Protocol and Tools for Conducting Agile Software Engineering Research in an Industrial-Academic Setting: A Preliminary Study

Conducting empirical research in software engineering industry is a process, and as such, it should be generalizable. The aim of this paper is to discuss how academic researchers may address some of the challenges they encounter during conducting empirical research in the software industry by means of a systematic and structured approach. The protocol developed in this paper should serve as a practical guide for researchers and help them with conducting empirical research in this complex environment.Comment: Accepted to CESI 2018 - International Workshop on Conducting Empirical Studies in Industry (in conjunction with ICSE 2018

Protocol and tools for conducting agile software engineering research in an industrial-academic setting: a preliminary study

Conducting empirical research in software engineering industry is a process, and as such, it should be generalizable. The aim of this paper is to discuss how academic researchers may address some of the challenges they encounter during conducting empirical research in the software industry by means of a systematic and structured approach. The protocol developed in this paper should serve as a practical guide for researchers and help them with conducting empirical research in this complex environment.Peer ReviewedPostprint (author's final draft

Next stop 'NoOps': enabling cross-system diagnostics through graph-based composition of logs and metrics

Performing diagnostics in IT systems is an increasingly complicated task, and it is not doable in satisfactory time by even the most skillful operators. Systems and their architecture change very rapidly in response to business and user demand. Many organizations see value in the maintenance and management model of NoOps that stands for No Operations. One of the implementations of this model is a system that is maintained automatically without any human intervention. The path to NoOps involves not only precise and fast diagnostics but also reusing as much knowledge as possible after the system is reconfigured or changed. The biggest challenge is to leverage knowledge on one IT system and reuse this knowledge for diagnostics of another, different system. We propose a framework of weighted graphs which can transfer knowledge, and perform high-quality diagnostics of IT systems. We encode all possible data in a graph representation of a system state and automatically calculate weights of these graphs. Then, thanks to the evaluation of similarity between graphs, we transfer knowledge about failures from one system to another and use it for diagnostics. We successfully evaluate the proposed approach on Spark, Hadoop, Kafka and Cassandra systems.Peer ReviewedPostprint (author's final draft

Information technologies exposing children to privacy risks: Domains and children-specific technical controls

EU data protection law requires that digital service providers and system developers put in place technical measures that are adequate to protect children’s informational privacy. The stringent legal obligations of implementing principles of data protection by design into digital systems intensified the engineers’ need to create processes and technological solutions to enhance children’s privacy in digital services. However, in several cases, generic controls have proven to have limited effects on the protection of children’s privacy, raising questions about the need to further develop children- specific technical controls. This paper contributes to address the need for privacy controls by providing (a) a summary of real-world applications of information technologies domains that expose children to privacy risks, and (b) a list that represents the state-of-the-art of the technical controls designed specifically to protect children’s privacy. We identify 24 technical controls that we manually classify with NIST Security and Privacy control categories and Hoepman’s Privacy design strategies. We find that most controls relate to identification and authentication, many of which in the form of techniques for age verification. In general, the vast majority of controls belong to minimization strategies. Our findings show that the field of technical controls specifically designed for children is yet to be developed.This work has been conducted in the scope of the project PDP4E (Methods and tools for GDPR compliance through Privacy and Data Protection Engineering). This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034