory and identify further candidates to extend the theory by correlation and Grounded Theory analysis. In this article, we report on the design of the family of surveys, its underlying theory, and the full results obtained from Germany with participants from 58 companies. The results reveal, for example, a tendency to improve RE via internally defined qualitative methods rather than relying on normative approaches like CMMI. We also discovered various RE problems that are statistically significant in practice. For instance, we could corroborate communication flaws or moving targets as problems in practice. Our results are not yet fully representative but already give first insights into current practices and problems in RE, and they allow us to draw lessons learnt for future replications. Our results obtained from this first run in Germany make us confident that the survey design and instrument are well-suited to be replicated and, thereby, to create a generalisable empirical basis of RE in practice