Communicating conflict and ambiguity in requirements engineering

Lancaster UniversityEffective requirements engineering in the presence of imperfection remains a major research problem. There is a lack of metaphors to aid communication about such imperfections during consultation with stakeholders. The aim of this thesis research is to improve the identification, communication, and handling of ambiguity and conflict in non-functional requirements, inadvertently introduced during the RE process. The thesis proposes a new approach based in the jigsaw puzzle metaphor, which is a novel contribution in the area of visual metaphors, and as a communication mechanism to make conflict and ambiguity explicit during stakeholder consultation meetings. This metaphor is based on jigsaw puzzles, where each puzzle piece represents a requirement. When the requirement text contains ambiguities and/or conflicts with other requirements, the respective puzzle pieces almost fit together but not perfectly. The approach presents heuristics to identify the most pertinent conflicts and ambiguities to handle and thus to make explicit through the badly-fitting matches. The gamming nature of the jigsaw puzzle metaphor, the fact it presents an easy to understand and learn language, as well as the analogy with misshapen graphical visualization (the badly-fitting matches) to represent that there is a problem, and its adequacy to a creative task as RE is; altogether are key characteristics that contribute to the adequacy and success of the jigsaw puzzle metaphor when used in stakeholder consultation meetings. In fact the jigsaw puzzle metaphor used together with the proposed method for conducting the consultation meetings with the stakeholders proved successful in: Increasing effectiveness when compared with text presentation. Fostering team work and communication, and improving commitment of stakeholders in co-authoring of requirements and co-responsibility in ambiguity and conflict handling. Promoting a relaxed environment to improve team cooperation and creativity. A key contribution of this thesis is its focus on separating the processing of the information about the imperfection from the issue of communicating that imperfection. Such a separation, though critical, has not been proposed to date

CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments

Awareness of cybersecurity topics facilitates software developers to produce secure code. This awareness is especially important in industrial environments for the products and services in critical infrastructures. In this work, we address how to raise awareness of software developers on the topic of secure coding. We propose the "CyberSecurity Challenges", a serious game designed to be used in an industrial environment and address software developers' needs. Our work distils the experience gained in conducting these CyberSecurity Challenges in an industrial setting. The main contributions are the design of the CyberSecurity Challenges events, the analysis of the perceived benefits, and practical advice for practitioners who wish to design or refine these games.Comment: Preprint accepted for publication at the 16th International Conference on Wirtschaftsinformati

CyberSecurity Challenges: Serious Games for Awareness Training in Industrial Environments

Awareness of cybersecurity topics, e.g., related to secure coding guidelines, enables software developers to write secure code. This awareness is vital in industrial environments for the products and services in critical infrastructures. In this work, we introduce and discuss a new serious game designed for software developers in the industry. This game addresses software developers' needs and is shown to be well suited for raising secure coding awareness of software developers in the industry. Our work results from the experience of the authors gained in conducting more than ten CyberSecurity Challenges in the industry. The presented game design, which is shown to be well accepted by software developers, is a novel alternative to traditional classroom training. We hope to make a positive impact in the industry by improving the cybersecurity of products at their early production stages.Comment: Preprint accepted for publication at the 17. Deutscher IT-Sicherheitskongress. arXiv admin note: substantial text overlap with arXiv:2102.0534

Automated Java Challenges\u27 Security Assessment for Training in Industry - Preliminary Results

Secure software development is a crucial topic that companies need to address to develop high-quality software. However, it has been shown that software developers lack secure coding awareness. In this work, we use a serious game approach that presents players with Java challenges to raise Java programmers' secure coding awareness. Towards this, we adapted an existing platform, embedded in a serious game, to assess Java secure coding exercises and performed an empirical study. Our preliminary results provide a positive indication of our solution's viability as a means of secure software development training. Our contribution can be used by practitioners and researchers alike through an overview on the implementation of automatic security assessment of Java CyberSecurity Challenges and their evaluation in an industrial context.info:eu-repo/semantics/publishedVersio

