Challenges and Their Practices in Adoption of Hybrid Cloud Computing: An Analytical Hierarchy Approach

Cloud computing adoption provides various advantages for companies. In particular, hybrid cloud shares the advantages of both the public and private cloud technologies because it combines the private in-house cloud with the public on-demand cloud. In order to obtain benefits from the opportunities provided by the hybrid cloud, organizations want to adopt or develop novel capabilities. Maturity models have proved to be an exceptional and easily available method for evaluating and improving capabilities. However, there is a dire need for a robust framework that helps client organizations in the adoption and assessment of hybrid cloud. Therefore, this research paper aims to present a taxonomy of the challenging factors faced by client organizations in the adoption of hybrid cloud. Typically, such a taxonomy is presented on the basis of obtained results from the empirical analysis with the execution of analytical hierarchy process (AHP) method. From the review of literature and empirical study, in total 13 challenging factors are recognized and plotted into four groups: "Lack of Inclination,""Lack of Readiness,""Lack of Adoption,"and "Lack of Satisfaction."The AHP technique is executed to prioritize the identified factors and their groups. By this way, we found that "Lack of Adoption"and "Lack of Satisfaction"are the most significant groups from the identified challenging factors. Findings from AHP also show that "public cloud security concern"and "achieving QoS"are the upper ranking factors confronted in the adoption of hybrid cloud mechanism by client organizations because their global weight (0.201) is greater than those of all the other reported challenging factors. We also found out 46 practices to address the identified challenges. The taxonomy developed in this study offers a comprehensive structure for dealing with hybrid cloud computing issues, which is essential for the success and advancement of client and vendor organizations in hybrid cloud computing relationships.Qatar University Internal Grant No. IRCC-2021-010

Prioritizing the Issues extracted for Getting Right People on Right Project in Software Project Management from Vendors' Perspective

Software project management inspires and urges the spirit of software developing team members which continues until project completion. Obviously, success of every project based on right selection of team members that ensures to meet the desired requirements of any software developing project. The fundamental aim of current study is to extract and prioritize issues faced by vendors of global software development (GSD) organizations during the selection of right team with having aim to complete the project successfully. As a methodology, a systematic literature review (SLR) used for data extraction and categorization, a questionnaire survey adopted for data validation, and a hierarchical analytical process (AHP) used for prioritizing extracted findings. A total of 12 issues are extracted and grouped into 3 categories (association, teamwork, and fascination). The overall result showed that 'association' is the most important category as compare to other categories. Similarly, communication and coordination issues, team's consistency and stability issues, and lack of expertise issues, etc are highlighted as the most critical issues during selection of right people for the right project from vendors' perspective.Qatar University [IRCC-2020-009]

Systematic Mapping Study on Security Approaches in Secure Software Engineering

In the modern digital era, software systems are extensively adapted and have become an integral component of human society. Such wide use of software systems consists of large and more critical data that inevitably needs to be secured. It is imperative to make sure that these software systems not only satisfy the users' needs or functional requirements, but it is equally important to make sure the security of these software systems. However, recent research shows that many software development methods do not explicitly include software security measures during software development as they move from demand engineering to their final losses. Integrating software security at each stage of the software development life cycle (SDLC) has become an urgent need. Tackling software security, various methods, techniques, and models have been suggested and developed, however, only a few of them provide strong evidence for building secure software applications. The main purpose of this research is to study security measures in the context of the development of secure software (SSD) during the study of systematic mapping (SMS). Based on the inclusion and exclusion criteria, 116 studies were selected. After the data extraction from the selected 116 papers, these were classified based on the quality assessment, software security method, SDLC phases, publication venue, and SWOT analysis. The results indicate that this domain is still immature and sufficient research work needs to be carried out particularly on empirically evaluated solutions.Qatar University [IRCC-2020-009]

Green-Agile Maturity Model: An Evaluation Framework for Global Software Development Vendors

Agile methods are extensively adapted by software development organizations due to the competitive benefits it offers. In recent years global software development (GSD) projects practice agile methods as prominent methods to deliver the software in increments with utmost user satisfaction and affordable cost. Beside the use of agile methods, the software industry has also considered the green aspect of software, to be in line with the demands of the organizations and the world technological ecosystem. The green and sustainable feature of software should focus both the energy and resource efficiency key factors. This phenomenon of embedding the green flavor in software has emerged a new research area, green software engineering, that promises the development of eco-friendly software with minimum energy and use of less computing resources, to trim down the adverse effects on both society and environment. The principal objective of this research study is to design and develop a multi-level Green-Agile Maturity Model (GAMM) to assess the GSD vendors' agile maturity in terms of green software development. The model has been built in four phases. In phase I and II, systematic literature review (SLR) was performed to identify the success factors and risk factors that either supports or hinders the green and sustainable software development respectively by practicing the agile methods in GSD. The results have been validated from 106 relevant experts, dealing with agile and green software projects, through questionnaire survey. The experts' demographic represents 25 different countries. We also identified the industry practices through SLR and survey, to address our identified critical factors. Phase III of this research deals with development of the GAMM by categorizing the identified factors into seven Green-Agile maturity levels. A similar approach has been used in other models such as Capability Maturity Model Integration (CMMI), Implementation Maturity Model (IMM) and Software Outsourcing Vendors Readiness Model (SOVRM). In phase IV of this research, five case studies were conducted at GSD organizations, to evaluate the structure and efficacy of the GAMM, while as a major contribution, this paper presents our developed model, the GAMM, which aims to assess the green-agile maturity of the GSD vendors in terms of green and sustainable software development.Qatar University [IRCC-2021-010]

