The ISO/IEC 29110 Software Lifecycle Standard for Very Small Companies

For many small and start-up software companies, implementing controls and structures to properly manage their software development activity is a major challenge. It is commonly agreed that very small software companies, implementing management procedures, and controls to appropriately administer their software development activity is a significant challenge. To help meet the need for VSE-specific systems and software lifecycle profiles and guidelines, the ISO/IEC jointly published ISO/IEC 29110 “Lifecycle profiles for Very Small Entities” series of standards and guides, with the overall objective being to assist and encourage very small software organization in assessing and improving their software. The purpose of this chapter is to provide a primer on the ISO/IEC 29110 standard focusing on two main process areas of Project Management and Software Implementation.

Morpheus Web Testing: A Tool for Generating Test Cases for Widget Based Web Applications

Context: Widgets are reusable User Interfaces (UIs) components frequently delivered in Web applications.In the web application, widgets implement different interaction scenarios, such as buttons, menus, and text input.Problem: Tests are performed manually, so the cost associated with preparing and executing test cases is high.Objective: Automate the process of generating functional test cases for web applications, using intermediate artifacts of the web development process that structure widgets in the web application. The goal of this process is to ensure the quality of the software, reduce overall software lifecycle time and the costs associated with tests.Method:We elaborated a test generation strategy and implemented this strategy in a tool, Morpheus Web Testing. Morpheus Web Testing extracts widget information from Java Server Faces artifacts to generate test cases for JSF web applications. We conducted a case study for comparing Morpheus Web Testing with a state of the art tool (CrawlJax).Results: The results indicate evidence that the approach Morpheus Web Testing managed to reach greater code coverage compared to a CrawlJax.Conclusion: The achieved coverage values represent evidence that the results obtained from the proposed approach contribute to the process of automated test software engineering in the industry.

Ethics-based auditing of automated decision-making systems: intervention points and policy implications

Organisations increasingly use automated decision-making systems (ADMS) to inform decisions that affect humans and their environment. While the use of ADMS can improve the accuracy and efficiency of decision-making processes, it is also coupled with ethical challenges. Unfortunately, the governance mechanisms currently used to oversee human decision-making often fail when applied to ADMS. In previous work, we proposed that ethics-based auditing (EBA)—that is, a structured process by which ADMS are assessed for consistency with relevant principles or norms—can (a) help organisations verify claims about their ADMS and (b) provide decision-subjects with justifications for the outputs produced by ADMS. In this article, we outline the conditions under which EBA procedures can be feasible and effective in practice. First, we argue that EBA is best understood as a ‘soft’ yet ‘formal’ governance mechanism. This implies that the main responsibility of auditors should be to spark ethical deliberation at key intervention points throughout the software development process and ensure that there is sufficient documentation to respond to potential inquiries. Second, we frame AMDS as parts of larger sociotechnical systems to demonstrate that to be feasible and effective, EBA procedures must link to intervention points that span all levels of organisational governance and all phases of the software lifecycle. The main function of EBA should, therefore, be to inform, formalise, assess, and interlink existing governance structures. Finally, we discuss the policy implications of our findings. To support the emergence of feasible and effective EBA procedures, policymakers and regulators could provide standardised reporting formats, facilitate knowledge exchange, provide guidance on how to resolve normative tensions, and create an independent body to oversee EBA of ADMS.

Continuous Contract Based Verification of Updates in Maritime Shipboard Equipment

Modern control systems in the maritime domain are increasingly controlled by software systems and become subject to updates and configuration changes during operation. Moreover, with the shift to autonomous vessels and cars, these software-based systems are taking on more and more safety-critical tasks, so the risks associated with system failures are increasing. Unlike before, it becomes necessary to verify the continuously adapting modules of a vehicle not only before deployment, but to establish continuous verification capabilities during all phases of the product lifecycle, from the design to the system in operation. Hence, in case of an update, deviations from the expected behavior can be automatically detected and relevant measures can be initiated. In this work, a contract-based verification framework is presented that includes automatable and formally analyzable behavioral descriptors in form of assumption-guarantee contracts for all phases of the software lifecycle to provide static and dynamic verification capabilities alongside a dynamically changing system composition. By utilizing contractually defined behavior descriptions, classic test procedures, such as simulations, are supplemented by a formally testable level that is applied to all phases of the update process. A conceptual-deductive methodology was chosen, building on the identified requirements to develop an overarching update framework that adds contractual descriptions to the traditional development case. Based on the presented framework, the verifiable modification of a safety-critical software system is demonstrated. The approach is evaluated using a maritime collision-avoidance system and the verification steps are evaluated along the update process. The framework offers a novel approach to complement existing test procedures by enabling formal impact analysis and incremental verification of updates.

