Harold Weffers

Extending the Agile Development Process to Develop Acceptably Secure Software

The agile software development approach makes developing secure software challenging. Existing approaches for extending the agile development process, which enables incremental and iterative software development, fall short of providing a method for efficiently ensuring the security of the software increments produced at the end of each iteration. This article (a) proposes a method for security reassurance of software increments and demonstrates it through a simple case study, (b) integrates security engineering activities into the agile software development process and uses the security reassurance method to ensure producing acceptably secure-by the business owner-software increments at the end of each iteration, and (c) discusses the compliance of the proposed method with the agile values and its ability to produce secure software increments.

A Survey of Security and Privacy in Connected Vehicles

Electronic control units (ECUs) of a vehicle control the behavior of its devices—e.g., break and engine. They communicate through the in-vehicle network. Vehicles communicate with other vehicles and road side units (RSUs) through vehicular ad-hoc networks (VANets), with personal devices through wireless personal area networks (WPANs), and with service center systems through cellular networks. A vehicle that uses an external network, in addition to the in-vehicle network, is called connected vehicle.

The Essential Elements for a Nursing Home According to Stakeholders from Healthcare and Technology: Perspectives from Multiple Simultaneous Monodisciplinary Workshops

Technology and architectural solutions are needed as a means of support in future nursing homes. This study investigated how various monodisciplinary groups of stakeholders from healthcare and technology envision the nursing home of the future and which elements are necessary for its creation. Moreover, differences in needs and interests between the various stakeholders were considered. This qualitative study gathered data via 10 simultaneous sticky note brainstorm sessions with 95 professional stakeholders, which resulted in 1459 quotes in five categories that were clustered into themes and processed into word clouds. The stakeholders prioritized the needs of the resident and placed the most importance on the fact that a nursing home is primarily a place to live in the final stages of ones life. A mix of factors related to the quality of care and the quality of the built environment and technology is needed. Given the fact that there are differences in what monodisciplinary groups of stakeholders see as an ideal nursing home, multidisciplinary approaches should be pursued in practice to incorporate as many new views and stakeholder needs as possible.

A Case for Societal Digital Security Culture

Information and communication technology systems, such as remote health care monitoring and smart mobility applications, have become indispensable parts of our lives. Security vulnerabilities in these systems could cause financial losses, privacy/safety compromises, and operational interruptions. This paper demonstrates through examples, that technical security solutions for these information systems, alone, are not sufficient to protect individuals and their assets from attacks. It proposes to complement (usable) technical solutions with Societal Digital Security Culture (SDSC): collective knowledge, common practices, and intuitive common behavior about digital security that the members of a society share. The paper also suggests a set of approaches for improving SDSC in a society and demonstrates using a case study how the suggested approaches could be integrated to compose a plan for improving SDSC.

Analyzing user interaction logs to evaluate the usability of Web applications

In this paper we describe a usability study carried out using the WebHint method to analyze the usability of four Web applications. The method is based on remote and automatic capture, and semi-automatic analysis of users interaction. The experiment and its results show how the method can be used for analyzing the behavior of users interacting with online applications, in order to obtain a comprehensive view about the usability of these applications.

Discovering and analyzing patterns of usage to detect usability problems in web applications

In this paper we describe two usability studies in which the interaction of users with an online application was remotely and automatically captured and analyzed. The usability studies were performed using the WebHint method for usability analysis of web applications. We evaluate two different versions of the application in order to observe the applicability of the method for successive usability analysis. The results show how the WebHint method can be used as an alternative approach to carry out successive evaluations of the usability of an application in order to analyze the evolution of different versions of its interface.

A post-masters program in advanced software engineering for real-time embedded systems

We describe the curriculum of a quite unique post-masters program at the Eindhoven University of Technology. This 2-years program is oriented towards the software engineering practice and puts special emphasis on the skills necessary for the development of embedded real-time systems. During the last 10 years, the program was very successful in providing the Dutch industry with highly skilled and motivated software engineers that are immediately deployable. Continuous process improvement is performed in order to adapt the curriculum to the needs of the industry and to improve the quality of the educational processes. The trainees are employees of the university and get a salary that enables them to have a reasonable living. In addition, the alumni usually get back their time-investment in form of a higher entrance level and a steeper career-path in comparison with alumni of the regular undergraduate programs.