Systems, Software and Services Process Improvement

Secure software practices are gradually gaining relevance among software practitioners and researchers. This is happening because today more than ever software is becoming part of our lives and cybercrimes are constantly appearing. Despite its importance, its current practice in the software industry is still scarce. Indeed, software security problems are divided 50/50 between bugs and flaws. In particular, it remains a significant challenge for software practitioners in small software companies. Therefore, there is a need to support small companies in changing their existing ways of work to integrate these new and unfamiliar practices. The aim of this study is twofold. First, to help building an awareness of the software security process among practitioners in small companies. Second, to help the integration of these practices with software implementation process of ISO/IEC 29110 which results in an extension of the latter with additional activities identified from the industry best practices. Nevertheless, the extension proposal is to be performed selectively, based on the value of the software as an asset to the stakeholders and on stakeholders needs.

Studies on Innovation management are often focused on large companies and organizations. On the other side, small companies or VSE (Very Small Entities), constitute a significant part of the entrepreneurial landscape, and contribute – in a great extent – to the economic outputs of society and to the creation of employment. This is also valid for the system and software engineering business areas. Larger systems being built and deployed across Europe are usually built with the participation of small enterprises or research centers whose contributions have a key role in the resulting systems. Although these companies are sensitive to the importance of systematic innovation, most of the innovation models are targeted to large or medium enterprises and do not consider the specific characteristics of the system and software engineering industries. In this particular business area, innovation must consider two separate dimensions: (a) the opportunities to innovate that system and software development companies may offer to their customers and prospects, and (b) the application of techniques to innovate in the software development processes, to achieve better performance and leverage process capabilities and company productivity. Both dimensions require a systematic integration of the innovation management processes with the managerial and engineering processes of the organizations.This paper proposes an extension of the process model described in the ISO/IEC 29110 standard to enable innovation management processes and activities addressed to VSE. The innovation activities and tools incorporated into the resulting model are based on existing innovation models, and on the feedback collected through interviews and surveys with different software development companies. SPEM (System and Software Process Engineering Metamodel) has been used as a process design framework to encode the resulting model and formally integrate innovation, managerial and engineering processes for VSE.

The software development process is continuously changing, there is huge pressure to condense release cycles into shorter and shorter timeframes, tools are changing dramatically and companies must continually examine the efficacy of their development process. Attempting to hit a moving target is difficult and it is a decision which can have a major effect in terms of both the end-product and the business. In this paper, we discuss the role of situational context in deciding upon the software development process through the analysis of two case studies. The case studies take a detailed look at the organisational profile and context of each company in turn before we compare and contrast each situational context for factors that may influence the development process. We then compare the processes each company has chosen before our discussion of the role context plays in choosing a ‘correct’ software development process. While both companies have enjoyed sustained business growth and while both are agile in mind-set, we find that they are in fact quite distinct in their processes, this distinction being driven by their different situational contexts.

Process performance remains a key challenge in organizations. Improving processes can be guided by Capability Maturity Models resting on processes that can be assessed. Several ISO standards propose process models for Management System Standards, such as ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, and project management proposes processes in ISO 21500. The ISO 31000 standard provides guidance for Risk management with a process approach and systemic perspective. This paper presents the approach for eliciting processes based on ISO 31000 as the main thread in a process reference model (PRM). This PRM integrates risk management dimensions with the selected ISO standards: ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001.

In the safety-critical system, the Human-Machine Interface (HMI) is tightly coupled with system requirements; the functional requirements and the non-functional requirements. As the human has some limitations in his cognitive work, we cannot generate the HMI from the requirements of the complex system in the simplistic way. In this paper, we propose the HMI abstract model from the provisional system requirements, maintaining the simplicity of HMI. We do not intend to create HMI model from the final system requirements but rather traverse the both sides with keeping the safety property. In order to show our idea clearly, we use several examples in the automobile field.

