| 5121. |
- Mourão, Erica, et al.
(författare)
-
On the performance of hybrid search strategies for systematic literature reviews in software engineering
- 2020
-
Ingår i: Information and Software Technology. - : Elsevier B.V.. - 0950-5849 .- 1873-6025. ; 123
-
Tidskriftsartikel (refereegranskat)abstract
- Context: When conducting a Systematic Literature Review (SLR), researchers usually face the challenge of designing a search strategy that appropriately balances result quality and review effort. Using digital library (or database) searches or snowballing alone may not be enough to achieve high-quality results. On the other hand, using both digital library searches and snowballing together may increase the overall review effort. Objective: The goal of this research is to propose and evaluate hybrid search strategies that selectively combine database searches with snowballing. Method: We propose four hybrid search strategies combining database searches in digital libraries with iterative, parallel, or sequential backward and forward snowballing. We simulated the strategies over three existing SLRs in SE that adopted both database searches and snowballing. We compared the outcome of digital library searches, snowballing, and hybrid strategies using precision, recall, and F-measure to investigate the performance of each strategy. Results: Our results show that, for the analyzed SLRs, combining database searches from the Scopus digital library with parallel or sequential snowballing achieved the most appropriate balance of precision and recall. Conclusion: We put forward that, depending on the goals of the SLR and the available resources, using a hybrid search strategy involving a representative digital library and parallel or sequential snowballing tends to represent an appropriate alternative to be used when searching for evidence in SLRs. © 2020 Elsevier B.V.
|
|
| 5122. |
- Mouritz, Mike, et al.
(författare)
-
Leadership in Sustainability : Collective Wisdom, Conversations, Creativity, Contemplation and Courage, the Five Pillars of a Master’s Teaching Unit
- 2022
-
Ingår i: Sustainability. - : MDPI. - 2071-1050. ; 14:9
-
Tidskriftsartikel (refereegranskat)abstract
- This paper provides an overview of insights and lessons learned from nearly 20 years of running a Master’s unit called Leadership in Sustainability and how it has been used to foster change agents in small business enterprises, as well as other parts of our economy and community. The unit is based on five ‘C’ pillars, which are discussed in this paper to show how the teaching was able to assist potential leaders in their journey towards sustainability. Collective Wisdom is the theory of how leaders have used their imagination to solve collective ‘wicked problems’ and how sustainability requires such wisdom. The unit covers such theory from innovation, complexity, leadership, management and sustainability literatures, and the students are required to show they used this in solving a problem. Conversations are the main tool that is used because only through integrating diverse opinions have solutions been found to such problems as sustainability. The unit is based around case studies from leaders (including SMEs) who have approached sustainability from various perspectives, and conversations were created with the leaders to illustrate this. Creativity is introduced as a tool that draws upon different layers of perspectives on how to tackle wicked problems, as well as facilitating the breadth of conversations and actions required to solve them. The unit requires students to make a creativity contribution and the teachers provide assistance in how to make this work. Contemplation is designed to show how leadership requires reflection to enable the creativity and conversations to reach the depth and breadth required. The unit introduces students to the Theory-U tools to help instil the link between creativity and reflection or contemplation in addressing sustainability challenges and enabling leadership that creates change in personal, organizational and social systems. Finally, Courage is shown as a necessary part of the role of a leader in sustainability to make the magic of collective and creative solutions, based on conversations and contemplation, come to life through a demonstration-based transition. © 2022 by the authors. Licensee MDPI, Basel, Switzerland.
|
|
| 5123. |
- Moyón, Fabiola, et al.
(författare)
-
A Light-Weight Tool for the Self-assessment of Security Compliance in Software Development : An Industry Case
- 2020
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer. - 9783030389185 ; , s. 403-416
-
Konferensbidrag (refereegranskat)abstract
- Companies are often challenged to modify and improve their software development processes in order to make them compliant with security standards. The complexity of these processes renders it difficult for practitioners to validate and foresee the effort required for compliance assessments. Further, performing gap analyses when processes are not yet mature enough is costly and involving auditors in early stages is, in our experience, often inefficient. An easier and more productive approach is conducting a self-assessment. However, practitioners, in particular developers, quality engineers, and product owners face difficulties to identify security-relevant process artifacts as required by standards. They would benefit from a proper and light-weight tool to perform early compliance assessments of their processes w.r.t. security standards before entering an in-depth audit. In this paper, we report on our current effort at Siemens Corporate Technology to develop such a light-weight assessment tool to assess the security compliance of software development processes with the IEC 62443-4-1 standard, and we discuss first results from an interview-based evaluation. © 2020, Springer Nature Switzerland AG.
|
|
| 5124. |
- Moyón, Fabiola, et al.
