Selection of third party software in Off-The-Shelf-based software development: an interview study with industrial practitioners

The success of software development using third party components highly depends on the ability to select a suitable component for the intended application. The evidence shows that there is limited knowledge about current industrial OTS selection practices. As a result, there is often a gap between theory and practice, and the proposed methods for supporting selection are rarely adopted in the industrial practice. This paper's goal is to investigate the actual industrial practice of component selection in order to provide an initial empirical basis that allows the reconciliation of research and industrial endeavors. The study consisted of semi-structured interviews with 23 employees from 20 different software-intensive companies that mostly develop web information system applications. It provides qualitative information that help to further understand these practices, and emphasize some aspects that have been overlooked by researchers. For instance, although the literature claims that component repositories are important for locating reusable components; these are hardly used in industrial practice. Instead, other resources that have not received considerable attention are used with this aim. Practices and potential market niches for software-intensive companies have been also identified. The results are valuable from both the research and the industrial perspectives as they provide a basis for formulating well-substantiated hypotheses and more effective improvement strategies.Peer ReviewedPostprint (author's final draft

Experiences and issues for environmental engineering sensor network deployments

Sensor network research is a large and growing area of academic effort, examining technological and deployment issues in the area of environmental monitoring. These technologies are used by environmental engineers and scientists to monitor a multiplicity of environments and services, and, specific to this paper, energy and water supplied to the built environment. Although the technology is developed by Computer Science specialists, the use and deployment is traditionally performed by environmental engineers. This paper examines deployment from the perspectives of environmental engineers and scientists and asks what computer scientists can do to improve the process. The paper uses a case study to demonstrate the agile operation of WSNs within the Cloud Computing infrastructure, and thus the demand-driven, collaboration-intense paradigm of Digital Ecosystems in Complex Environments

Experiences and issues for environmental science sensor network deployments

Sensor network research is a large and growing area of academic effort, examining technological and deployment issues in the area of environmental monitoring. These technologies are used by environmental engineers and scientists to monitor a multiplicity of environments and services, and, specific to this paper, energy and water supplied to the built environment. Although the technology is developed by Computer Science specialists, the use and deployment is traditionally performed by environmental engineers. This paper examines deployment from the perspectives of environmental engineers and scientists and asks what computer scientists can do to improve the process. The paper uses a case study to demonstrate the agile operation of WSNs within the Cloud Computing infrastructure, and thus the demand-driven, collaboration-intense paradigm of Digital Ecosystems in Complex Environments

Multistage Switching Architectures for Software Routers

Software routers based on personal computer (PC) architectures are becoming an important alternative to proprietary and expensive network devices. However, software routers suffer from many limitations of the PC architecture, including, among others, limited bus and central processing unit (CPU) bandwidth, high memory access latency, limited scalability in terms of number of network interface cards, and lack of resilience mechanisms. Multistage PC-based architectures can be an interesting alternative since they permit us to i) increase the performance of single software routers, ii) scale router size, iii) distribute packet manipulation and control functionality, iv) recover from single-component failures, and v) incrementally upgrade router performance. We propose a specific multistage architecture, exploiting PC-based routers as switching elements, to build a high-speed, largesize,scalable, and reliable software router. A small-scale prototype of the multistage router is currently up and running in our labs, and performance evaluation is under wa

Estimating ToE Risk Level using CVSS

Security management is about calculated risk and requires continuous evaluation to ensure cost, time and resource effectiveness. Parts of which is to make future-oriented, cost-benefit investments in security. Security investments must adhere to healthy business principles where both security and financial aspects play an important role. Information on the current and potential risk level is essential to successfully trade-off security and financial aspects. Risk level is the combination of the frequency and impact of a potential unwanted event, often referred to as a security threat or misuse. The paper presents a risk level estimation model that derives risk level as a conditional probability over frequency and impact estimates. The frequency and impact estimates are derived from a set of attributes specified in the Common Vulnerability Scoring System (CVSS). The model works on the level of vulnerabilities (just as the CVSS) and is able to compose vulnerabilities into service levels. The service levels define the potential risk levels and are modelled as a Markov process, which are then used to predict the risk level at a particular time

Reconciling agility and discipline in COTS selection processes

Currently, information systems are mainly built by integrating or customizing commercial off-the-shelf (COTS) components acquired or licensed from the marketplace. The processes necessary to steer a suitable acquisition are different from traditional software development processes. Among them, we are interested in the process of selection of COTS components. COTS selection requires discipline to coordinate the selection team and the set of new activities that are necessary to support a successful selection. The Capability Maturity Model (CMM) contains important guidelines for process improvement, and specifiesPeer ReviewedPostprint (published version

mRUBiS: An Exemplar for Model-Based Architectural Self-Healing and Self-Optimization

Self-adaptive software systems are often structured into an adaptation engine that manages an adaptable software by operating on a runtime model that represents the architecture of the software (model-based architectural self-adaptation). Despite the popularity of such approaches, existing exemplars provide application programming interfaces but no runtime model to develop adaptation engines. Consequently, there does not exist any exemplar that supports developing, evaluating, and comparing model-based self-adaptation off the shelf. Therefore, we present mRUBiS, an extensible exemplar for model-based architectural self-healing and self-optimization. mRUBiS simulates the adaptable software and therefore provides and maintains an architectural runtime model of the software, which can be directly used by adaptation engines to realize and perform self-adaptation. Particularly, mRUBiS supports injecting issues into the model, which should be handled by self-adaptation, and validating the model to assess the self-adaptation. Finally, mRUBiS allows developers to explore variants of adaptation engines (e.g., event-driven self-adaptation) and to evaluate the effectiveness, efficiency, and scalability of the engines