Abstract Software ecosystems are becoming a common model for software development in which different actors cooperate around a shared platform. However, it is not clear what the implications are on software quality when moving from a traditional approach to an ecosystem, and this is becoming increasingly important as ecosystems emerge in critical domains such as embedded applications. Therefore, this paper investigates the challenges related to quality assurance in software ecosystems, and identifies what approaches have been proposed in the literature. The research method used is a systematic literature mapping, which however only resulted in a small set of six papers. The literature findings are complemented with a constructive approach where areas are identified that merit further research, resulting in a set of research topics that form a research agenda for quality assurance in software ecosystems. The agenda spans the entire system life-cycle, and focuses on challenges particular to an ecosystem setting, which are mainly the results of the interactions across organizational borders, and the dynamic system integration being controlled by the users.
Selecting sourcing options for software assets and components is an important process that helps companies to gain and keep their competitive advantage. The sourcing options include: in-house, COTS, open source and outsourcing. The objective of this paper is to further refine, extend and validate a solution presented in our previous work. The refinement includes a set of decision-making activities, which are described in the form of a process-line that can be used by decision-makers to build their specific decision-making process. We conducted five case studies in three companies to validate the coverage of the set of decision-making activities. The solution in our previous work was validated in two cases in the first two companies. In the validation, it was observed that no activity in the proposed set was perceived to be missing, although not all activities were conducted and the activities that were conducted were not executed in a specific order. Therefore, the refinement of the solution into a process-line approach increases the flexibility and hence it is better in capturing the differences in the decision-making processes observed in the case studies. The applicability of the process-line was then validated in three case studies in a third company
Due to the complexity of today's embedded systems and time-to-market competition between companies developing embedded systems, system architects have to perform a complex task. To design a system which meets all its quality requirements becomes increasingly difficult because of customer demand for new innovative user functions. Methods and tools are needed to assist the architect during system design. The goal of this paper is to show how metaheuristic optimization approaches can improve the process of designing efficient architectures for a set of given quality attributes. A case study is conducted in which an architecture optimization framework is applied to an existing sub-system in the automotive industry. The case study shows that metaheuristic optimization approaches can find efficient solutions for all quality attributes while fulfilling given constraints. By optimizing multiple quality attributes the framework proposes revolutionary architecture solutions in contrast to human architects, who tend to propose solutions based on previous architectures. Although the case study shows savings in manual effort, it also shows that the proposed architecture solutions should be assessed by the human architect. So, the paper demonstrates how an architecture optimization framework complements the domain knowledge and experience of the architect.
The increasing functionality and complexity of automotive applications requires not only the use of more powerful hardware, e.g., multi-core processors, but also efficient methods and tools to support design decisions. Component-based software engineering proved to be a promising solution for managing software complexity and allowing for reuse. However, there are several challenges inherent in the intersection of resource efficiency and predictability of multi-core processors when it comes to running component-based embedded software. In this paper, we present a software design framework addressing these challenges. The framework includes both mapping of software components onto executable tasks, and the partitioning of the generated task set onto the cores of a multi-core processor. This paper aims at enhancing resource efficiency by optimizing the software design with respect to: 1) the inter-software-components communication cost, 2) the cost of synchronization among dependent transactions of software components, and 3) the interaction of software components with the basic software services. An engine management system, one of the most complex automotive sub-systems, is considered as a use case, and the experimental results show a reduction of up to 11.2% total CPU usage on a quad-core processor, in comparison with the common framework in the literature.
Context: Container-based virtualization is gaining popularity in different domains, as it supports continuous development and improves the efficiency and reliability of run-time environments. Problem: Different techniques are proposed for monitoring the security of containers. However, there are no guidelines supporting the selection of suitable techniques for the tasks at hand. Objective: We aim to support the selection and design of techniques for monitoring container-based virtualization environments. Approach:: First, we review the literature and identify techniques for monitoring containerized environments. Second, we classify these techniques according to a set of categories, such as technical characteristic, applicability, effectiveness, and evaluation. We further detail the pros and cons that are associated with each of the identified techniques. Result: As a result, we present CONSERVE, a multi-dimensional decision support framework for an informed and optimal selection of a suitable set of container monitoring techniques to be implemented in different application domains. Evaluation: A mix of eighteen researchers and practitioners evaluated the ease of use, understandability, usefulness, efficiency, applicability, and completeness of the framework. The evaluation shows a high level of interest, and points out to potential benefits. © 2021 The Authors
A long-lasting endeavor in the area of software project management is minimizing the risks caused by under- or over-estimations of the overall effort required to build new software systems. Deciding which method to use for achieving accurate cost estimations among the many methods proposed in the relevant literature is a significant issue for project managers. This paper investigates whether it is possible to improve the accuracy of estimations produced by popular non-parametric techniques by coupling them with a linear component, thus producing a new set of techniques called semi-parametric models (SPMs). The non-parametric models examined in this work include estimation by analogy (EbA), artificial neural networks (ANN), support vector machines (SVM) and locally weighted regression (LOESS). Our experimentation shows that the estimation ability of SPMs is superior to their non-parametric counterparts, especially in cases where both a linear and non-linear relationship exists between software effort and the related cost drivers. The proposed approach is empirically validated through a statistical framework which uses multiple comparisons to rank and cluster the models examined in non-overlapping groups performing significantly different.