(författare)
-
How to Integrate Security Compliance Requirements with Agile Software Engineering at Scale?
- 2020
-
Ingår i: Lecture Notes in Computer Science. - Cham : Springer Science+Business Media B.V.. - 9783030641474 ; , s. 69-87
-
Konferensbidrag (refereegranskat)abstract
- Integrating security into agile software development is an open issue for research and practice. Especially in strongly regulated industries, complexity increases not only when scaling agile practices but also when aiming for compliance with security standards. To achieve security compliance in a large-scale agile context, we developed S2C-SAFe: An extension of the Scaled Agile Framework that is compliant to the security standard IEC 62443-4-1 for secure product development. In this paper, we present the framework and its evaluation by agile and security experts within Siemens’ large-scale project ecosystem. We discuss benefits and limitations as well as challenges from a practitioners’ perspective. Our results indicate that S2C-SAFe contributes to successfully integrating security compliance with lean and agile development in regulated environments. We also hope to raise awareness for the importance and challenges of integrating security in the scope of Continuous Software Engineering. © 2020, Springer Nature Switzerland AG.
|
|
| 5125. |
- Moyón, Fabiola, et al.
(författare)
-
Industrial Challenges in Secure Continuous Development
- 2024
-
Ingår i: ACM International Conference Proceeding Series. - : Association for Computing Machinery (ACM). - 9798400705007 ; , s. 309-311
-
Konferensbidrag (refereegranskat)abstract
- The intersection between security and continuous software engineering has been of great interest since the early years of the agile development movement, and it remains relevant as software development processes are more frequently guided by agility and the adoption of DevOps. Several authors have contributed studies about the framing of secure agile development and secure DevOps, motivating academic contributions to methods and practices, but also discussions around benefits and challenges. Especially the challenges captured also our interest since, for the last few years, we are conducting research on secure continuous software engineering from a more applied, practical perspective with the overarching aim to introduce solutions that can be adopted at scale. The short positioning at hands summarizes a relevant part of our endeavors in which we validated challenges with several practitioners of different roles. More than framing a set of challenges, we conclude by presenting four key research directions we identified for practitioners and researchers to delineate future work. Copyright © 2024 held by the owner/author(s).
|
|
| 5126. |
- Moyón, Fabiola, et al.
(författare)
-
Integration of Security Standards in DevOps Pipelines : An Industry Case Study
- 2020
-
Ingår i: Lecture Notes in Computer Science. - Cham : Springer Science+Business Media B.V.. - 9783030641474 ; , s. 434-452
-
Konferensbidrag (refereegranskat)abstract
- In the last decade, companies adopted DevOps as a fast path to deliver software products according to customer expectations, with well aligned teams and in continuous cycles. As a basic practice, DevOps relies on pipelines that simulate factory swim-lanes. The more automation in the pipeline, the shorter a lead time is supposed to be. However, applying DevOps is challenging, particularly for industrial control systems (ICS) that support critical infrastructures and that must obey to rigorous requirements from security regulations and standards. Current research on security compliant DevOps presents open gaps for this particular domain and in general for systematic application of security standards. In this paper, we present a systematic approach to integrate standard-based security activities into DevOps pipelines and highlight their automation potential. Our intention is to share our experiences and help practitioners to overcome the trade-off between adding security activities into the development process and keeping a short lead time. We conducted an evaluation of our approach at a large industrial company considering the IEC 62443-4-1 security standard that regulates ICS. The results strengthen our confidence in the usefulness of our approach and artefacts, and in that they can support practitioners to achieve security compliance while preserving agility including short lead times. © 2020, Springer Nature Switzerland AG.
|
|
| 5127. |
- Moyon, Fabiola, et al.