Assessing music ontologies for the development of a complex database

UID/EAT/00472/2019The increasing volume and diversity of musical information has been creating a challenge for the uniform creation, reuse and sharing of this kind of information. As part of addressing this challenge there has been a growing interest in musical ontologies, as a technique to support the sharing of heterogeneous musical information, both for commercial and cultural dissemination purposes. Motivated by a specific objective, in the context of the development of an information system on musicians and respective artistic production and professional career, existing ontologies for the music domain, in general, were surveyed. The purpose of this study is to support the hypothesis that this approach can not only support the specific requirement of that objective, but also facilitate the interoperability with other existing systems, with databases and catalogs built with multiple technical solutions. So far, three ontologies that were found closer to the study object of the project were analyzed, reflecting three different models: (1) The Musical Ontology framework, developed by the Center for Digital Music of Queen Mary University, London, under the direction of Prof Mark Sandler, within the scope of the projects OMRAS - Online music recognition and searching (NSF / JISC Digital Libraries Initiative, 1999-2002) and OMRAS2 - A Distributed Research Environment for Music Informatics and Computational Musicology (EPSRC grant EP / E017614 / 1, 2007-2010), and that uses the FRBR model as a reference; (2) the DOREMUS ontology, which resulted from the DOREMUS project, funded in 2014 by the Agence Nationale de la Recherche, France and that brought together three major cultural institutions: the National Library of France, the Philharmonie de Paris and Radio France, and that is based on the FRBRoo model; and (3) the Performed Music Ontology, an extension of the BIBFRAME ontology, first released in April 2017, as a result of a project funded by the Andrew W. Mellon Foundation for Linked Data for Production (LD4P), led by the Stanford University Libraries, in collaboration with five other libraries: Columbia, Cornell, Harvard, Princeton and the Library of Congress. This paper presents the purpose of the motivating project for the research, aggregation and consolidation of information on musicians and respective artistic production and professional career, and the assessment of these three significant music ontologies as relevant sources of inspiration for the design of the knowledge base for that project.publishersversionpublishe

Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis

To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study

The impact of safety politics in the current globalization context

The globalization is a process of economical, social, cultural and political integration motivated by the needs generated by a consumption-orientated society and a set of factors that have led to its development, such as reducing transport costs, the technological advancement and the development of communication networks. However, the phenomenon of globalization has been accompanied by increasing levels of insecurity as a result of various types of threats and transnational crimes that the International Community seeks to control and minimize. Throughout this work, we examined how the globalization process has been developing and how nations are able to maintain security levels consistent with their economical status and social development, without disturbing the normal course of organizations’ economical activity and the well-being of people. From the investigation developed we concluded that, besides the confirmation that economic integration and the opening of markets have influence on internal consumption, market globalization and migrations have been causing modifications in the consumption habits. We also concluded that the security measures implemented by States or by the International Community affect international trade, but do not imply disproportionate costs or significant delays in transactions. Likewise, we concluded that the control measures implemented in international trade are sufficient to ensure the safety of the people and nations, enabling us to confirm two of the three conjectures raised in this study

Raising Security Awareness using Cybersecurity Challenges in Embedded Programming Courses

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.Comment: Preprint accepted for publication at the First International Conference on Code Quality (ICCQ 2021

Pollen Analysis of Food Pots Stored by Melipona subnitida Ducke (Hymenoptera: Apidae) in a Restinga area

The geographic distribution of Melipona subnitida covers the dry areas in the northeastern Brazil, where it plays an important role as pollinator of many wild plant species. In the current study, the botanical species this bee uses as pollen and nectar sources in a restinga area of the Maranhão State, Brazil, were identified by analyzing pollen grains present in their storage pots in the nests. Samples were collected from five colonies bimonthly, from April 2010 to February 2011. In all the samples, 58 pollen types were identified; the families Fabaceae (8) and Myrtaceae (5) had the largest number of pollen types. In the pollen pots, 52 pollen types were identified; Fabaceae, Melastomataceae, Myrtaceae and Dilleniaceae species were dominant. In honey samples, 50 pollen types were found, with a predominance of nectariferous and polliniferous plant species. Out of the total of pollen types from nectariferous plants identified in honey, 20 pollen types contributed to the honey composition. Humiria balsamifera occurred in high frequency and was predominant in October. Chrysobalanus icaco, Coccoloba sp., Cuphea tenella and Borreria verticillata were also important for honey composition. The occurrence of a high number of minor pollen types indicated that M. subnitida visits many species in the locality; however, it was possible to observe that its floral preferences are very similar to those from other Melipona species

