Designing a Serious Game: Teaching Developers to Embed Privacy into Software Systems

Software applications continue to challenge user privacy when users interact with them. Privacy practices (e.g. Data Minimisation (DM), Privacy by Design (PbD) or General Data Protection Regulation (GDPR)) and related "privacy engineering" methodologies exist and provide clear instructions for developers to implement privacy into software systems they develop that preserve user privacy. However, those practices and methodologies are not yet a common practice in the software development community. There has been no previous research focused on developing "educational" interventions such as serious games to enhance software developers' coding behaviour. Therefore, this research proposes a game design framework as an educational tool for software developers to improve (secure) coding behaviour, so they can develop privacy-preserving software applications that people can use. The elements of the proposed framework were incorporated into a gaming application scenario that enhances the software developers' coding behaviour through their motivation. The proposed work not only enables the development of privacy-preserving software systems but also helping the software development community to put privacy guidelines and engineering methodologies into practice.Comment:

Aplicación del modelado de procesos en un curso de ingeniería de software

La coordinación en un proyecto de desarrollo de software es un factor crítico para liberar un producto de calidad dentro de las restricciones de tiempo, funcionalidad y costo acordadas con el cliente. Una de las estrategias para abordar este problema consiste en utilizar técnicas de modelado de procesos para capturar, evaluar y rediseñar el proceso de desarrollo de software. La valoración de los proyectos realizados en el curso de ingeniería y metodología de la programación impartido en el CICESE, desde la perspectiva de procesos, facilita la especificación de fortalezas y debilidades del proceso de desarrollo utilizado. Se presenta la evaluación de la parte práctica del curso, las acciones de mejoramiento llevadas a cabo y los resultados preliminares al utilizar el enfoque de procesos en la etapa de análisis de un proyecto de desarrollo de software

A Process Framework for Managing Interactions between Sotware Quality Charateristics

Software quality is dominated by the manufacturing view in which the conformance to software process models is considered to be the best approach by which to deliver high quality software products. Product quality is measured by using surrogates as the number of defects found in software products and/or rework costs. This view, although useful for structuring practices that a software organization deploys, lacks the appropriate support needed to directly focus on the quality needs of different stakeholders. The approach for software quality based on a product view addresses this from the perspective of the stakeholder¿s point of view. A valuable support that can be used to address stakeholder quality goals is a product quality model which describes the main quality characteristics to be taken into account when a software product is specified, measured or evaluated. However, the research into quality models has been developed in parallel, but independently, of the approaches used in the software process field. A strategy with which to enhance product quality could be based on both quality views. Integrated approaches of the process and product quality views can potentiate the business strategies focused on enhancing software quality. An approach focused on the software process provides a general view as regards the extent to which quality goals are fulfilled by current software processes. After diagnosing current quality goals using a tailored product quality model, the software process may be improved by introducing specific activities oriented toward enhancing a given product quality characteristic. In order to implement the aforementioned strategy, software organizations need structured approaches that support the enhancement of their product quality. As a proposal with which to support the introduction of a product based perspective into a software process oriented view of quality, this thesis presents the Software Quality Interaction Management Framework (SQIMF), a framework developed in order to manage interactions between product quality characteristics by defining a set of processes that is oriented toward both minimizing the number of negative interactions between quality characteristics and mitigating the impact of the negative interactions that could occur during software development. The framework additionally considers the development of improvement plans oriented toward enhancing a product quality characteristic using specific activities based on a harmonization approach. The SQIMF framework is composed of three components: 1. Conceptual view, which defines the SQIMF ontology. The SQIMF ontology relies on both the ISO 25010 quality model and other product quality model representations. The ontology also considers the vocabulary used in the software quality and software requirements fields to manage interactions between quality requirements and quality attributes. Furthermore, the SQIMF ontology considers concepts used in a decision-making process to support the trade-off analysis in order to resolve negative interactions. Moreover, the SQIMF ontology establishes links with both the Software Measurement Ontology (SMO) and the Harmonization of Multi models Ontology (H2MO) in order to use other supporting methodologies. 2. Methodological view, which defines a set of processes and methods that can be used to manage interactions between quality characteristics. The methodological framework includes: - Five processes suggested for use at organizational and project level. The processes bound to the organizational level address the tailoring of product quality models and the establishment of product quality goals. The processes bound to project level focus on monitoring product quality requirements in order to identify potential interactions between quality characteristics, and resolving negative interactions by applying a structured process for decision-making. - Methods to support the SQIMF processes. The process perspective is supported by the inclusion of methods used in the harmonization approach. A set of methods and techniques with which to trade off software quality characteristics is also included. 3. Technological view, which describes a web tool that can be employed to support the management of interaction models, the mapping between process models and product quality models, and the management of product quality models. This thesis also shows the reference framework regarding how software process improvement literature has addressed software product quality. The SQIMF framework proposal has emerged from the analysis of the current state of research in the SPI field. In addition, two empirical studies have been conducted. An exploratory case study carried out by means of a survey of three small Spanish companies helped to determine the need to carry out research into the management of interactions between quality characteristics. The second study, a case study conducted using interviews, showed how the interactions between quality characteristics are identified. The SQIMF framework can therefore address both quality perspectives in order to improve software quality. The exploratory studies showed the need for further research into this topic to support business quality needs

