An empirical study on the implementation and evaluation of a goal-driven software development risk management model

Context: Building a quality software product in the shortest possible time to satisfy the global market demand gives an enterprise a competitive advantage. However, uncertainties and risks exist at every stage of a software development project. These can have an extremely high influence on the success of the final software product. Early risk management practice is effective to manage such risks and contributes effectively towards the project success. Objective:Despite risk management approaches, a detailed guideline that explains where to integrate risk management activities into the project is still missing. Little effort has been directed towards the evaluation of the overall impact of a risk management method. We present a Goal-driven Software Development Risk Management Model (GSRM) and its explicit integration into the requirements engineering phase and an empirical investigation result of applying GSRM into a project. Method:We combined case study method with action research. This allows to guide the development team for managing risks and to attain goals as well as to identify ways to improve the proposed methodology. The data is from multiple sources and analysed both qualitative and quantitative way. Results: When risk factors are beyond the control of the project manager and project environment then it is difficult to control these risks. Project scope affects all dimensions of risk. GSRM is a reasonable risk management method that can be employed in an industrial context. The study results compare with other existing study results, to generalize findings and to identify contextual factors. Conclusion: A formal early stage risk management practice provides early warning related to the problems that exists in the project and contributes to the overall project success. It is not necessary to always consider budget and schedule constraints top priority. There exist issues such as requirements, change management, and user satisfaction influence these constraints

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime

Involving External Stakeholders in Project Courses

Problem: The involvement of external stakeholders in capstone projects and project courses is desirable due to its potential positive effects on the students. Capstone projects particularly profit from the inclusion of an industrial partner to make the project relevant and help students acquire professional skills. In addition, an increasing push towards education that is aligned with industry and incorporates industrial partners can be observed. However, the involvement of external stakeholders in teaching moments can create friction and could, in the worst case, lead to frustration of all involved parties. Contribution: We developed a model that allows analysing the involvement of external stakeholders in university courses both in a retrospective fashion, to gain insights from past course instances, and in a constructive fashion, to plan the involvement of external stakeholders. Key Concepts: The conceptual model and the accompanying guideline guide the teachers in their analysis of stakeholder involvement. The model is comprised of several activities (define, execute, and evaluate the collaboration). The guideline provides questions that the teachers should answer for each of these activities. In the constructive use, the model allows teachers to define an action plan based on an analysis of potential stakeholders and the pedagogical objectives. In the retrospective use, the model allows teachers to identify issues that appeared during the project and their underlying causes. Drawing from ideas of the reflective practitioner, the model contains an emphasis on reflection and interpretation of the observations made by the teacher and other groups involved in the courses. Key Lessons: Applying the model retrospectively to a total of eight courses shows that it is possible to reveal hitherto implicit risks and assumptions and to gain a better insight into the interaction...Comment: Abstract shortened since arxiv.org limits length of abstracts. See paper/pdf for full abstract. Paper is forthcoming, accepted August 2017. Arxiv version 2 corrects misspelled author nam

An approach to reconcile the agile and CMMI contexts in product line development

Software product line approaches produce reusable platforms and architectures for products set developed by specific companies. These approaches are strategic in nature requiring coordination, discipline, commonality and communication. The Capability Maturity Model (CMM) contains important guidelines for process improvement, and specifies "what" we must have into account to achieve the disciplined processes (among others things). On the other hand, the agile context is playing an increasingly important role in current software engineering practices, specifying "how" the software practices must be addressed to obtain agile processes. In this paper, we carry out a preliminary analysis for reconciling agility and maturity models in software product line domain, taking advantage of both.Postprint (published version

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Advanced Techniques for Assets Maintenance Management

16th IFAC Symposium on Information Control Problems in Manufacturing INCOM 2018 Bergamo, Italy, 11–13 June 2018. Edited by Marco Macchi, László Monostori, Roberto PintoThe aim of this paper is to remark the importance of new and advanced techniques supporting decision making in different business processes for maintenance and assets management, as well as the basic need of adopting a certain management framework with a clear processes map and the corresponding IT supporting systems. Framework processes and systems will be the key fundamental enablers for success and for continuous improvement. The suggested framework will help to define and improve business policies and work procedures for the assets operation and maintenance along their life cycle. The following sections present some achievements on this focus, proposing finally possible future lines for a research agenda within this field of assets management

Flexible Global Software Development (GSD): Antecedents of Success in Requirements Analysis

Globalization of software development has resulted in a rapid shift away from the traditional collocated, on-site development model, to the offshoring model. Emerging trends indicate an increasing interest in offshoring even in early phases like requirements analysis. Additionally, the flexibility offered by the agile development approach makes it attractive for adaptation in globally distributed software work. A question of significance then is what impacts the success of offshoring earlier phases, like requirements analysis, in a flexible and globally distributed environment? This article incorporates the stance of control theory to posit a research model that examines antecedent factors such as requirements change, facilitation by vendor and client site-coordinators, control, and computer-mediated communication. The impact of these factors on success of requirements analysis projects in a “flexible” global setting is tested using two quasi-experiments involving students from Management Development Institute, India and Marquette University, USA. Results indicate that formal modes of control significantly influence project success during requirements analysis. Further, facilitation by both client and vendor site coordinators positively impacts requirements analysis success