Challenges and practices identification in complex outsourcing relationships: A systematic literature review

Complex IT outsourcing relationships aptitude several benefits such as increased cost likelihood and lowered costs, higher scalability and flexibility upon demand. However, by virtue of its complexity, the complex outsourcing typically necessitates the interactions among various stakeholders from diverse regions and cultures, making it significantly more challenging to manage than traditional outsourcing. Furthermore, when compared to other types of outsourcing, complex outsourcing is extremely difficult because it necessitates a variety of control and coordination mechanisms for project management, which proportionally increases the risk of project failure. In order to overcome the failure of projects in complex outsourcing relationships, there is a need of robust systematic research to identify the key challenges and practices in this area. Therefore, this research implements systematic literature review as a research method and works as a pioneer attempt to accomplish the aforementioned objectives. Upon furnishing the SLR results, the authors identified 11 major challenges with 67 practices in hand from a total of 85 papers. Based on these findings, the authors intend to construct a comprehensive framework in the future by incorporating robust methodologies such as AHP and fuzzy logic, among others.Qatar National Library and Qatar University - grant No. IRCC- 2021-010

Systematic Literature Review on Security Risks and its Practices in Secure Software Development

Security is one of the most critical aspects of software quality. Software security refers to the process of creating and developing software that assures the integrity, confidentiality, and availability of its code, data, and services. Software development organizations treat security as an afterthought issue, and as a result, they continue to face security threats. Incorporating security at any level of the Software Development Life Cycle (SDLC) has become an urgent requirement. Several methodologies, strategies, and models have been proposed and developed to address software security, but only a few of them give reliable evidence for creating secure software applications. Software security issues, on the other hand, have not been adequately addressed, and integrating security procedures into the SDLC remains a challenge. The major purpose of this paper is to learn about software security risks and practices so that secure software development methods can be better designed. A systematic literature review (SLR) was performed to classify important studies to achieve this goal. Based on the inclusion, exclusion, and quality assessment criteria, a total of 121 studies were chosen. This study identified 145 security risks and 424 best practices that help software development organizations to manage the security in each phase of the SDLC. To pursue secure SDLC, this study prescribed different security activities, which should be followed in each phase of the SDLC. Successful integration of these activities minimizing effort, time, and budget while delivering secure software applications. The findings of this study assist software development organizations in improving the security level of their software products and also enhancing their security efficiency. This will raise the developer's awareness of secure development practices as well

Portfolio Cost Management in Offshore Software Development Outsourcing Relationships from Vendor's Perspective: a Systematic Literature Review Protocol

Abstract: CONTEXT

Empirical Investigation of Critical Requirements Engineering Practices for Global Software Development

There is a need to identify requirements engineering (RE) practices that are important to global software development (GSD) project success. The objective of this paper is to report our recent empirical study results which aimed to identify the RE practices that are important to GSD projects. This study used an online survey questionnaire to elicit data from 56 RE experts of GSD projects. The survey included 66 RE practices identified by Sommerville et al. for non-GSD projects. The participants were asked to rank each RE practice on a four-point scale to determine the degree of importance of each practice in the context of GSD projects. This research identified a set of six key RE practices that mainly focuses on GSD project stakeholders, scope, standards and requirements traceability management. One common theme that is evident from the RE experts' feedback analysis is the standardization of requirements documents to reduce requirements inconsistencies and improve communication in diverse and distributed GSD project environments Our results show that not all 66 RE best practices are important for GSD projects. We believe that a good understanding of the identified RE practices is vital in developing and implementing the situation-specific RE processes for GSD projects.Qatar University - grant No. IRCC-2021-010

Software outsourcing vendors' readiness model (SOVRM)

CONTEXT - Offshore software development outsourcing (OSDO) is a modern business strategy for developing high quality software in low-wage countries at low cost. OSDO is a contract-based relationship between client and vendor organisations in which a c1ient(s) contracts out all or part of its software development activities to a vendor(s), who provides agreed services in return for remuneration. Vendor's readiness plays an important role in the successful outcomes of OSDO projects. OBJECTIVE - The objective of this thesis is to develop a software outsourcing vendors' readiness model (SOVRM) to help vendors for assessing and improving their readiness for OSDO activities. The SOVRM is primarily developed to assist OSDO vendor organisations. However, it is also beneficial to client organisations as client organisations can take benefit from this research by getting to know about the areas in which vendors can be assessed based on their own priorities. Moreover, clients can make a better informcd decision of their choice of OSDO vendors. In developing the SOVRM model, we considered other similar efforts addressing similar areas, specifically CMMI and ISO 9001. SOVRM has its distinctive and unique features that differentiate it from other models. Specifically, SOVRM is a comprehensive model focussing on assisting outsourcing companies in assessing their readiness for software development outsourcing. It is not a software process improvement model or standard such as CMMI and ISO 9001. Vendor companies which are CMMI or ISO 900 I certified may not be ready for software development outsourcing as the characteristics of CMMI and ISO 9001 is to improve the software development capabilities of companies instead of improving their outsourcing readiness. However, we included CMMI or ISO 900 I certification as one of the success factors defined in SOVRM.EThOS - Electronic Theses Online ServiceGBUnited Kingdo