(författare)
-
Security Compliance in Agile Software Development : A Systematic Mapping Study
- 2020
-
Ingår i: Proceedings - 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728195322 ; , s. 413-420
-
Konferensbidrag (refereegranskat)abstract
- Companies adopting agile development tend to face challenges in complying with security norms. Existing research either focuses on how to integrate security into agile methods or on discussing compliance issues of agile methods but independently of the regulation type, in particular of security standards. A comprehensive overview of this scattered field is still missing and we know little about how to achieve security compliance in agile software development. Existing secondary studies (mapping studies and literature reviews) analyze publications on secure agile development, but they do not analyze implications of security standard compliance, e.g., integration of specific standard requirements or compliance assessments. To close this gap, we report on a systematic mapping study. Starting with a set of 2,383 papers, our work distills 11 relevant publications addressing security compliance in agile software development. With this study, we contribute by describing the maturity of the field, as well as domains where security compliant agile software engineering was investigated. Moreover, we make explicit which phases of a secure development process are covered by the field and which agile principles are analyzed when aiming at compliance with international security standards, country-specific security regulations, industry-specific security standards, and other well-known security frameworks. © 2020 IEEE.
|
|
| 5128. |
- Moyón, Fabiola, et al.
(författare)
-
Using Process Models to Understand Security Standards
- 2021
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer Science and Business Media Deutschland GmbH. - 9783030677305 ; , s. 458-471
-
Konferensbidrag (refereegranskat)abstract
- Many industrial software development processes today have to comply with security standards such as the IEC 62443-4-1. These standards, written in natural language, are ambiguous and complex to understand. This is especially true for non-security experts. Security practitioners thus invest much effort into comprehending standards and, later, into introducing them to development teams. However, our experience in the industry shows that development practitioners might very well also read such standards, but nevertheless end up inviting experts for interpretation (or confirmation). Such a scenario is not in tune with current trends and needs of increasing velocity in continuous software engineering. In this paper, we propose a tool-supported approach to make security standards more precise and easier to understand for both non-security as well as security experts by applying process models. This approach emerges from a large industrial company and encompasses so far the IEC 62443-4–1 standard. We further present a case study with 16 industry practitioners showing how the approach improves communication between development and security compliance practitioners. © 2021, Springer Nature Switzerland AG.
|
|
| 5129. |
- Mugalu, Gerald, et al.
(författare)
-
An Assessment of the Flood Plain of River Malaba Catchment
- 2013
-
Konferensbidrag (refereegranskat)abstract
- Abstract Flooding due to excessive rainfall is a frequent hazard in the flood plains of River Malaba catchment. This paper documents the study that involved predicting of the annual peak flows for river Malaba catchment, determining its magnitude and predicting the extent of flood depth within its flood plain. The flow data was analysed to ascertain its applicability and reliability for frequency analysis. F-test and t-test were conducted to check the stability of the data’s variance and mean respectively. The technique involved the use of observed annual peak flow data to compute statistical information such as mean values, standard deviation, skewness and recurrence intervals. The statistical data were then used to construct frequency distributions. Log-Pearson Type III distribution was used to predict the annual peak discharge of the river for the period 1950 to 1980. The results obtained indicated that the peak flow values for river Malaba were increasing with increasing return period. The estimated discharges obtained for each return period were used to model the flood using HEC-RAS and ArcGIS. There was a general increase in the predicted size of the flood plain with increasing return period. A DEM of a better resolution than 90 Meters is envisaged to result in better flood depth results. The use of directly generated coordinates to delineate the stream flow paths is recommended. The flood frequency results from this study can be used as a guide in determining the capacity of such structures as highway bridges and culverts.
|
|
| 5130. |
- Mugga, Charles, et al.
(författare)
-
Performance Comparison of IPv6 Multihoming and Mobility Protocols
- 2014
-
Konferensbidrag (refereegranskat)abstract
- Multihoming and mobility protocols enable computing devices to stay always best connected (ABC) to the Internet. The focus of our study is on handover latency and rehoming time required by such protocols. We used simulations in OMNeT++ to study the performance of the following protocols that support multihoming, mobility or a combination thereof: Mobile IPv6 (MIPv6), Multiple Care-of Address Registration (MCoA), Stream Control Transmission Protocol (SCTP), and Host Identity Proto- col (HIP). Our results indicate that HIP shows best performance in all scenarios considered.
|
|
