Damages and Benefits of Certification: A perspective from an Independent Assessment Body

The paper investigates on the nature of software certification and its reasons of being. The numerous factors that impact on the achievement of its purposes are discussed, and also compared in the cases of Proprietary Software and Open Source Software. Some relevant features of a certification process for Open Source Software are finally proposed

Process Scenarios in Open Source Software Certification

Certification of Open Source Software (OSS) presents inherent trade-offsdue to the necessity of precisely identifying both a product and an independent certificationagent, and on the other of maintain the peculiar, valuable OSS characteristicof being available to an unlimited multiplicity of actors for trial, use and change.This is an intriguing challenge, usually solved by removing from the picture thecertifying agent and providing an intrinsic certification by means of rigorous, reapplicableproperty demonstrations, adopting Formal Methods (FM) in expressingand verifying the code. As such approach, yet quite valuable and good-promising,has some restrictions (such as the limited set of provable product qualities), we proposeto tackle the problem by analysing the various processes executed by differentOSS stakeholders, including the process of an independent Certification Body. Inthe paper some kinds of representative scenarios in which such processes interleaveare presented and discussed. The aim is to introduce a process-centered perspectivefor OSS that can stimulate research to further understand and mitigate the mentionedtrade-offs

Design of Approaches for Dependability and Initial Prototypes

The aim of CONNECT is to achieve universal interoperability between heterogeneous Networked Systems. For this, the non-functional properties required at each side of the connection going to be established must be fulfilled. By the one inclusive term "CONNECTability" we comprehend properties belonging to all four non-functional concerns of interest for CONNECT, namely dependability, performance, security and trust. We model such properties in conformance with a meta-model which establishes the relevant concepts and their relations. Then, building on the conceptual models proposed in the first year in Deliverable D5.1, in this document we present the approaches developed for assuring CONNECTability both at synthesis time and at runtime. The contributions include: the Dependability&Performance analysis Enabler, for which we release a modular architecture supporting stochastic verification and state-based analysis; incremental verification and event-based monitoring for runtime analysis; a model-based approach to interoperable trust management; the Security-by-Contract-with-Trust framework, which guarantees and enforces the expected trust levels and security policies

Consolidated dependability framework

The aim of CONNECT is to achieve universal interoperability between heterogeneous Networked Systems. For this, the non-functional properties required at each side of the connection going to be established, which we refer to by the one inclusive term "CONNECTability", must be fulfilled. In Deliverable D5.1 we conceived the conceptual models at the foundation of CONNECTability. In D5.2 we then presented a first version of the approaches and of their respective enablers that we developed for assuring CONNECTability both at synthesis time and at run-time. In this deliverables, we present the advancements and contributions achieved in the third year, which include: - a refinement of the CONNECT Property Meta-Model, with a preliminary implementation of a Model-to-Code translator; - an enhanced implementation of the Dependability&Performance analysis Enabler, supporting stochastic verification and state-based analysis, that is enriched with mechanisms for providing feedback to the Synthesis enabler based on monitor's run-time observations; - a fully running version of the Security Enabler, following the Security-by-Contract-with-Trust methodology, for the monitoring and enforcement of CONNECT related security policies; - a complete (XML) definition of the Trust Model Description Language, an editor and the corresponding implementation of supporting tools to be integrated into the Trust Management Enabler

Establishing a quality-model based evaluation process for websites

Abstract. This paper presents the main aspects of an ongoing project, aimed at defining a website independent evaluation process as a part of the mission of a service-providing organization. The process uses as reference a quality model that is defined starting from existing proposals and general requirements for quality models. The problem of integrating human judgment and automation in the evaluation process is also introduced, and technical solutions, involving the use of experimental work, are discussed

Automated Natural Language Analysis of Requirements and Specifications

Requirements analysis is a nontrivial, tedious, error prone and time consuming process. This paper describes a tool that automates identification of requirements defects that exist because of inadequate use of language for the purpose intended. The paper also describes results of using the tool on actual requirements documents from different industries. Our results show that the tool identifies defects that often escape detection by human inspectors