Assessing the Unseen: Roles of Confidentiality and Trust in Software Engineering Work-based Learning Programmes [Poster]

A typical academic degree focused on software engineering has little practical relationship with the industry it is named for, other than the occasional placement or internship. Unlike other professions such as medicine, dentistry and veterinary sciences, candidates do not need to participate in significant professional practice to earn their degree. Indeed, if we consider a traditional academic software engineering student they probably have far more experience constructing shiny new ‘green-field’ systems, than maintaining the old ‘brown-field’ systems found in industry, and generating most professional work. Consequently, there is growing enthusiasm for work-based learning programmes that provide an opportunity for candidates to cement abstract academic theory in concrete personal experience. Work-based learning software engineering students earn their degree by combining theory with actual practice in a professional environment. Nevertheless, the intangible outcomes for much of software engineering has led to an industry obsessed with confidentiality, driven by concerns of employees smuggling source code to competitors or regulators. This obsession potentially presents a barrier to work-based learning schemes as employers prevent outsiders, even close higher education partners, from observing the systems and the source code that learners are working on. Learners may have the opportunity for concrete personal experience, but educators are barred from observing any such experience. However, confidentiality agreements may not necessarily present barriers to assessment, but instead provide an opportunity to assess comprehension and transferable skills by requiring abstract descriptions and reports. This is the converse to the problem in some programming courses, where students submit code without demonstrating that they understand it and can discuss it in terms of the concepts taught. In this talk and accompanying poster we explore some models for software engineering work-based learning programmes that have the potential to maintain confidentiality while assessing learners’ comprehension and ability. We invite discussion and criticism from conference attendees of the presented models, and are interested in potential partners for future collaboration

Lessons learned from evaluating eight password nudges in the wild

Background. The tension between security and convenience, when creating passwords, is well established. It is a tension that often leads users to create poor passwords. For security designers, three mitigation strategies exist: issuing passwords, mandating minimum strength levels or encouraging better passwords. The first strategy prompts recording, the second reuse, but the third merits further investigation. It seemed promising to explore whether users could be subtly nudged towards stronger passwords.Aim. The aim of the study was to investigate the influence of visual nudges on self-chosen password length and/or strength.Method. A university application, enabling students to check course dates and review grades, was used to support two consecutive empirical studies over the course of two academic years. In total, 497 and 776 participants, respectively, were randomly assigned either to a control or an experimental group. Whereas the control group received no intervention, the experimental groups were presented with different visual nudges on the registration page of the web application whenever passwords were created. The experimental groups’ password strengths and lengths were then compared that of the control group.Results. No impact of the visual nudges could be detected, neither in terms of password strength nor length. The ordinal score metric used to calculate password strength led to a decrease in variance and test power, so that the inability to detect an effect size does not definitively indicate that such an effect does not exist.Conclusion. We cannot conclude that the nudges had no effect on password strength. It might well be that an actual effect was not detected due to the experimental design choices. Another possible explanation for our result is that password choice is influenced by the user’s task, cognitive budget, goals and pre-existing routines. A simple visual nudge might not have the power to overcome these forces. Our lessons learned therefore recommend the use of a richer password strength quantification measure, and the acknowledgement of the user’s context, in future studies

Organizing risk: discourse, power, and 'riskification'

Drawing on the work of Foucault, we develop an integrated framework for understanding how risk is organized in three different modes: prospectively, in real time, and retrospectively. We show how these modes are situated in a dominant discourse of risk that leads organizations to normalize risk in particular ways by privileging certain forms of knowledge and authorizing certain risk identities over others. In addition to identifying the common way risk is organized in each mode and showing how it is held in place by the dominant discourse, we propose alternative ways to organize risk that resist this dominant discourse, and we explain why they are difficult to enact. We then extend our analysis by theorizing how, even when it occurs, resistance to the dominant discourse of risk can contribute to “riskification,” with more and more organizing undertaken in the name of risk because of intensification, discipline, and governmentality