Some researchers have attempted to tailor agile methods to comply with specific standards (e.g. SafeScrum and IEC61508). However, this risks over-configuring the agile method in such a way as to make it difficult to apply it to another safety standard. Our approach sought to look at the problems of addressing the more fundamental principles of safety assurance by adopting the 4+1 safety principles and investigating how a Scrum process challenges, and can be adapted to give strong indication that the practitioners felt that there is a significant potential for successful integration of the 4+1 principles within Scrum. There were some issues where practitioners were concerned to focus only on one safety standard, and neither the agile practitioners nor the safety practitioners had a clear understanding of the outlook and work of the other group. However, we used these issues to inform a further set of questions. We conducted semi-structured interviews with participants to explore the general feasibility of the approach, and to provide an assessment as to whether the 4+1 principles can be addressed without compromising agility.

The role of software is growing in safety related systems. This underlines the need for software process assessment in many safety-critical domains. For example, the nuclear power industry has strict safety requirements for control systems and many methods are applied to evaluate compliance to domain specific standards and requirements. This paper discusses the needs of the nuclear domain and presents alternatives to develop a process assessment method that takes into account domain specific requirements. The aim is to provide an approach that facilitates the use of assessment findings in evaluating compliance with the domain requirements and supports other assurance needs. Safety-oriented Process Line Engineering (SoPLE) is studied as a method for mapping assessment criteria to domain specific requirements. A binary distance metric is used to evaluate, how far a process mapping based method would solve problems found in compliance evaluation. Based on the results, SoPLE is applicable in this case, but process mapping is not adequate to facilitate compliance evaluation.

Project Portfolio Management (PPM) focus on the integration and alignment of projects with the business operation in order to achieve most value and cost-efficiency for the investment in projects. PPM is often a challenge and especially so for improvement projects where PPM is considerably underdeveloped. In this paper, we present an approach that combines the ImprovAbility model and assessment with a version of a CMMI assessment developed by the Danish company Whitebox. This approach was developed in the world-leading Wind Turbine Company Vestas. The paper presents and discusses this new way of evaluating a portfolio of improvement projects and combine this evaluation with the effect they have on the CMMI maturity level. Further, the paper demonstrates how the combination of a strong senior management requirement for improved maturity and the focus on getting the most value out of PPM made it possible for Vestas to become “better at getting better”.

The ISO/IEC 29110 standard aims to assist and encourage Very Small Entities (VSEs) in understanding, adopting, assessing and improving their software processes to their specific needs. Although the integration of international software standards in VSEs is a relevant topic, the learning/teaching process is a considerable challenge for industrial trainers, practitioners and VSEs. In this paper, we analyze the Project Management process of the Basic Profile of the ISO/IEC 29110 and propose a simulation-based serious game for supporting the learning/teaching process of the standard. The paper provides a mapping between the different stages of the game lifecycle and the Project Management process of the standard. Moreover, we present the results of a preliminary study to assess the idea of using the proposed serious game for supporting software process education, which allows getting initial positive evidence about the potential of the game for helping to understand the Project Management process of the standard.

The application of best-practice software inspection processes for early defect detection requires considerable human effort. Crowdsourcing approaches can support inspection activities (a) by distributing inspection effort among a group of human experts and (b) by increasing inspection control. Thus, the application of crowdsourcing techniques aims at making inspection processes more effective and efficient. In this paper, we present a crowdsourcing-supported model inspection (CSI) process and investigate its defect detection effectiveness and efficiency when inspecting an Extended Entity Relationship (EER) model. The CSI process uses so-called Expected Model Elements (EMEs) to guide CSI inspectors during defect detection. We conducted a controlled experiment on defect detection effectiveness, efficiency, and false positives. While CSI effectiveness and efficiency is lower for CSI inspectors, the number of false positives decreases. However, CSI was found promising for increasing the control of defect detection and supports the inspection of large-scale engineering models.

A new metric for evaluating the complexity of software is proposed: The residual complexity. This is the combination of a complexity metric with a code coverage metric. It indicates how well the complexity of a software is handled by software tests, and how much complexity still remains untested. In this paper we give an overview over existing source code metrics and code coverage metrics. Afterwards the residual complexity is described and the consequences are discussed. In the end a use case is shown on a real life example of a software application implemented in .NET.

New generations of industrial control systems offer higher performance, are networked and can be controlled remotely. Following this progress, the complexity of such systems increases through heterogeneous systems, hardware and more capable software. This may lead to an increase of unreliability and insecurity. Self-adaptive software systems offer a mean of dealing with complexity by monitoring a control system, detecting anomalies and adapting the control system to problems. Regarding such methods, industrial control systems have the advantage of being less dynamic. The network topology is fixed, devices rarely change, and the functionality of all the resources is known in principle. In this work, we examine this advantage and present the potential of self-adaptive software systems. The context of the presented work is control systems for hydropower units.

