Mohammad Zarour

An investigation into the best practices for the successful design and implementation of lightweight software process assessment methods

Software process assessment (SPA) is an effective tool to understand an organizations process quality and to explore improvement opportunities. However, the knowledge that underlies the best practices required to develop assessment methods, either lightweight or heavyweight methods, is unfortunately scattered throughout the literature. This paper presents the results of a systematic literature review to organize those recognized as the best practices in a way that helps SPA researchers and practitioners in designing and implementing their assessment methods. Such practices are presented in the literature as assessment requirements, success factors, observations, and lessons learned. Consequently, a set of 38 best practices has been collected and classified into five main categories, namely practices related to SPA methods, support tools, procedures, documentation, and users. While this collected set of best practices is important for designing lightweight as well as heavyweight assessment methods, it is of utmost importance in designing lightweight assessment methods, as the design of which depends on individual experience. The paper is revised based on previous reviewers comments.Literature is reviewed to identify best practices related to SPA methods.A set of 38 best practices has been collected and classified.Classes include SPA methods, support tools, procedures, documentation, and users.The collected set is of utmost importance in designing lightweight SPA methods.

SECDEP: Software engineering curricula development and evaluation process using SWEBOK

Abstract Context: Software engineering (SE) has a multidisciplinary and dynamic nature that makes it challenging to design its educational material. Guide to the software engineering body of knowledge (SWEBOK) which has evolved to become ISO/IEC 19759 standard has identified various knowledge areas to be part of any SE curricula. Although there is a number of studies that address the gap between SE curricula and software industry, the literature lacks defining a process that can be leveraged for continuously improving SE curricula to fulfill the software development market demands. Objective: In this paper, we propose a Software Engineering Curricula Development and Evaluation Process (SECDEP) that takes advantage of the SWEBOK guidelines to improve the quality of SE programs based on objective and subjective evidences. Method: Our process consists of multi-steps in which the local software market needs and the target SE program objectives and constraints are all taken into consideration. As a case study, we follow our process to investigate the core SE courses delivered as part of the SE curricula in a set of universities in our region. Results: The conducted case study identifies the factors that might contribute to mitigating the skills shortages in the target software market. We demonstrate the effectiveness of our process by identifying the weaknesses of the studied SE curricula and presenting recommendations to align the studied curricula with the demands of the target software market, which assists SE educators in the design and evaluation of their SE curricula. Conclusion: Based on the obtained results, the studied SE curricula can be enhanced by incorporating latest SE technologies, covering most of the SWEBOK knowledge areas, adopting SE curricula standards, and increasing the level of industrial involvement in SE curricula. We believe that achieving these enhancements by SE educators will have a positive impact on the SE curricula in question.

Modularity Measurement and Evolution in Object-Oriented Open-Source Projects

Throughout the software evolution, several maintenance actions such as adding new features, fixing problems, improving the design might negatively or positively affect the software design quality. Quality degradation, if not handled in the right time, can accumulate and cause serious problems for future maintenance effort. In this work, we study the modularity evolution of two open-source systems by answering two main research questions namely: what measures can be used to measure the modularity level of software and secondly, did the modularity level for the selected open source software improves over time. By investigating the modularity measures, we have identified the main measures that can be used to measure software modularity. Based on our analysis, the modularity of these two systems is not improving over time.

Gained experience by making intervention to improve software process in very small organizations

Many research have been accomplished in assessing software process in small enterprises; in this paper we introduce our experience in conducting SPI initiatives with very small enterprises VSE using the OWPL assessment method. Interventions to these enterprises have been made to help them improving their software processes. The lessons learned by applying the micro-evaluation approach have been discussed at the end of the intervention process. In this intervention we have assessed four different VSE.

Using Categorical Features in Mining Bug Tracking Systems to Assign Bug Reports

Most bug assignment approaches utilize text classification and information retrieval techniques. These approaches use the textual contents of bug reports to build recommendation models. The textual contents of bug reports are usually of high dimension and noisy source of information. These approaches suffer from low accuracy and high computational needs. In this paper, we investigate whether using categorical fields of bug reports, such as component to which the bug belongs, are appropriate to represent bug reports instead of textual description. We build a classification model by utilizing the categorical features, as a representation, for the bug report. The experimental evaluation is conducted using three projects namely NetBeans, Freedesktop, and Firefox. We compared this approach with two machine learning based bug assignment approaches. The evaluation shows that using the textual contents of bug reports is important. In addition, it shows that the categorical features can improve the classification accuracy.

