Evolving Software Processes

EVOLVING SOFTWARE PROCESSES

THE BOOK PROVIDES BASIC BUILDING BLOCKS OF EVOLUTION IN SOFTWARE PROCESSES, SUCH AS DEVOPS, SCALING AGILE PROCESS IN GSD, IN ORDER TO LAY A SOLID FOUNDATION FOR SUCCESSFUL AND SUSTAINABLE FUTURE PROCESSES.One might argue that there are already many books that include descriptions of software processes. The answer is “yes, but.” Becoming acquainted with existing software processes is not enough. It is tremendously important to understand the evolution and advancement in software processes so that developers appropriately address the problems, applications, and environments to which they are applied. Providing basic knowledge for these important tasks is the main goal of this book. Industry is in search of software process management capabilities. The emergence of the COVID-19 pandemic emphasizes the industry’s need for software-specific process management capabilities. Most of today’s products and services are based to a significant degree on software and are the results of largescale development programs. The success of such programs heavily depends on process management capabilities, because they typically require the coordination of hundreds or thousands of developers across different disciplines. Additionally, software and system development are usually distributed across geographical, cultural and temporal boundaries, which make the process management activities more challenging in the current pandemic situation. This book presents an extremely comprehensive overview of the evolution in software processes and provides a platform for practitioners, researchers and students to discuss the studies used for managing aspects of the software process, including managerial, organizational, economic and technical. It provides an opportunity to present empirical evidence, as well as proposes new techniques, tools, frameworks and approaches to maximize the significance of software process management. AUDIENCEThe book will be used by practitioners, researchers, software engineers, and those in software process management, DevOps, agile and global software development. ARIF ALI KHAN is at the University of Jyvȁskylȁ, Finland. He obtained his PhD degree in software engineering from the Department of Computer Science, City University of Hong Kong. He has participated in and managed several empirical software engineering related research projects. He has expertise in software outsourcing, process improvement, 3C’s (communication, coordination, control), requirements change management, agile software development and evidence-based software engineering. Khan has published over 40 articles in peer reviewed conferences and journals.

DAC-NHUONG LE obtained his PhD in computer science from Vietnam National University, Vietnam in 2015. He is Deputy-Head of Faculty of Information Technology, Haiphong University, Vietnam. His area of research includes: evaluation computing and approximate algorithms, network communication, security and vulnerability, network performance analysis and simulation, cloud computing, IoT and image processing in biomedicine. He has more than 50 publications and edited/authored 15 computer science books, many with the Wiley-Scrivener imprint. List of Figures xv