Nowadays, the engineering of (software) systems has to comply with different standards, which often exhibit common requirements or at least a significant potential for synergy. Compliance management is a delicate, time-consuming, and costly activity, which would benefit from increased confidence, automation, and systematic reuse. In this paper, we introduce a new approach, called SoPLE&Logic-basedCM. SoPLE&Logic-basedCM combines (safety-oriented) process line engineering with defeasible logic-based approaches for formal compliance checking. As a result of this combination, SoPLE&Logic-basedCM enables automation of compliance checking and systematic reuse of process elements as well as compliance proofs. To illustrate SoPLE&Logic-basedCM, we apply it to the automotive domain and we draw our lessons learnt.

Systematic Literature Review (SLR) is becoming a vital part of present day research in software process improvement (SPI). Nevertheless, there is no available study that provides detail review of the published software process improvement SLRs. Objective: The aim of this article is to classify the SLRs of SPI in order to identify the main research areas covered and evaluate the quality of the published SLRs. Methodology: A tertiary study was conducted to review the SLRs published by other researchers on the topic of SPI. Results: Twenty-four SLR articles were identified in the field of SPI. Results show that the quality of the selected SLRs on SPI is decreasing over the recent years. The most popular research topics are factors affecting SPI and process models. Conclusions: This study provides the review and state of the art in the context of SPI research. The results of this article would be of great interest for future SPI researchers by providing in depth understanding of various research areas in SPI. The number of process improvement SLRs is increasing and the overall quality is decreasing, which could lessen their potential impact on SPI practice. Currently, SPI literature is weak in the knowledge areas such as quality and software testing process improvement.

Public speaking anxiety is a type of social phobia, which might be commonly seen in novice software engineers. It is usually triggered by a fear of social performance especially when the performer is unfamiliar with the audience. Today, many software engineering activities (e.g. code inspection, peer review, daily meetings, etc.) require social gatherings where individuals need to present their work. However, novice software engineers may not be able to reduce their performance anxiety during their course of education. In this study, we propose a virtual reality approach to construct a practice environment for improving novice software engineers’ pubic speaking experiences. Consequently, we examine the effects of virtual reality intervention on the public speaking experience of six novice software engineers from a computer engineering department. We designed a virtual auditorium to simulate the presentation delivery environment and findings suggest that using this infrastructure for training purposes can reduce presenter anxiety levels – which is consistent with related published studies. We believe that this virtual auditorium environment can deliver benefits for students and practitioners alike in terms of addressing the anxiety that is often associated with early stage career presenters.

Numerous industrial sectors are investing in Cyber-Physical-Systems (CPS). CPS provide their functionality by the interaction of various subsystems which are usually developed by different suppliers and are expected to cooperate safely. The open and cooperative nature of CPS poses a significant challenge for industrial sectors with stringent dependability constraints, such as, autonomous automobile systems, medical monitoring, process control systems, or automatic pilot avionics. As CPS may reconfigure itself during run-time, for instance in order to handle failures or to adapt on changing conditions (such as connected car features relying on availability of environmental information), the dependability of this adaptation must still be ensured. To tackle this assurance issue, several recommendations rely on a set of contracts to describe components attributes and evaluate the robustness of the configuration at run-time. In our research project, DEIS, we address these important and unsolved challenges by developing technologies for dependable system integration at run-time. At the core of these technologies lies the concept of a Digital Dependability Identity (DDI) of a component or system. DDIs are composable and executable in-the-field, facilitating (a) efficient synthesis of component and system dependability information over the supply chain and (b) effective evaluation of this information in-the-field for safe and secure composition of highly distributed and autonomous CPS. In contrast to other approaches mainly focusing on software specifics (such as SOME/IP or other SoA approaches), DDI focuses on system development level (also taking into account HW specifics and system decomposition). The paper is describing the approach focusing on the support for functional safety and validation of automated and connected vehicles, by providing an initial framework to manage dependability aspects.

