The Incremental Commitment Spiral Model for Service-Intensive Projects

To provide better service to customers and remain competitive in the business environment, a wide variety of ready-to-use software and technologies are available for one to “grab and go” in order to build up software systems at a rapid pace. Currently, a wide variety of Web services are available and ready to use for this purpose. Current software process models also support commercial-off-the-shelf (COTS)-based development processes. However, although COTS and Web Services are similar, they are different in many perspectives. On one hand, there are various software process models that support Web services development. Yet there is no process model that supports the project that uses services provided by others. This chapter introduces the Incremental Commitment Spiral Model (ICSM), a new generation process model that provides development guidelines, from exploring a Web service alternative to deployment and maintenance with case studies.

Innovative Strategies for Secure Software Development

This chapter discusses adoption of some proactive strategies in threat management for security of software systems. Security requirements play an important role for secure software systems which arise due to threats to the assets from malicious users. It is therefore imperative to develop realistic and meaningful security requirements. A hybrid technique has been presented in this chapter evolved by overlapping the strengths of misuse cases and attack trees for elicitation of flawless security requirements. This chapter also discusses an innovative technique using fuzzy logic as a proactive step to break the jinx of brittleness of present day security measures based on binary principle. In this mechanism, partially secure state evolved between safe state and failed state using fuzzy logic provides an alert signal to take appropriate additional preventive measures to save the system from entering into the failed state to the extent possible.

Towards Test-Driven and Architecture Model-Based Security and Resilience Engineering

The quality of software systems depends strongly on their architecture. For this reason, taking into account non-functional requirements at architecture level is crucial for the success of the software development process. Early architecture model validation facilitates the detection and correction of design errors. In this research, the authors are interested in security critical systems, which require a reliable validation process. So far, they are missing security-testing approaches providing an appropriate compromise between software quality and development cost while satisfying certification and audit procedures requirements through automated and documented validation activities. In this chapter, the authors propose a novel test-driven and architecture model-based security engineering approach for resilient systems. It consists of a test-driven security modeling framework and a test based validation approach. The assessment of the security requirement satisfaction is based on the test traces analysis. Throughout this study, the authors illustrate the approach using a client server architecture case study.

Software Development Using Service Syndication based on API Handshake Approach between Cloud-Based and SOA-Based Reusable Services

Reusability in the software development realm is a momentous cornerstone in deciding the success of an organization. The quantum leap in reusability was provided by object-orientation, which fundamentally altered the manner of thinking of software architects. The notion of the object and the installation of reusability as one of the central tenets is a critical requisite. Components that represented bigger and better software aggregates easily utilized by businesses to gain instant execution for their business services have made great strides. This gave way to the ultimate notion of a service which took software aggregates in components to fine and sharpened streams of software execution called services. This has been another inflection point in the overall curve of reusability, and most importantly, in agility and turnaround time for software production. The notion of services mandated the birth of a secure and trusted public interface to a service, which is called the Application Programming Interface (API). APIs represent a directory of services that a given enterprise offers.

Cloud-Based Testing for Context-Aware Cyber-Physical Systems

Cloud-based applications like email services or office suites enable real-time collaboration and traceability for shared data from nearly anywhere by using a modern web-browser. Thus, a significant shift has happened to these common applications to focus only on their usage than on their maintenance. However, today’s software development projects spend a noteworthy amount of resources to setup and maintain necessary development tools–over and over again. Thus, a similar shift for these development tools in the future would enable to spend valuable resources more on the actual project’s goals than on the tools’ maintenance. Especially development projects for cyber-physical systems, which interact with the real life’s surroundings by relying on sensors and actuators, have specific needs when using cloud-based solutions. In this contribution, preconditions, design decisions, and limitations of a cloud-based testing approach for CPS are outlined and discussed on the example “Hesperia.” “Hesperia” bases on the experiences from the development of “Caroline”–an autonomously driving vehicle for the 2007 DARPA Urban Challenge. “Hesperia” as a cloud-based testing approach was tested 2009 during the development of an autonomously driving vehicle at the University of California, Berkeley.