O desenvolvimento profissional docente: a função supervisiva do coordenador de ano do 1º ciclo

Dissertação apresentada à Escola Superior de Educação de Lisboa para obtenção de grau de mestre em Ciências da Educação, especialidade de Supervisão em EducaçãoO presente estudo tem como objectivo principal saber como é perspectivada a função supervisiva do Coordenador de Ano do 1º Ciclo, procurando compreender as concepções dos intervenientes sobre as finalidades e modos de funcionamento deste órgão, de criação relativamente recente e que não existe em todos os Agrupamentos e escolas do 1º Ciclo. Neste sentido, estudámos o caso das Coordenações de Ano numa Escola do 1º Ciclo, inserida num Agrupamento Vertical de Escolas da região da Grande Lisboa. Utilizámos a entrevista semi-directiva para sabermos as concepções da Adjunta da Directora, dos quatro Coordenadores de Ano da Escola e de quatro Professores Titulares de Turma sobre as características e funções deste órgão. Realizámos ainda a análise das actas das reuniões de ano em dois momentos distintos: no final de um ano lectivo e no início do seguinte (fim do 1º período), para a identificar os objectivos e formas de organização de reuniões de coordenação de ano no 1º CEB e os eixos de acção dos seus coordenadores, nomeadamente o exercício da função supervisiva. Através dos dados obtidos pelas duas técnicas, concluímos que existe, nesta escola, o reconhecimento da importância das coordenações de ano, enquanto órgãos intermédios, embora este reconhecimento parta mais da Direcção do Agrupamento e dos professores, do que dos próprios coordenadores. Existe algum consenso sobre as funções do Coordenador de Ano, ao nível da coordenação e da gestão e que a correcta execução desse papel exige ainda a atribuição de tempo para coordenação no horário destes profissionais. No que diz respeito às funções de supervisão, embora exista já reconhecimento da sua necessidade e estejam a ser dados alguns passos nesse campo, parece-nos que será necessário aprofundar competências específicas de supervisão dos coordenadores, de forma que estes propiciem um ambiente estimulador do desenvolvimento profissional, baseando as reuniões na reflexão sobre a prática e na procura de soluções e inovações para o desenvolvimento curricular. Parece-nos também importante desenvolver competências de suporte mútuo entre os professores de um mesmo ano de escolaridade, uma vez que um ambiente de colaboração nas escolas cria as condições para o sucesso de qualquer processo supervisivo.ABSTRACT The main goal of this study is to know how the function of supervisor of the Coordinator of Grade in a Primary School (1st cycle) is foreseen, trying to understand the conceptions of the participants on the purposes and methods of operation of this relatively recent created body of middle management that is not yet present in all groupings and schools of the 1st cycle. In order to do so, we studied the management of the School Grade Coordinators of the 1st cycle, inserted in the Vertical Group of Schools of Great Lisbon. We used the semi-directive type of interview to find out the views of the Deputy Director, of the four coordinators of school year and also of four classroom teachers about the characteristics and functions of this body of management. We conducted further analysis of the minutes of teachers’ grade reunions in two different moments: at the end of each school year and early next (end of 1st period), to identify the objectives and forms of organization of coordination meetings of the year in the 1st CEB and the axes of action of their coordinators, including the exercise of supervision. Using data obtained by both techniques, we conclude that there is in this school, the recognition of the importance of coordination of year, while intermediary bodies of management, although this draws more recognition from the Directorate of Grouping and teachers, than from the Coordinators themselves. There is some consensus about the functions of the Coordinator of Grade at coordination and management level and that the proper execution of this role also requires the placement of time for coordination in the time-schedule of these professionals. With regard to the functions of supervision, while there is already recognition of its necessity and some steps in this field are being taken, it seems necessary to further supervise the expertise of the Coordinators, so they can provide their colleagues with a stimulating environment conducting to a professional development, basing their meetings on reflection about their school practice and seeking solutions and innovations for curriculum development. It also seems important to develop skills of mutual support among teachers of the same grade, since a collaborative environment in schools creates the conditions for the success of any supervisory process