The automotive industry is facing new challenges resulting from recent technological evolutions. Software is having a major impact on the level of functionality being delivered by systems present in vehicles and the role of software is believed to be more relevant in the future. This stresses organizations in the automotive domain to improve their software development capability to deal with the increasing levels of systems complexity. In this paper, a harmonization exercise is performed considering the Automotive SPICE and ISO 26262 which are two of the most relevant quality standards for organizations developing systems in the automotive domain. The goals are to have a deeper understanding of the scenario where organizations have a sub-scope of ASPICE adopted (HIS scope) and wish to adopt jointly the ISO26262 standard as a strategic approach to improving development capability. The results show that an organization with HIS implemented still has a considerable scope of ISO26262 to implement.

Gamification is intended to increase engagement and motivation among its users by means of a set of game design elements. This field of study has expanded in popularity in the recent years in several areas needed to improve engagement among their actors. One of this areas is software engineering. This discipline is a human-centric activity needed of motivated engineers performing a wide panoply of tasks. In this scenario, in this paper authors present an effort conducted to deploy a gamification framework devoted to increase engagement among software practitioners in software process improvement initiatives. Preliminary results show both encouraging outcomes and areas of improvement in the implementation approach and in the needed breadth of areas or processes involved in the gamification proposal.

Teaching Software Project Management (SPM) for Information Technology (IT) learners is a relevance issue. The necessity of teaching SPM in a highly practical way moves trainers towards the use of new methods and techniques such as simulations, serious games or gamification strategies. The majority of the existing serious games for SPM do not offer flexibility, in terms of the ability to provide and dynamically change game scenarios during the life of the serious game, and not allow assessing learners’ new skill automatically. In this paper, we introduce the administration tool of the serious game ProDec, that allow trainers to design the game scenarios of the game trying to overcome the lacks found in the scope of serious games for SPM.

One of the fundamental skill that every professional should have, especially in the area of software engineering, is collaborative work, because teams’ members are required to collaborate to develop software. In this environment, one of the techniques currently being used for achieving activities involving collaborative teamwork is gamification. However, there is a lack of techniques to create software development teams through gamification. This paper presents a study of the use of gamification elements in the software engineering environment for collaborative work, in order to identify those elements that can be applied to create highly effective teams for software development.

Application lifecycle management (ALM) highlights the rules of the road for the entire software ecosystems’ lifecycle. Successful ALM enables clarity around the entire delivery effort, from defining requirements to deploying the software product. One of the challenges in software engineering today is to orchestrate ALM tools to a set of software projects effectively. In particular, it is challenging for software practitioners to continuously fully engage with the tasks that are assigned to them. The goal of this study is to address such situations using a game theoretic approach by utilizing a reward mechanism, which we intent to test in a medium-sized software development organization. Based on a set of game elements, this study proposes an auction mechanism to address human resource allocation and task optimization issues, and consequently tackle the potential problem of software practitioners’ engagement.

In this paper, we introduce a novel framework called CHANGCE-thinking, which is first and foremost a mental model. The key idea is to foster a holistic view on change initiatives that inspires thinking in terms of chances and opportunities rather than of problems and risks. The CHANGCE-thinking framework provides tools and methods to guide the change process towards realization of chances. In doing so it draws from concepts in change process design, diversity and gaming simulation. The CHANGCE-Game is used to kick-off the change process and it is implemented as a board game with haptic playing elements, which correspond to eight chance-rooms as well as eight types of the CHANGCE-thinking framework. In total, CHANGCE-thinking embodies a structured approach to chance orientation, which is initiated in a game setting and followed by a change process which needs to be lead rather than managed.

Gamification is a recent strategy used in several contexts, in our case we implement gamification as a strategy to promote a dynamic environment in Software Process Improvement (SPI) initiatives. Gamification can be a mechanism to transform SPI approaches, since it has great potential to increase engagement and enjoyment in teams. In this paper, we present a proposal for the assessment of gamified environments in order to assure that gamified experiences meet the purposes, goals, principles and elements that are defined as gamification fundamental components. Our proposal is oriented towards the definition of an assessment framework for gamified environments that comprises the identification and adoption of gamification principles, as well as a design method for gamified activities.