Organizations, risk translation, and the ecology of risks: the discursive construction of a novel risk

The contemporary ‘risk society’ is associated with the emergence of a wide range of risks characterised by uncertainty and unfamiliarity. These ‘novel’ risks pose a major challenge for organizations: their negative effects may be significant, but prevailing risk assessment techniques are limited in their ability to identify them. Building on our prior work on the chemical bisphenol A (BPA), this study examines how organizations deal with novel risks. It finds that organizations engage in ‘risk translation’ by translating equivocality associated with the novel risk into more familiar risks, which provide them with a clearer basis and guide for action. As organizations take actions to manage these translated risks, an ‘ecology of risks’ evolves which, over time, allows for the construction of a novel risk. The study contributes to research on organizing and risk by theorizing how organizations respond to novel risks, as well as by highlighting the role of translated organizational risks in constructing novel risks and shaping societal responses to grand challenges

What Do We Do When We Teach Software Engineering?

Many UK higher education institutions offer software engineering programmes, but the purpose and relevance of these programmes within computing science departments is not always obvious. The reality is that while advanced economies require many more skilled software engineers, universities are not delivering them. This is at least true in the context of the United Kingdom, where there are high numbers of software engineering vacancies and unemployed software engineering graduates. A possible explanation could be that curriculum content of software engineering programmes in universities needs to be reconsidered to meet the needs of industry. However, reconsidering curriculum content alone is unlikely to be transformative as there is little to be gained from changing to an emerging methodology, language or framework. Instead, an alternative direction could be to reconsider curriculum delivery and the identity of software engineering within computing science itself. In this paper, we contextualise the challenge by considering the history of software engineering education and some of its key developments. We then consider some of the alternative delivery approaches, before arguing cooperative programmes provide a opportunity for institutions to reconsider software engineering education

Post-Inquiry sensemaking: the case of the 'Black Saturday' bushfires

We examine post-inquiry sensemaking by emergency management practitioners following an inquiry into the most damaging bushfire disaster in Australia’s history. We theorize a model of post-inquiry sensemaking with four distinct but overlapping phases during which sensemaking becomes more prospective over time. In addition to providing important insights into what has, hitherto, been a neglected arena for sensemaking studies, i.e. post-inquiry sensemaking, we contribute to the understanding of sensemaking more generally. Specifically, we show the complex nature of the relationship between sensemaking and equivocality, explain how multiple frames enhance sensemaking, and explore temporality in sensemaking over time

Demystifying and Decluttering Participation in Software Engineering Education Programmes

Academics and employers can partner to deliver professional software engineering education via work-based learning (WBL) programmes. These programmes have the potential to engage and motivate under-represented groups, including those that would not normally engage in higher education. However, challenges still exist in supporting such individuals in participating in WBL programmes. Consequently, we discuss a project on broadening participation in WBL software engineering to support individuals from under-represented groups to participate in software engineering education

Product patriotism: How consumption practices make and maintain national identity

In today’s society, globalization and global flows are ubiquitous and undeniable. Consequently, it is possible to question the role and importance of national identity in consumption choices. This research inductively develops a theory for product patriotism, defined as how consumers construe their identity through nationally-iconic product consumption. A typology is proposed, outlining four possible virtual national identity positions consumers may occupy relative to their stocks of cultural capital, relational orientation toward the nation and situational contingencies. Product patriotism as a framework is distinct from past research that a) narrowly focuses on spectacular or positive forms of nationalistic consumption, b) segments consumers based on nationalistic or patriotic traits, and c) focuses mostly on brands. The novel framework of product patriotism provides new insight into the social patterning of consumers’ reflexive, negotiated decoding of national identities, the dynamism of national identity, and the enduring significance of consumption when enacting national identities

Reducing Work Content in Early Stage Naval Ship Designs

Naval Postgraduate School Acquisition Research Progra