A Holistic Self-Adaptive Software Model

The recent self-adaptive software systematic literature reviews stated clearly the following insufficiencies: (1) the need for a holistic self-adaptive software model to integrate its different aspects (2) The limitation of adaptations to context changes (3) The absence of a general and complete adaptations’ picture allowing its understandability, maintainability, evaluation, reuse, and variability. (4) The need for an explicit and a detailed link with resources, and (5) a usual limitation to known events. In order to metigate these insufficiencies, this paper is proposing a holistic model that integrates the operating, adaptations, and adaptations’ manager aspects. The proposed model covers all possible adaptations: operating (dealing with software functions failures), lifecycle (handling adaptations required by some software lifecycle steps), and context (facing context changes events). The presented work introduces the concept of software adaptations process integrating the specifications of all the above kind of adaptations. In fact, this work shows an explicit trace to its pure bio-inspired origin.An application of the proposed approach on a “car industry case study” demonstrated its feasibility in comparison with similar works that proved its meaningful added value and its promising research perspectives.

Code Analysis Tool to Detect Extract Class Refactoring Activity in Vb.Net Classes

Code changes due to software change requests and bug fixing are inevitable in software lifecycle. The code modification may slowly deviate the code structure from its original structure that leads to unreadable code. Even though the code structure does not affect the software behaviour, it affects the code understandability and maintainability of software. Code refactoring is typically conducted to enhance the code structure; however, this task needs a lot of developers’ effort. Thus, this paper aims at developing a tool that will help programmers identify possible code refactoring.Weconsider two aspects of refactoring:(i) refactoring activities, and (ii) refactoring prediction model. In terms of refactoring activity, we focus on Extract Class. The object-oriented metrics are used to predict the possibility of code refactoring. The combination of two refactoring aspects recommends the possible refactoring effort and identify classes that are involved. As a result, we managed to get 79% percent of accuracy based on the 11 correct results out of 14 that the tool correctly detected. On top of supporting programmers in improving codes, this work also may give more insight into how refactoring improvessystems.

Computer Life-Cycle Management System for Avionics Software as a Tool for Supporting the Sustainable Development of Air Transport

The article presents selected results of analytical and design works undertaken at the Air Force Institute of Technology (AFIT) in the field of building a computer support and software lifecycle management system that is critical for flight safety. The aim of the work undertaken is to develop methods and carry out verification and testing in order to detect errors in the developed avionics software for compliance with the requirements of the DO-178C standard and its production, certification, and implementation on board aircraft. The authors developed an original computer system within the implemented requirements used in the construction and certification of avionic onboard devices and their software (among others, DO-254, DO-178C, AQAP 2210, ARP 4761, ARP 4754A). The conducted analysis involved three basic groups of avionics software development processes, i.e., software planning, creation, and integration. Examples of solutions implemented in the constructed computer system were presented for each of these process groups. The theoretical basis of the new method for predicting vulnerabilities in the software implemented within integrated avionic systems using branching processes is discussed. It was demonstrated that the possibility of predicting vulnerabilities in future software versions could have a significant impact on assessing the risk associated with software safety in the course of its lifecycle. It was indicated that some of the existing quantitative models for analyzing software vulnerabilities were developed based on dedicated software data, which is why actual scenario implementation may be limited. DO-178C standard requirements for the process of developing avionics software were implemented in the helmet-mounted flight parameter display system constructed at AFIT. The requirements of the DO-178C and AQAP 2210 standards were shown to be met in the example of the software developed for a graphics computer, managing the operating modes of this system.