The research and development of new and improved services, systems, and products is an important driver for the European market. Innovation requires people that can interact in innovation teams, innovative and new ideas, creative environments supporting the creation of innovation, and innovation processes that support the entire chain from idea creation to the implementation of an innovation project. Innovation is intimately linked with entrepreneurship. Ideas, Innovation and Entrepreneurship are considered the keys to a wealthy and sustainable economy [1, 3, 5, 6, 8]. The InnoTEACH project empowers the innovation mind-set in the European Union by establishing learning environments in schools which fertilize the grounds for young people to apply innovation principles in problem solving and learning about entrepreneurship concepts at the same time. This paper presents “InnoTEACH”, a European project that transfers the innovation best practices from industry to the education and certification of school teachers.

This paper demonstrates the use of game techniques for Software Process Improvement. InnoBox, a game toolbox for process improvement and innovation in agile teams is presented. Authors selected 12 collaborative games to be used in team meetings. Each game card in InnoBox has been created and classified based on a design thinking approach and team maturity level. InnoBox is a ready to use tool designed for agile teams to facilitate, innovate and improve communication, cohesion and their way of working.

Gamification provides new affordances when integrated into BI systems. The paper highlights visibility, editability, persistence and association as organisational affordances that motivate people to use a BI system through gamification functionalities. The study is conducted at a car manufacturer where, for example, rewards and leaderboards are integrated into a BI system that responds to game interface design patterns. The result suggests an affordance model that could be used to develop and implement BI systems better and increase the use in a company.

The fourth industrial revolution confronts existing industrial organisations with fundamental manufacturing innovation challenges. The high levels of risk and uncertainty linked to corporate strategic planning activities are driven by the necessity of reacting to the rapidly increasing innovation pressure exerted on manufacturing companies in particular in technology-driven sectors such as automotive. This research deals with the creation of a structured methodological approach to strategic production planning that is essentially based on the systematic leveraging of the creativity and experience of a vast diverse network of employees in order to establish an actionable and living integrated manufacturing-driven innovation road mapping process. The process approach has strongly been inspired by process approaches to new product development (NPD). The results have been validated within the industrial environment of one of the biggest German automotive tier-1 suppliers.

Industry 4.0 is an important trend aiming at increasing competitiveness and rebalancing value creation in global networks. It targets the reduction of production costs while improving product quality and production scalability and individualization by means of digitalization of product and production. Products as well as their production are becoming cognitive and can therefore better adapt to given customer needs or production variations. In this paper, we discuss impacts of Industry 4.0 along the entire automotive supply chain. In particular, we illustrate that Industry 4.0 in the automotive context has a high cross-impact between development, production, operation and maintenance, thus requiring innovative solutions along the entire value creation chain.We enhance the commonly understood scope of Industry 4.0 towards digitalization over the entire product lifecycle and introduce data-driven business models to support exploitation of opportunities coming from this digitalization over the supply chain. We also propose a seamless cost engineering discipline in the automotive context for enabling a more systematic analysis and monitoring of the foreseen production costs from early development phase until SOP. This leverages system optimization to fulfil customer expectations from a functional, contextual and from an affordability point of view.

In this paper readers receive an overview of the opportunities for using virtual and augmented reality (VR and AR) in a standardized value chain in various industries. The main objective is to show different possible applications for companies to use VR and AR. Literature research is the basis for the findings in this paper. Results were found in the fields of sales, marketing, training, product design and development, logistics and manufacturing. There are many possibilities for companies to become more efficient and cost-saving. In addition, employees can benefit from additional help and time-saving training. At the moment, the most potential is found in the field of marketing and sales due to the fact that customers will be directly influenced by the technologies. Nevertheless, it depends on the company which opportunity suits them the best.

Security is a vital property of Industrial Control Systems (ICS), especially in the context of critical infrastructure. In this work, we focus on distributed control devices for hydro-electric power plants. Much work has been done for specific lifecylce phases of distributed control devices such as development or operational phase. Our aim here is to consider the entire product lifecycle and the consequences of security feature implementations for a single lifecycle stage on other stages. At the same time, recent trends such as the digitization of production is an enabler of production process extensions that support the integration of such security features during the operational phase of a control devices. In particular, we propose a security concept that enables assurance of the integrity of software components and product configuration of other control devices in the same network. Moreover, we show how these concepts result in additional requirements for the production stages. We show how we meet these requirements and focus on a production process by extending previously proposed methods that enable the commissioning of secrets such as private keys during the manufacturing phase. We extend this process by extracting information about the configurations of the actually produced devices during production. Based on this information, the proposed security techniques can be integrated without considerable overhead for bootstrapping.