List of Tables xvii

Foreword xxi

Preface xxiii

Acknowledgments xxvii

Acronyms xxix

1 REMO: A RECOMMENDATION DEVELOPMENT MODEL FOR SOFTWARE PROCESS IMPROVEMENT 1

Sujin Choi, Dae-Kyoo Kim, Sooyong Park

1.1 Introduction 2

1.2 Motivation 3

1.3 Related Work 5

1.4 Recommendation Development Model: ReMo 7

1.4.1 Correlation Analysis 9

1.4.2 Refining Improvement Packages 14

1.4.3 Building Recommendations 21

1.5 Case Studies 25

1.5.1 Phase I 28

1.5.2 Phase II 28

1.5.3 Phase III 28

1.5.4 Phase IV 29

1.6 Evaluation 29

1.6.1 Process Evaluation 30

1.6.2 Outcome Evaluation 32

1.6.3 Threats to Validity 36

1.7 Discussion 37

1.8 Conclusion 38

References 39

2 A FRAMEWORK FOR A SUSTAINABLE SOFTWARE SECURITY PROGRAM 47

Monica Iovan, Daniela S. Cruzes, Espen A. Johansen

2.1 Introduction 48

2.2 Software Security Best Practices 49

2.2.1 Microsoft Security Development Lifecycle for Agile Development 49

2.2.2 Building Security in Maturity Model 50

2.2.3 OWASP Software Assurance Maturity Model 52

2.2.4 Software Security Services 53

2.3 Software Security in Visma 55

2.4 Top-Down and Bottom-Up Approach of a Sustainable Program 55

2.4.1 Ensuring the Adoption and Implementation of Security Practices 56

2.4.2 Enabling the Adoption and Implementation of Security Practices 57

2.4.3 Empowering the Teams 57

2.4.4 Embedding the Security Activities 58

2.5 Explorability of a Sustainable Software Security Program 58

2.5.1 Researching and Innovating Services 58

2.5.2 Creating New Services 60

2.5.3 Persuasion Focusing on the Types of Software Development Teams 61

2.5.4 Service Onboarding 63

2.6 Exploiting Existing Services 63

2.6.1 Collecting Continuous Feedback 64

2.6.2 Retrofitting the Services 65

2.6.3 Focus on Investment Costs and Benefits 66

2.6.4 Discontinuing a Service 66

2.7 Pitfalls of a Sustainable Software Security Program 67

2.8 Further Reading 68

2.9 Conclusion 68

References 68

3 LINKING SOFTWARE PROCESSES TO IT PROFESSIONALISM FRAMEWORKS 71

Luis Fernández-Sanz, Inés López Baldominos, Vera Pospelova

3.1 Introduction 72

3.2 Process Standards 74

3.3 IT Professionalism Standards 75

3.3.1 ESCO 76

3.3.2 European e-Competence Framework 76

3.3.3 Skills Match Framework 77

3.4 Linking Software Processes and IT Professionalism Frameworks 78

3.5 Analysis of Recommended Skills in Processes According to Participating Professional Roles 79

3.6 Conclusions 84

References 84

4 MONITORING AND CONTROLLING SOFTWARE PROJECT SCOPE USING AGILE EVM 89

Avais Jan, Assad Abbas, Naveed Ahmad

4.1 Introduction 90

4.2 Related Work 91

4.2.1 Tools and Techniques Used for Scope Definition 92

4.2.2 Traditional Project Scope Definition 93

4.2.3 Tools and Techniques for Agile Project Scope Definition 94

4.3 EVM Applications and Calculation 94

4.4 Research Methodology 96

4.4.1 Systematic Literature Review 97

4.4.2 Mapping of Factors with A-SPSRI Elements 98

4.5 Quantification of A-SPSRI Elements and Running Simulation 101

4.5.1 Quantification of A-SPSRI Elements 101

4.5.2 Running Simulations and Their Integration with Agile EVM 101

4.5.3 Case Study 1 103

4.5.4 Case Study 2 110

4.6 Experimental Evaluation of Simulated Results 112

4.6.1 Regression Model Interpretation 112

4.6.2 Interpretation 113

4.7 Conclusion 114

References 115

5 MODELING MULTI-RELEASE OPEN SOURCE SOFTWARE RELIABILITY GROWTH PROCESS WITH GENERALIZED MODIFIED WEIBULL DISTRIBUTION 123

Vishal Pradhan, Ajay Kumar, Joydip Dhar

5.1 Introduction 124

5.2 Background 126

5.3 Proposed Models 127

5.3.1 Model-1 (General Model) 127

5.3.2 Model-2 (Multi-Release Model) 128

5.4 Performance Evaluation with Data Analysis 128

5.4.1 Dataset and Parameter Estimation 128

5.4.2 Competing Models and Comparison Criteria 129

5.4.3 Least Square Estimation (LSE) 129

5.4.4 Goodness of Fit 130

5.4.5 Comparison of Results 130

5.5 Conclusion 131

References 132

6 DEVELOPING A REFERENCE MODEL FOR OPEN DATA CAPABILITY MATURITY ASSESSMENT 135

Murat Tahir Çaldağ, Ebru Gökalp

6.1 Introduction 136

6.2 Literature Review 137

6.2.1 Theoretical Background 137

6.2.2 Related Works 137

6.3 Model Development 139

6.3.1 Scope 139

6.3.2 Design 139

6.3.3 Populate 140

6.3.4 Test 140

6.3.5 Deploy and Maintain 140

6.4 Open Data Capability Maturity Model 140

6.4.1 Process Dimension 140

6.4.2 Capability Dimension 143

6.5 Conclusion 144

References 145

7 AHP-BASED PRIORITIZATION FRAMEWORK FOR SOFTWARE OUTSOURCING HUMAN RESOURCE SUCCESS FACTORS IN GLOBAL SOFTWARE DEVELOPMENT 151

