Communicating conflict and ambiguity in requirements engineering

Lancaster UniversityEffective requirements engineering in the presence of imperfection remains a major research problem. There is a lack of metaphors to aid communication about such imperfections during consultation with stakeholders. The aim of this thesis research is to improve the identification, communication, and handling of ambiguity and conflict in non-functional requirements, inadvertently introduced during the RE process. The thesis proposes a new approach based in the jigsaw puzzle metaphor, which is a novel contribution in the area of visual metaphors, and as a communication mechanism to make conflict and ambiguity explicit during stakeholder consultation meetings. This metaphor is based on jigsaw puzzles, where each puzzle piece represents a requirement. When the requirement text contains ambiguities and/or conflicts with other requirements, the respective puzzle pieces almost fit together but not perfectly. The approach presents heuristics to identify the most pertinent conflicts and ambiguities to handle and thus to make explicit through the badly-fitting matches. The gamming nature of the jigsaw puzzle metaphor, the fact it presents an easy to understand and learn language, as well as the analogy with misshapen graphical visualization (the badly-fitting matches) to represent that there is a problem, and its adequacy to a creative task as RE is; altogether are key characteristics that contribute to the adequacy and success of the jigsaw puzzle metaphor when used in stakeholder consultation meetings. In fact the jigsaw puzzle metaphor used together with the proposed method for conducting the consultation meetings with the stakeholders proved successful in: Increasing effectiveness when compared with text presentation. Fostering team work and communication, and improving commitment of stakeholders in co-authoring of requirements and co-responsibility in ambiguity and conflict handling. Promoting a relaxed environment to improve team cooperation and creativity. A key contribution of this thesis is its focus on separating the processing of the information about the imperfection from the issue of communicating that imperfection. Such a separation, though critical, has not been proposed to date

CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments

Awareness of cybersecurity topics facilitates software developers to produce secure code. This awareness is especially important in industrial environments for the products and services in critical infrastructures. In this work, we address how to raise awareness of software developers on the topic of secure coding. We propose the "CyberSecurity Challenges", a serious game designed to be used in an industrial environment and address software developers' needs. Our work distils the experience gained in conducting these CyberSecurity Challenges in an industrial setting. The main contributions are the design of the CyberSecurity Challenges events, the analysis of the perceived benefits, and practical advice for practitioners who wish to design or refine these games.Comment: Preprint accepted for publication at the 16th International Conference on Wirtschaftsinformati

Automated Java Challenges\u27 Security Assessment for Training in Industry - Preliminary Results

Secure software development is a crucial topic that companies need to address to develop high-quality software. However, it has been shown that software developers lack secure coding awareness. In this work, we use a serious game approach that presents players with Java challenges to raise Java programmers' secure coding awareness. Towards this, we adapted an existing platform, embedded in a serious game, to assess Java secure coding exercises and performed an empirical study. Our preliminary results provide a positive indication of our solution's viability as a means of secure software development training. Our contribution can be used by practitioners and researchers alike through an overview on the implementation of automatic security assessment of Java CyberSecurity Challenges and their evaluation in an industrial context.info:eu-repo/semantics/publishedVersio

CyberSecurity Challenges: Serious Games for Awareness Training in Industrial Environments

Awareness of cybersecurity topics, e.g., related to secure coding guidelines, enables software developers to write secure code. This awareness is vital in industrial environments for the products and services in critical infrastructures. In this work, we introduce and discuss a new serious game designed for software developers in the industry. This game addresses software developers' needs and is shown to be well suited for raising secure coding awareness of software developers in the industry. Our work results from the experience of the authors gained in conducting more than ten CyberSecurity Challenges in the industry. The presented game design, which is shown to be well accepted by software developers, is a novel alternative to traditional classroom training. We hope to make a positive impact in the industry by improving the cybersecurity of products at their early production stages.Comment: Preprint accepted for publication at the 17. Deutscher IT-Sicherheitskongress. arXiv admin note: substantial text overlap with arXiv:2102.0534