This paper investigates the promoting and opposing factors which determine implementation paths (or process improvements) of mixed reality applications in industrial companies. Mixed realities are defined as the combined application of virtual and augmented reality technologies. We review maturity model-related literature to ascertain which reference models are available and how mixed reality phenomena have been treated. The Capability Maturity Model (CMM) is the starting point of our analysis. The authors aim at setting the foundation of a mixed reality readiness/maturity model that take into consideration the scientific relevance and the actual requirements of the practical application. The conceptual model incorporates the companies’ technological, organisational and industry value chain-related maturity-levels. To consider empirical implications, we applied a case study approach based on the real-life implementation projects in industrial companies.

This paper discusses the need and leveraging potential of formal modeling and web technology for progressing towards the goal of automating the establishment, maintenance and assessment of the completeness of traceability and the consistency of the requirements. The generic Augmented Lifecycle Space method, devised in an earlier paper, is applied as the approach to improve the capability of software processes requiring bidirectional traceability as well as consistency of the requirements in either homogeneous or heterogeneous development environments capitalizing on the emerging Open Services for Lifecycle Collaboration (OSLC) initiative. One of the important features of the presented new approach is that it allows for the so called “graceful integration” of formal modeling. Formal modeling is fundamentally necessary for securing completeness and consistency, but customarily rejected due to the usually prohibiting up-front effort needed to formally process all artifacts of an already established traditional system; Graceful integration can considerably lower this threshold.

The paper shows a new view on SPI given from the perspective of organisations research especially from the view of Marvin Weisbrod. It takes the trend analysis of Weisbrod and maps approaches like the SPI Manifesto and the agile Manifesto in the roadmap of Weisbrod. It also analyses the thesis of Weisbrod in detail by reflecting the history of industrial work in the last century. It shows how the Agile and the SPI Manifesto fit into trends of organisational change management and it provides a very simple understanding of process quality.

This paper demonstrates how a report used in a Master in Project management and Process improvement training at Roskilde University Denmark can be used to evaluate if a student can pass the ECQA SPI Manager exam. It also demonstrates how the structure of the report addresses all necessary competences, which should or could be brought into play during the project – and therefor also in one way or another addresses the quality of the activated competences in the improvement project – a kind of qualification. The clue is that the structure of the report follows the units and element in the SPI Manager job role, which is based on the SPI Manifesto and the ImprovAbilityTM model (part of ISO/IEC 33014 Guideline for Process Improvement) among other types of knowledge and research.

SQIL stands for SW Quality Improvement Leader. This is a new schema by Volkswagen where improvement agents are trained at suppliers to trace the quality of the processes, the quality of the product, and a set of metrics to track the progress of the development. The idea is to create a synergetic collaboration between suppliers and Volkswagen. Volkswagen defined so called KGAS (Konzerngrundanforderungen Software, in English: Group Basic Requirements Software) requirements which extend the scope of Automotive SPICE by a number of consistency requirements for engineering. The SQIL knows these requirements, usually has an Automotive SPICE Assessor qualification and correctly interprets the VW additional criteria to coach the improvement programs.

Cars of the future (ADAS – Autonomous self-driving assistant) will need to cover a number of new standards for mechatronic design and networking of the car in the cloud. This includes job roles for ISO 26262, IEC 61508 (functional safety), SAE J3061 (cybersecurity), etc. For instance, a car driving on a street will exchange information with neighbouring cars and learn the right steering angle, speed, etc. while the driver is using the car like a work place. Manufacturers plan to produce from 2030 only cars which have such a self-driving function incorporated. The design of new electric cars will require new infrastructures, new energy management, new battery concepts, and also new materials design (light weight and still resistant), and the job role pool will include these key skills as well. The production of cars will be with connected plants, robots to be programmed, and central production servers to coordinate the industry 4.0 type of production virtually across the world. And the new cybersecurity norm SAE J3061 will develop further in the next years because by moving the cars to the cloud and the production to industry 4.0 leaves Europe’s industry vulnerable to attacks if this is not handled. Also the medical systems move towards an IoT (Internet of Things) approach where people receive implants which read out the data and transport them to the mobile which forwards the data to a medical service in the cloud where data are used by states and hospitals.