Aplicación del modelado de procesos en un curso de ingeniería de software

La coordinación en un proyecto de desarrollo de software es un factor crítico para liberar un producto de calidad dentro de las restricciones de tiempo, funcionalidad y costo acordadas con el cliente. Una de las estrategias para abordar este problema consiste en utilizar técnicas de modelado de procesos para capturar, evaluar y rediseñar el proceso de desarrollo de software. La valoración de los proyectos realizados en el curso de ingeniería y metodología de la programación impartido en el CICESE, desde la perspectiva de procesos, facilita la especificación de fortalezas y debilidades del proceso de desarrollo utilizado. Se presenta la evaluación de la parte práctica del curso, las acciones de mejoramiento llevadas a cabo y los resultados preliminares al utilizar el enfoque de procesos en la etapa de análisis de un proyecto de desarrollo de software

Application of Process Modeling in a Software- Engineering Course

Coordination in a software development project is a critical issue in delivering a successful software product, within the constraints of time, functionality and budget agreed upon with the customer. One of the strategies for approaching this problem consists in the use of process modeling to document, evaluate, and redesign the software development process. The appraisal of the projects done in the Engineering and Methodology course of a program given at the Ensenada Center of Scientific Research and Higher Education (CICESE), from a process perspective, facilitated the identification of strengths and weaknesses in the development process used. This paper presents the evaluation of the practical portion of the course, the improvements made, and the preliminary results of using the process approach in the analysis phase of a software-development project.</span

Prácticas dirigidas a la mejora de la usabilidad del software

La usabilidad es un atributo del software (y sistema) que considera la experiencia de las personas cuando interaccionan con las interfaces de un producto software. Una meta potencial de las organizaciones de desarrollo de software es mejorar la usabilidad de sus productos. Por otra parte, el software se desarrolla aplicando un proceso, el cual tiene un impacto significativo en la calidad final del producto, incluyendo su usabilidad. Teniendo esto en cuenta, en este trabajo se presenta un enfoque basado en el proceso de software en el cual nos interesa conocer las actividades, prácticas y métodos que podrían mejorar la usabilidad del software. Para ello, a partir de una revisión sistemática de literatura, identificamos los procesos de software que podrían ser complementados con prácticas de usabilidad. Adicionalmente, los métodos y técnicas de soporte a la usabilidad los relacionamos con cada proceso. Este es un primer paso en el desarrollo de una estrategia que permita introducir cambios en el proceso de software de cara a mejorar la usabilidad del producto

A Systematic Mapping Study on Privacy by Design in Software Engineering

Protecting personal data in current software systems is a complex issue that requires legal regulations and constraints to manage personal data as well as a methodological support to develop software systems that would safeguard data privacy of their respective users. Privacy by Design (PbD) approach has been proposed to address this issue and has been applied to systems development in a variety of application domains. The aim of this work is to determine the presence of PbD and its extent in software development efforts. A systematic mapping study was conducted in order to identify relevant literature that collects PbD principles and goals in software development as well as methods and/or practices that support privacy aware software development. 53 selected papers address PbD mostly from a theoretical perspective with proposals validation based primarily on experiences or examples. The findings suggest that there is a need to develop privacy-aware methods to be integrated at all stages of software development life cycle and validate them in industrial settings