Using ontology to validate conceptual models

A conceptual model is a representation (typically graphical) constructed by IS professionals of someone’s or some group’s perception of a real-world domain. It might be used to facilitate the design and implementation of an information system. It might be used to evaluate the fit between an organization’s needs and the business models embedded within an enterprise application software package. After constructing a conceptual model, IS professionals need to validate it with the stakeholders whose worlds they are seeking to represent. Otherwise, defects in the model might propagate to subsequent system design and implementation activities. If these defects are not discovered until late in the development process, they are often costly to correct. Validating a conceptual model is thus critical to high-quality system development

);DROP TABLE textbooks;--: An Argument for SQL Injection Coverage in Database Textbooks

In this position paper, we look at the representation of SQL injection within undergraduate database textbooks, and argue that both discussion of security issues and security of example code must be improved. SQL injection is a common database exploit which takes advantage of programs that incorrectly incorporate user input into SQL statements. Teaching students how to write parameterized SQL statements is key to preventing this wide-spread attack. We look at the current editions of seven textbooks used at the top 50 US CS programs, and analyze their coverage of SQL injection, use of parameterized queries, and correctness of examples. We find a wide variety in the amount of coverage given to the topic, from none at all to in-depth coverage of defenses. Additionally, we find cases of SQL injectable code given as examples of how to correctly write queries in two of seven textbooks

Information technology investments and supply chain governance

The aim of this research is to propose a model that relates information technology (IT) investments, supply chain governance (SCG) and performance together. For this purpose, a pilot study involving both a qualitative and a quantitative stage was conducted. The qualitative analysis, consisting of an extensive literature review and two case studies conducted in six major, globally-relevant Brazilian companies, led to the development of an initial model. This model was refined during the quantitative stage that involved 38 executives from large national companies. IT was found to be one of the main drivers of SCG influencing companies’ supply chain performance. The final model consists of 5 constructs and 26 elements. Regarding the SCG constructs: (a) a new element ‘formal contracts’, emerged in the ‘contractual SCG’ construct; (b) the element ‘cooperation’ was not confirmed in the ‘relational SCG’ construct; (c) the element ‘transparency’ was considered an important element in the ‘transactional SCG’ construct. Five new elements emerged in the ‘IT investment’ construct. Market aspects were highlighted as being relevant in the ‘supply chain performance’ construct. Thus, the model includes elements that can be analyzed in order to shed light on how IT investments influence SCG and supply chain performance.O objetivo dessa pesquisa é propor um modelo relacionando os investimentos em tecnologia da informação (TI), a governança da cadeia de suprimentos (GCS) e o seu desempenho. Foi realizado um estudo piloto com uma etapa qualitativa e outra quantitativa para a elaboração e o refinamento do instrumento. Na etapa qualitativa, foi elaborado um modelo baseado numa extensa revisão da literatura e em dois estudos de caso realizados em 6 grandes empresas brasileiras com relevância mundial. A partir dessa etapa, foi proposto um modelo que foi refinado através de uma etapa quantitativa com 38 executivos de grandes empresas. Foi identificado que a TI é um dos principais direcionadores da GCS, influenciando o desempenho das empresas na cadeia. O modelo final é composto por 5 constructos e 26 elementos. Nos constructos: (a) governança contratual, o elemento contrato formal emergiu das análises; (b) governança relacional, o elemento cooperação não foi confirmado; e (c) governança transacional: a transparência nas transações foi considerada como sendo um elemento importante. No constructo investimento em TI relacionado à GCS, emergiram cinco novos elementos. No constructo desempenho da cadeia relacionado com a GCS, foram destacados os aspectos de mercado como sendo relevantes. Assim, o modelo contempla elementos a serem analisados para entender como os investimentos em TI influenciam a GCS e seu desempenho