Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study

Passwords are still a mainstay of various security systems, as well as the cause of many usability issues. For end-users, many of these issues have been studied extensively, highlighting problems and informing design decisions for better policies and motivating research into alternatives. However, end-users are not the only ones who have usability problems with passwords! Developers who are tasked with writing the code by which passwords are stored must do so securely. Yet history has shown that this complex task often fails due to human error with catastrophic results. While an end-user who selects a bad password can have dire consequences, the consequences of a developer who forgets to hash and salt a password database can lead to far larger problems. In this paper we present a first qualitative usability study with 20 computer science students to discover how developers deal with password storage and to inform research into aiding developers in the creation of secure password systems

Understanding and Evaluation of Software Process Deviations

Software process improvement is often mentioned in today?s software marketplace. To be able to do process improvement, the organisation must have a process to improve from. These processes are commonly deviated from, and the PDU/PAY organisation at Ericsson AB has experienced that this happens too often within their organisation. The aim of this master thesis was to investigate why such deviations occur and how they could be prevented at PDU/PAY. A survey including a qualitative and a quantitative part was conducted at PDU/PAY to investigate this issue. The result was that processes were often deviated from due to lack of: management commitment, user involvement, synchronisation between processes, change management, anchoring of processes, and communication of processes. In addition to the conducted studies, an improvement proposal is given to the PDU/PAY organisation. This includes one organisational part and one part that is directly related to the actual work with processes. The proposal is intended to give PDU/PAY an essence of how to improve their work with their organisational processes

Evolving Prioritization for Software Product Management

The quality of a product is commonly defined by its ability to satisfy stakeholder needs and expectations. Therefore, it is important to find, select, and plan the content of a software product to maximize the value for internal and external stakeholders. This process is traditionally referred to as requirements engineering in the software industry, while it is often referred to as product management in industries with a larger market focus. As an increasing number of software products are delivered to a market instead of single customers, the need for product management in software companies is increasing. As a side effect, the need for mechanisms supporting decisions regarding the content of software products also increases. While decision-support within requirements engineering and product management is a broad area, requirements prioritization together with release planning and negotiation are considered as some of the most important decision activities. This is particularly true because these activities support decisions regarding the content of products, an

Prioritization of Stakeholder Needs in Software Engineering : Understanding and Evaluation

In everyday life, humans confront situations where different decisions have to be made. Such decisions can be non-trivial even though they often are relatively simple, such as which bus to take or which flavor of a soft drink to buy. When facing decisions of more complex nature, and when more is at stake, they tend to get much harder. It is often possible to deal with such decisions by prioritizing different alternatives to find the most suitable one. In software engineering, decision-makers are often confronted with situations where complex decisions have to be made, and where the concept of prioritization can be utilized. Traditionally in software engineering, discussions about prioritization have focused on the software product. However, when defining or improving software processes, complex decisions also have to be made. In fact, software products and software processes have many characteristics in common which invite thoughts about using prioritization when developing and evolving software processes as well. The results presented in this thesis indicate that it is possible to share results and knowledge regarding prioritization between the two areas. In this thesis, the area of prioritization of software products is investigated in detail and a number of studies where prioritizations are performed in both process and product settings are presented. It is shown that it is possible to use prioritization techniques commonly used in product development also when prioritizing improvement issues in a software company. It is also shown that priorities between stakeholders of a software process sometimes differ, just as they do when developing software products. The thesis also presents an experiment where different prioritization techniques are evaluated with regard to ease of use, time consumption, and accuracy. Finally, an investigation of the suitability of students as subjects when evaluating prioritization techniques is presented

Prioritization of Stakeholder Needs in Software Engineering - Understanding and Evaluation

In everyday life, humans confront situations where different decisions have to be made. Such decisions can be non-trivial even though they often are relatively simple, such as which bus to take or which flavor of a soft drink to buy. When facing decisions of more complex nature, and when more is at stake, they tend to get much harder. It is often possible to deal with such decisions by prioritizing different alternatives to find the most suitable one. In software engineering, decision-makers are often confronted with situations where complex decisions have to be made, and where the concept of prioritization can be utilized. Traditionally in software engineering, discussions about prioritization have focused on the software product. However, when defining or improving software processes, complex decisions also have to be made. In fact, software products and software processes have many characteristics in common which invite thoughts about using prioritization when developing and evolving software processes as well. The results presented in this thesis indicate that it is possible to share results and knowledge regarding prioritization between the two areas. In this thesis, the area of prioritization of software products is investigated in detail and a number of studies where prioritizations are performed in both process and product settings are presented. It is shown that it is possible to use prioritization techniques commonly used in product development also when prioritizing improvement issues in a software company. It is also shown that priorities between stakeholders of a software process sometimes differ, just as they do when developing software products. The thesis also presents an experiment where different prioritization techniques are evaluated with regard to ease of use, time consumption, and accuracy. Finally, an investigation of the suitability of students as subjects when evaluating prioritization techniques is presented

Requirements Prioritization

This chapter provides an overview of techniques for prioritization of requirements for software products. Prioritization is a crucial step towards making good decisions regarding product planning for single and multiple releases. Various aspects of functionality are considered, such as importance, risk, cost, etc. Prioritization decisions are made by stakeholders, including users, managers, developers, or their representatives. Methods are given how to combine individual prioritizations based on overall objectives and constraints. A range of different techniques and aspects are applied to an example to illustrate their use. Finally, limitations and shortcomings of current methods are pointed out, and open research questions in the area of requirements prioritization are discussed

Requirements Prioritization

This chapter provides an overview of techniques for prioritization of requirements for software products. Prioritization is a crucial step towards making good decisions regarding product planning for single and multiple releases. Various aspects of functionality are considered, such as importance, risk, cost, etc. Prioritization decisions are made by stakeholders, including users, managers, developers, or their representatives. Methods are given how to combine individual prioritizations based on overall objectives and constraints. A range of different techniques and aspects are applied to an example to illustrate their use. Finally, limitations and shortcomings of current methods are pointed out, and open research questions in the area of requirements prioritization are discussed

Pair-wise comparisons versus planning game partitioning-experiments on requirements prioritisation techniques

The process of selecting the right set of requirements for a product release is dependent on how well the organisation succeeds in prioritising the requirements candidates. This paper describes two consecutive controlled experiments comparing different requirements prioritisation techniques with the objective of understanding differences in time-consumption, ease of use and accuracy. The first experiment evaluates Pair-wise comparisons and a variation of the Planning game. As the Planning game turned out as superior, the second experiment was designed to compare the Planning game to Tool-supported pair-wise comparisons. The results indicate that the manual pair-wise comparisons is the most time-consuming of the techniques, and also the least easy to use. Tool-supported pair-wise comparisons is the fastest technique and it is as easy to use as the Planning game. The techniques do not differ significantly regarding accuracy