Abdul Wahid Khan, Ghulam Yaseen, Muhammad Imran Khan, Faheem Khan

7.1 Introduction 152

7.2 Literature Review 153

7.3 Research Methodology 153

7.3.1 Systematic Literature Review 154

7.3.2 Search String Process 154

7.3.3 Search String Development 155

7.3.4 Selection of Publications 155

7.3.5 Commencement of Data Extraction 157

7.3.6 Result Generated for Research Questions through SLR by Applying Final Search String 158

7.3.7 Categorization of Identified Success Factors 159

7.3.8 Analytical Hierarchical Process (AHP) 160

7.4 Proposed Methodology 162

7.4.1 Questionnaire Development 163

7.4.2 Data Sources 163

7.4.3 Validation of Identified Success Factors 163

7.4.4 Application of AHP to Prioritize Success Factors 164

7.4.5 Comparison of Proposed Framework 169

7.5 Limitations 169

7.6 Implications of the Study 169

7.7 Conclusions and Future Work 170

References 170

8 A PROCESS FRAMEWORK FOR THE CLASSIFICATION OF SECURITY BUG REPORTS 175

Shahid Hussain

8.1 Introduction 176

8.2 Related Work 177

8.2.1 Text Mining for Security Bug Report Prediction 177

8.2.2 Machine Learning Algorithms-Based Prediction 178

8.2.3 Bi-Normal Separation for Feature Selection 178

8.3 Proposed Methodology 178

8.3.1 Data Gathering and Preprocessing 179

8.3.2 Identifying Security-Related Keywords 179

8.3.3 Scoring Keywords 180

8.3.4 Scoring Bug Reports 181

8.4 Experimental Setup 181

8.4.1 Machine Learning Algorithm 181

8.4.2 Dataset 181

8.4.3 Performance Evaluation 181

8.5 Results and Discussion 182

8.5.1 Response to RQ1 182

8.5.2 Response to RQ2 182

8.6 Conclusion 183

References 183

9 A SYSTEMATIC LITERATURE REVIEW OF CHALLENGES FACTORS FOR IMPLEMENTING DEVOPS PRACTICES IN SOFTWARE DEVELOPMENT ORGANIZATIONS: A DEVELOPMENT AND OPERATION TEAMS PERSPECTIVE 187