This paper introduces and discuss the integration of originally modular VET course AQUA (original idea about integrating teaching of Automotive SPICE, Functional Safety and Six Sigma content) into the higher education studies. The goal is to integrate industry courses to higher education learning, provide certification and examination appropriate for the higher education learning without extensive practical experience and thus prepare the students for their future jobs and trainings in automotive development in these fields. An idea about combination of industry and higher education levels learning, certification and examination is presented. Example of possibilities and experiences of integrated teaching from the universities involved in Automotive Quality Universities (AQU) project is also presented and discussed.

Agile and lean approaches are disruptive approaches for the established software development approaches. Furthermore agile approaches are going step by step out of the software area into other areas like individual services outside the production, which is the root of lean. In this work we present an overview and outlook about agile and lean approaches to help to find answers to some questions: What is the difference between agile and lean? What kind of continuos improvement is inherent in agile and lean? How can lean and agile approaches be combined with software process improvement approach?

During the long and arduous journey of the Volkswagen group IT towards a better quality culture we have established a better understanding of product quality. We were distressed about our internal struggle whether the traditional or the agile approach of quality management is the only way of life. The authors were involved in these struggles, Alexander for the traditional approach and Mirko for the agile way until we discovered that our goals were exactly the same: how do we produce high quality products with an optimal cost and effect ratio. While reading this paper we want to show our starting point of the discussion about traditional and agile QM and how we evolved the discussion to an integrated QM-Concept which got farer than software development only.

In large enterprises, it is not a trivial feat to establish well-defined quality processes and procedures. Agile development needs automated procedures to realize the iterative product development. This automation demand can be a starting point to setup automated quality procedures for product testing during the continuous integration of the product development. This work shows the way to a testing as a service environment for a private cloud infrastructure. The service environment is motivated by up-coming challenges, agile teams are developing cloud applications with a focus on product specific quality assurance.

Given the evolution and increasing usage of agile methods and practices, the successful adoption of agile is crucial. During the last decade, the critical success factors (CSFs) of agile development research developed rapidly. This paper aims to review the research on CSFs of agile software development in the last ten years (2006–2016) which used empirical methodologies to identify the success factors. In this paper, eight factors are selected as critical success factors for agile software development. A taxonomy which maps these eight CSFs into Technical, Organizational, People, Process categories is introduced in this research.

In large enterprises, it is not trivial to establish new procedures in a standardized manner. We show how agile procedures are becoming step by step state of the art in different business areas of Volkswagen AG. A key point is that all want to improve the same with agile methods, but all demand different instantiations of agile methods to reach them. Business acceleration is the paradigm, but in a different business environment with different “business rules” – some have to be more innovative while others have to fit to more or new standards and regulations in the near future etc. We show an approach to support these different means of business acceleration with agile methods and we try to figure out some generic aspects of the acceleration journey.

The agile principles and methods have become an important contribution in the Software Engineering area. Several works reported successful cases of agile adoption in the software industry and academic environment. Organizations can adopt the agile methods into their software development process using incremental or big bang approaches. The incremental approach allows the team members and stakeholders to assimilate the agile principles and techniques progressively. However, the use of this approach can omit supporting agile practices. In this case, process specialists usually recommend the big bang approach that allows teams to have a full agile practices experience. The current work contributes reporting an alternative approach based on the parallel development of projects using plan-drive and agile based processes. In this case, two development teams using different processes developed each project simultaneously. A set of ten real small projects were successfully delivered using this proposed approach and their respective results analysis, in terms of spent hours and defects, was performed using the Wilcoxon signed-rank test that consists in a nonparametric statistical method.