Assessing music ontologies for the development of a complex database

UID/EAT/00472/2019The increasing volume and diversity of musical information has been creating a challenge for the uniform creation, reuse and sharing of this kind of information. As part of addressing this challenge there has been a growing interest in musical ontologies, as a technique to support the sharing of heterogeneous musical information, both for commercial and cultural dissemination purposes. Motivated by a specific objective, in the context of the development of an information system on musicians and respective artistic production and professional career, existing ontologies for the music domain, in general, were surveyed. The purpose of this study is to support the hypothesis that this approach can not only support the specific requirement of that objective, but also facilitate the interoperability with other existing systems, with databases and catalogs built with multiple technical solutions. So far, three ontologies that were found closer to the study object of the project were analyzed, reflecting three different models: (1) The Musical Ontology framework, developed by the Center for Digital Music of Queen Mary University, London, under the direction of Prof Mark Sandler, within the scope of the projects OMRAS - Online music recognition and searching (NSF / JISC Digital Libraries Initiative, 1999-2002) and OMRAS2 - A Distributed Research Environment for Music Informatics and Computational Musicology (EPSRC grant EP / E017614 / 1, 2007-2010), and that uses the FRBR model as a reference; (2) the DOREMUS ontology, which resulted from the DOREMUS project, funded in 2014 by the Agence Nationale de la Recherche, France and that brought together three major cultural institutions: the National Library of France, the Philharmonie de Paris and Radio France, and that is based on the FRBRoo model; and (3) the Performed Music Ontology, an extension of the BIBFRAME ontology, first released in April 2017, as a result of a project funded by the Andrew W. Mellon Foundation for Linked Data for Production (LD4P), led by the Stanford University Libraries, in collaboration with five other libraries: Columbia, Cornell, Harvard, Princeton and the Library of Congress. This paper presents the purpose of the motivating project for the research, aggregation and consolidation of information on musicians and respective artistic production and professional career, and the assessment of these three significant music ontologies as relevant sources of inspiration for the design of the knowledge base for that project.publishersversionpublishe

Recognition and naming test of the Portuguese population for national and international celebrities

Research on familiar faces has been conducted in different countries and resort to celebrities faces, stimuli that are highly constrained by geographic context and cultural peculiarities, since many celebrities are only famous in particular countries. Despite their relevance to psychological research, there are no normative studies of celebrities’ facial recognition in Portugal. We developed a database with 160 black and white pictures of famous persons' faces in this work. The data collection took place in two different studies. In study 1, participants were asked to recognize and name celebrity faces; while in study 2, celebrity names were rated for AoA, familiarity, and distinctiveness. Data were gathered from two different samples of Portuguese young adults aged between 18 and 25 years old, and both procedures were performed online through a questionnaire created in Qualtrics software. This database provides ratings of AoA, familiarity, facial distinctiveness, recognition rate, and naming rate for each celebrity, which will allow further selection of celebrities, based on these five attributes, for studies using Portuguese samples. Also, possible relationships between these five variables were analyzed and presented, highlighting facial distinctiveness as a predictor for both naming and recognition rate of celebrity faces.This study was conducted at the Psychology Research Centre (PSI/01662), University of Minho, and supported by the Portuguese Foundation for Science and Technology and the Portuguese Ministry of Science, Technology and Higher Education through national funds and co-financed by FEDER through COMPETE2020 under the PT2020 Partnership Agreement

Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis

To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study

The impact of safety politics in the current globalization context

The globalization is a process of economical, social, cultural and political integration motivated by the needs generated by a consumption-orientated society and a set of factors that have led to its development, such as reducing transport costs, the technological advancement and the development of communication networks. However, the phenomenon of globalization has been accompanied by increasing levels of insecurity as a result of various types of threats and transnational crimes that the International Community seeks to control and minimize. Throughout this work, we examined how the globalization process has been developing and how nations are able to maintain security levels consistent with their economical status and social development, without disturbing the normal course of organizations’ economical activity and the well-being of people. From the investigation developed we concluded that, besides the confirmation that economic integration and the opening of markets have influence on internal consumption, market globalization and migrations have been causing modifications in the consumption habits. We also concluded that the security measures implemented by States or by the International Community affect international trade, but do not imply disproportionate costs or significant delays in transactions. Likewise, we concluded that the control measures implemented in international trade are sufficient to ensure the safety of the people and nations, enabling us to confirm two of the three conjectures raised in this study

Raising Security Awareness using Cybersecurity Challenges in Embedded Programming Courses

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.Comment: Preprint accepted for publication at the First International Conference on Code Quality (ICCQ 2021

Pollen Analysis of Food Pots Stored by Melipona subnitida Ducke (Hymenoptera: Apidae) in a Restinga area

The geographic distribution of Melipona subnitida covers the dry areas in the northeastern Brazil, where it plays an important role as pollinator of many wild plant species. In the current study, the botanical species this bee uses as pollen and nectar sources in a restinga area of the Maranhão State, Brazil, were identified by analyzing pollen grains present in their storage pots in the nests. Samples were collected from five colonies bimonthly, from April 2010 to February 2011. In all the samples, 58 pollen types were identified; the families Fabaceae (8) and Myrtaceae (5) had the largest number of pollen types. In the pollen pots, 52 pollen types were identified; Fabaceae, Melastomataceae, Myrtaceae and Dilleniaceae species were dominant. In honey samples, 50 pollen types were found, with a predominance of nectariferous and polliniferous plant species. Out of the total of pollen types from nectariferous plants identified in honey, 20 pollen types contributed to the honey composition. Humiria balsamifera occurred in high frequency and was predominant in October. Chrysobalanus icaco, Coccoloba sp., Cuphea tenella and Borreria verticillata were also important for honey composition. The occurrence of a high number of minor pollen types indicated that M. subnitida visits many species in the locality; however, it was possible to observe that its floral preferences are very similar to those from other Melipona species