Knowledge Management in Agile Methods Context

Agile methods are characterized with flexibility, reliance on tacit knowledge, and face to face communication in contrast to traditional methods that rely on explicit knowledge sharing mechanism, extensive documentation, and formal means of communication. In this chapter, the authors will have a look at the knowledge management techniques used in different software development processes with focus on agile methods. Then they will test the claim of more informal knowledge sharing and see the mechanisms used to exchange and document knowledge. The test is on the basis of a survey conducted by Scott Ambler in 2009, where he surveyed over 300 agile practitioners asking them about mechanisms used and in which context every mechanism is applied.

Measuring the Progress of a System Development

For most of the developers and managers, the structure and the behaviour of software systems represented in a graphical manner is more understandable than a formal specification of a system or than plain code. Our previous work combined the intuitiveness of UML with the development rigour brought by formal methods and created progress diagrams. In progress diagrams, the design decisions within a system refinement chain are assisted by the application of patterns and illustrated in a comprehensible and compact manner. In order to rigorously assess and control the design process, we need to thoroughly monitor it. In this chapter we show how the application of generic refinement patterns is reflected in measurements. We establish measures for the evaluation of the design progress of the system, where the progress diagrams are assessed from the size and structural complexity perspective. Our motivation is to support the system developers and managers in making the design decisions that regard the system construction.

Benefits of CMM and CMMI-Based Software Process Improvement

Software Process Improvement (SPI) has become the survival key of numerous software development organizations who want to deliver their products cheaper, faster, and better. A software process ultimately describes the way that organizations develop their software products and supporting services; meanwhile, SPI on the other hand, is the act of changing the software process and maintenance activities. This chapter purposefully describes the benefits of software process improvement. The Capability Maturity Model (CMM) and the Capability Maturity Model Integration (CMMI) are briefly surveyed and extensively discussed. Prior literature on the benefits and impacts of CMM and CMMI-based software process improvement is also highlighted.

Software Process Improvement for Small and Very Small Enterprises

Software organizations have been struggling for decades to improve the quality of their products by improving their software development processes. Designing an improvement program for a software development process is a demanding and complex task. This task consists of two main processes: the assessment process and the improvement process. A successful improvement process requires first a successful assessment; failing to assess the organization’s software development process could create unsatisfactory results. Although very small enterprises (VSEs) have several interesting characteristics such as flexibility and ease of communications, initiating an assessment and improvement process based on well-known Software Process Improvement (SPI) models such as Capability Maturity Model Integration (CMMI) and ISO 15504 is more challenging in such VSEs. Accordingly, researchers and practitioners have designed a few assessment methods to meet the needs of VSEs organizations to initiate an SPI process. This chapter discusses the assessment and improvement process in VSEs; we first examine VSEs characteristics and problems. Next, we discuss the different assessment methods and standards designed to fit the needs of such organizations and how to compare them. Finally, we present future research work perceived in this context.

The Development of International Standards to Facilitate Process Improvements for Very Small Entities

Industry recognizes that Very Small Entities (VSEs) that develop software are very important to the economy. A Very Small Entity (VSE) is an entity (enterprise, organization, department or project) with up to 25 people..Failure to deliver a quality product on time and within budget threatens the competitiveness of VSEs and impacts their customers. One way to mitigate these risks is to put in place proven software engineering practices. Many international standards and models, like ISO/IEC 12207 or CMMI®1, have been developed to capture proven engineering practices. However, these documents were not designed for VSEs and are often difficult to apply in such settings. This chapter presents a description of the development of process improvement international standards (IS) targeting VSEs developing or maintaining software as a standalone product or software as a component of a system. The documents used by ISO/IEC JTC1/SC72 Working Group 24 (WG24), mandated to develop a set of standards and guides, and the approach that led to the development, balloting of the ISs, and TRs (Technical Reports) for VSEs are also presented. The chapter focuses on the ISO/IEC 29110 Standard3, the development of means to help VSEs improve their processes, and the description of a few pilot projects conducted to implement the processes of ISO/IEC 29110 standard.