With the increasing prevalence of open and connected products, cybersecurity has become a serious issue in safety-critical domains such as the automotive industry. As a result, regulatory bodies have become more stringent in their requirements for cybersecurity, necessitating security assurance for products developed in these domains. In response, companies have implemented new or modified processes to incorporate security into their product development lifecycle, resulting in a large amount of evidence being created to support claims about the achievement of a certain level of security. However, managing evidence is not a trivial task, particularly for complex products and systems. This paper presents a qualitative interview study conducted in six companies on the maturity of managing security evidence in safety-critical organizations. We find that the current maturity of managing security evidence is insufficient for the increasing requirements set by certification authorities and standardization bodies. Organizations currently fail to identify relevant artifacts as security evidence and manage this evidence on an organizational level. One part of the reason are educational gaps, the other a lack of processes. The impact of AI on the management of security evidence is still an open question.
Context: Quality requirements are important for product success yet often handled poorly. The problems with scope decision lead to delayed handling and an unbalanced scope. Objective: This study characterizes the scope decision process to understand influencing factors and properties affecting the scope decision of quality requirements. Method: We studied one company's scope decision process over a period of five years. We analyzed the decisions artifacts and interviewed experienced engineers involved in the scope decision process. Results: Features addressing quality aspects explicitly are a minor part (4.41%) of all features handled. The phase of the product line seems to influence the prevalence and acceptance rate of quality features. Lastly, relying on external stakeholders and upfront analysis seems to lead to long lead-times and an insufficient quality requirements scope. Conclusions: There is a need to make quality mode explicit in the scope decision process. We propose a scope decision process at a strategic level and a tactical level. The former to address long-term planning and the latter to cater for a speedy process. Furthermore, we believe it is key to balance the stakeholder input with feedback from usage and market in a more direct way than through a long plan-driven process.
Software systems are increasingly depending on data, particularly with the rising use of machine learning, and developers are looking for new sources of data. Open Data Ecosystems (ODE) is an emerging concept for data sharing under public licenses in software ecosystems, similar to Open Source Software (OSS). It has certain similarities to Open Government Data (OGD), where public agencies share data for innovation and transparency. We aimed to explore open data ecosystems involving commercial actors. Thus, we organized five focus groups with 27 practitioners from 22 companies, public organizations, and research institutes. Based on the outcomes, we surveyed three cases of emerging ODE practice to further understand the concepts and to validate the initial findings. The main outcome is an initial conceptual model of ODEs’ value, intrinsics, governance, and evolution, and propositions for practice and further research. We found that ODE must be value driven. Regarding the intrinsics of data, we found their type, meta-data, and legal frameworks influential for their openness. We also found the characteristics of ecosystem initiation, organization, data acquisition and openness be differentiating, which we advise research and practice to take into consideration. © 2021 The Author(s)
Education in Software Engineering has to both teach technical content such as databases and programming but also organisational skills such as team work and project management. While the former can be evaluated from a product perspective, the latter are usually embedded in a Software Engineering process and need to be assessed and adapted throughout their implementation. The in-action property of processes puts a strain on teachers since we cannot be present throughout the students’ work. To address this challenge we have adopted workshops to teach Scrum by building a Lego city in short sprints to focus on the methodological content. In this way we can be present throughout the process and coach the students. We have applied the exercise in six different courses, across five different educational programmes and observed more than 450 participating students. In this paper, we report on our experiences with this approach, based on quantitative data from the students and qualitative data from both students and teachers. We give recommendations for learning opportunities and best practices and discuss the limitations of these workshops in a classroom setting. We also report on how the students transferred their methodological knowledge to software development projects in an academic setting.
Manual testing is still a predominant and an important approach for validation of computer systems, particularly in certain domains such as safety-critical systems. Knowing the execution time of test cases is important to perform test scheduling, prioritization and progress monitoring. In this work, we present, apply and evaluate ESPRET (EStimation and PRediction of Execution Time) as our tool for estimating and predicting the execution time of manual test cases based on their test specifications. Our approach works by extracting timing information for various steps in manual test specification. This information is then used to estimate the maximum time for test steps that have not previously been executed, but for which textual specifications exist. As part of our approach, natural language parsing of the specifications is performed to identify word combinations to check whether existing timing information on various test steps is already available or not. Since executing test cases on the several machines may take different time, we predict the actual execution time for test cases by a set of regression models. Finally, an empirical evaluation of the approach and tool has been performed on a railway use case at Bombardier Transportation (BT) in Sweden.