Empirical Evidences in Software-Defined Network Security: A Systematic Literature Review

Nowadays, the term software-defined networking (SDN) becomes very popular. It is an approach that decouples the “control plane” and the “data plane” in switches to allow more programmable control of network traffic flows. Currently, several efforts are under way to thoroughly study and deploy SDN, as well as create standards that regulate the use of SDN. Since SDN is considered relatively a new discipline, a very little empirical literature has been aggregated in this field. The objective of this study is to aggregate and synthesize the empirical evidence from literature of SDN security to report the trends, patterns, and current status of the field. A systematic literature review (SLR) has been conducted to synthesize the empirical work in SDN.

User Experience Framework that Combines Aspects, Dimensions, and Measurement Methods

Abstract Successful software products necessitate users’ satisfaction when experiencing the use of the software. This is not only determined by the software functionalities and completeness, but also with the overall user experience when using the software product. Although user experience is widely adopted by practitioners and in industry, there is no scientific consensus on a definition or a theoretical model of UX. The dynamic nature of user experience is challenging both UX design and evaluation activities. Accordingly, further research is needed to study four non-orthogonal UX issues: definition, modeling, method selection, and the interplay between evaluation and development. Moreover, UX professionals need to identify means for compromising the difficulties of evaluating UX in a holistic manner. The purpose of this research is to consolidate the findings related to UX aspects and dimensions along with the identified measurement methods into one simplified UX theoretical framework. This work is related to the aforementioned modeling issue aiming to better understand the relationship between UX dimensions, UX Aspects and UX measurement methods. The proposed framework is vital for practical application of UX, the development of UX evaluation methods and further theoretical studies of UX.

Process improvement in governmental agencies: Toward CMMI certification

Software process improvement (SPI) approaches are highly mature within both product and service development enterprises. Among SPI approaches, particularly within large enterprises, CMMI is widely used and demonstrated its influence in leading the application of performance improvement methods in industry. In this paper, we test the readiness of government agencies by conducting internal CMMI appraisals on two selected government agencies. Using CMMI as a benchmark, we aim to determine how well do these agencies apply sound processes. We chose a sample of two large organizations from Saudi Arabia, a young but fast growing software market. We found that process areas such as requirements development, technical solution, configuration management, and verification follow well-defined processes with some areas of weaknesses. While both agencies have very limited knowledge of process improvement approaches, and they are relatively new software development establishments, yet they demonstrated areas of strength that were not expected. Our results indicate early signs of market maturity. We argue that the market is becoming more mature whereby SPI approaches may need to be enhanced reaching higher levels of maturity.

Online Banking Security and Usability - Towards an Effective Evaluation Framework

Convenience and the ability to perform advanced transactions encourage banks clients to use online banking. As security and usability are two growing concerns for online banking users, banks have invested heavily in improving their web portals security and user experience and trust in them. Despite considerable efforts to evaluate particular security and usability features in online banking, a dedicated security and usability evaluation framework that can be used as a guide in online banking development remains much less explored. In this work, we first extract security and usability evaluation metrics from the conducted literature review. We then include several other evaluation metrics that were not previously identified in the literature. We argue that the proposed online banking security and usability evaluation frameworks in the literature in addition to the existing standards of security best practices (e.g., NIST and ISO) are by no means comprehensive and lack some essential and key evaluation metrics that are of particular interest to online banking portals. In order to demonstrate the inadequacy of existing frameworks, we use some frameworks to evaluate five major banks. The evaluation reveals several shortcomings in identifying both missing or incorrectly implemented security and privacy features. Our goal is to encourage other researchers to build upon our work.

Toward a national strategy for Open Source Software

Open Source Software (OSS) solutions are growing rapidly as they become more mature. Countries have focused their efforts to support OSS initiatives and foster their development by providing government support through laws and legislation, and education. Because of the growing national interest in OSS, we surveyed efforts of twenty major world economies, otherwise known as the Group-of-Twenty (G-20). We examined over forty-five national initiatives within the twenty countries and we were able to identify seven distinctive common strategies applied within the past ten years. Each strategy has been adapted by at least three countries. The result of the survey shows a significant growth in interest to support OSS by major economies. Based on the result of our survey we present a stepwise process to align the seven strategies to national objectives and market needs, and provide a prioritization scheme for strategy implementation.