Mohammad Shameem

9.1 Introduction 188

9.2 Research Methodology 189

9.2.1 Stage-1: Planning the Review 189

9.2.2 Stage-2: Conducting the Review 191

9.2.3 Stage-3: Reporting the Review Process 191

9.3 Results 192

9.3.1 RQ1 (Challenges Identified in the Literature) 192

9.3.2 RQ2 (Most Critical Challenges) 192

9.3.3 RQ3 (Development and Operation Analysis) 193

9.4 Discussion and Summary 194

9.5 Threats to Validity 194

9.6 Conclusions and Future Study 195

References 195

10 DEVOPS’ CULTURE CHALLENGES MODEL (DC2M): A SYSTEMATIC LITERATURE REVIEW PROTOCOL 201

Muhammad Shoaib Khan, Abdul Wahid Khan, Javed Khan

10.1 Introduction 202

10.2 Background 203

10.3 Systematic Literature Review Protocol 204

10.4 Creating the Search String 205

10.5 Search Strategies 205

10.5.1 Trial Search 205

10.5.2 Recognizing Search Terms Attributes 206

10.5.3 Results for a 206

10.5.4 Results for b 206

10.5.5 Results for c 207

10.5.6 Results for d 207

10.6 Final Search String Construction 208

10.7 Selection Criteria and Search Process 209

10.7.1 Inclusion Criteria 209

10.7.2 Exclusion Criteria 209

10.7.3 Selection of Primary Sources 210

10.8 Assessment of Publication Quality 210

10.9 Data Extraction Stage 210

10.9.1 Initiation of Data Extraction Phase 210

10.9.2 Presentation of Data Extraction 211

10.9.3 Data Extraction Process 211

10.9.4 Data Storage 211

10.10 Data Synthesis 212

10.11 Discussion 212

10.12 Validation of Review Protocol 213

10.13 Limitation 214

References 214

11 CRITICAL CHALLENGES OF DESIGNING SOFTWARE ARCHITECTURE FOR INTERNET OF THINGS (IOT) SOFTWARE SYSTEM 219

Noor Rehman, Abdul Wahid Khan

11.1 Introduction 220

11.2 Background 221

11.2.1 Layered Architecture Pattern 222

11.2.2 Microservices Software Architecture 222

11.2.3 Event-Driven Software Architecture Pattern 223

11.2.4 Blackboard Software Architecture Pattern 224

11.2.5 Systematic Literature Review for SADM 224

11.3 Research Questions 224

11.4 Research Methodology 225

11.4.1 Constructing Search Term Formulation 225

11.4.2 Publication Selection Process 229

11.4.3 Quality Assessment of the Publication 230

11.4.4 Data Extraction 230

11.4.5 Data Extraction Demonstration 230

11.4.6 Findings 232

11.5 Continent-Wise Comparison of the Challenges Found 235

11.6 Limitations 235

11.7 Conclusion and Future Work 236

References 237

12 CHALLENGES TO PROJECT MANAGEMENT IN DISTRIBUTED SOFTWARE DEVELOPMENT: A SYSTEMATIC LITERATURE REVIEW 241

Sher Badshah

12.1 Introduction 242

12.2 Related Work 242

12.3 Methodology 243

12.3.1 Planning the Review 244

12.3.2 Conducting the Review 245

12.3.3 Reporting the Review 246

12.4 Results and Discussion 246

12.5 Conclusion and Future Work 248

References 249

13 CYBER SECURITY CHALLENGES MODEL: SLR-BASED PROTOCOL AND INITIAL FINDINGS 253

Shah Zaib, Abdul Wahid Khan, Iqbal Qasim

13.1 Introduction 254

13.2 Related Work 254

13.3 Systematic Literature Review (SLR) Protocol 256

13.4 Research Questions 256

13.5 Search Term Construction 256

13.6 Strategies for Searching 257

13.6.1 Trial Searching 257

13.6.2 Characteristics of Search Terms 257

13.7 Process of Search String 258

13.7.1 Development of Search String 258

13.7.2 Resources to be Searched 259

13.8 Selection of Publication 259

13.8.1 Inclusion Criteria 259

13.8.2 Exclusion Criteria 260

13.8.3 Support of Secondary Reviewer 260

13.9 Assessment of Publication Quality 260

13.10 Data Extraction Phase 261

13.10.1 Commencement of Data Extraction Phase 261

13.10.2 Presentation of Extracted Data 261

13.10.3 Data Extraction Process 261

13.10.4 Data Storage 262

13.11 Literature Search and Selection 262

13.12 Results 263

13.12.1 Challenges in CSCM Based on Database/Digital Libraries 263

13.12.2 Challenges in CSCM Based on Methodology 265

13.13 Discussion 266

13.14 Limitations 266

13.15 Conclusion and Future Work 266

References 267

14 A PROCESS ASSESSMENT MODEL FOR HUMAN RESOURCE SKILL DEVELOPMENT ENABLING DIGITAL TRANSFORMATION 271

Ebru Gökalp

14.1 Introduction 272

14.2 Literature Review 273

14.2.1 Human Resource Skill Development 273

14.2.2 Theoretical Background 273

14.3 Process Assessment Model for Human Resource Skill Development 274

14.3.1 Process Dimension 274

14.3.2 Capability Dimension 274

14.4 Application of the Process Assessment Model for DX-HRSD 276

14.5 Findings and Discussions 277

14.6 Conclusion 279

References 279