In 2011 the automotive standard ISO 26262:2011 for the development of safety critical systems has been officially released. This standard has been successfully applied by various companies in the automotive supply chain and is the framework of the development of safety related systems and of their components. There is a regulation of the International Standardization Organization (ISO) that valid and published standards shall be periodically reviewed. Now the time has come to update and extend the existing standard, to make it applicable for future systems and technologies. The main motivations for the 2nd edition of ISO 26262: are the experiences gathered with the 1st edition; the extension of the scope to other vehicle categories; the inclusion of a semi-conductor guideline and the inclusion of guidance on fail-operational systems. This paper presents the key changes and updates and the motivation behind them.

In early 2018, the second edition of ISO 26262:2018 [1] automotive functional safety standard, is due for release. At the time of writing, the draft international standard (DIS) version is out for comment and review. One significant change over the original version of the ISO 26262:2011 [2] standard is part 11, which brings detailed information to support semiconductor manufacturers develop ISO 26262 compliant intellectual property (IP). In the original version, information available to semiconductor companies was limited. This forthcoming release will bring significantly more information to support semiconductor and silicon IP suppliers in the areas of digital and analogue components, programmable logic devices (PLD), multi-core processors and sensors. Tips, recommendations and practical examples are illustrated. However, there are certain areas that still not well represented, diagnostic coverage for analogue components for example is not defined in detail and there is a shortage of supporting information. Part 11 could also provide more worked examples to give design and functional safety teams a better insight into estimation techniques. The final draft international standard (FDIS) is due for publication in autumn 2017, and certain aspects of part 11 will be enhanced.

Secure software development allows the development of solutions considering information security aspects in the project’s scope, avoiding malicious users to attack system’s vulnerabilities. In this case, security controls must be integrated into the application’s solution design. The standard ISO/IEC 27034 provides the necessary guidance to the development of application security in any interested organization. An important standard’s concept is the Application Security Control (ASC) Library that may provide a central repository of security controls specification and design. The ASC Library can support the organization’s projects secure development considering their main characteristics and providing the necessary security controls references. This work reports an action-research developed in an international bank that adopted the ASC Library concept after reviewing its previous applications security risk assessments and identifying several missing security controls. The main contribution of this work is a process to identify, specify and document the organization security controls based on the ASC Library concept.

CMMI-SVC (Capability Maturity Model Integration for Services) is a process models for service provider organizations and ISO/IEC 20000 is ITIL based service management system standard. These are mature and accepted internationally. CMMI-SVC and ISO/IEC 20000 are tools for companies to develop their processes. Companies use these to increase quality of their services and productivity of teams and to decrease maintenance cost and time. Although, CMMI-SVC is a process model and ISO/IEC 20000 is a standard there is some similarities between them. In this study, we described the relationship between CMMI-SVC and ISO/IEC 20000 and the roadmaps of the two tools and gave pairing of systems according to these roadmaps. In this work, the aim is to define extra things to do for an organization that already has ISO/IEC 20000 certification, to get CMMI-SVC level 3 certification.

Software process improvement is challenging in the medical device development domain, as significant constraints exist such as ensuring conformance to regulations while improving software quality. The regulations that medical products are subject to may be overwhelming for organisations as a variety of international standards have to be implemented in order to address regulatory compliance. MDevSPICE® is a framework developed to overcome this challenge by integrating different international regulatory standards’ requirements with generic software development best practices. Keeping the complexity of the domain in mind, the formal process assessments performed based on MDevSPICE® are highly detailed and require significant resource and effort investment. With the MDevSPICE® lightweight software process assessment approach, we aim to obtain maximum benefit from an assessment within a limited time by assessing all processes within MDevSPICE®, specifying and presenting major issues in projects, prioritizing such issues and progressing to the improvement stage as early as possible. The approach has designed to be a solution to improve feedback time and motivation to move forward for software process improvement actions. In this experience paper, we describe the development of the lightweight MDevSPICE® assessment method and its implementation in four companies.

The paper presents the TestSPICE approach showing the content of the current version of TestSPICE, the transition to Scalable TestSPICE and the agile extension of TestSPICE. In addition it describes the relationship of TestSPICE to the ISO Standard ISO/IEC/IEEE 29119 and the ISO/IEC 15504 family of process assessment standards. The ECQA SPI Manager training which supports the implementation of TestSPICE is also presented.

Very small entities are gaining relevance with the emergence of the ISO/IEC 29110, and with its lightweight approach. However there are still facing some barriers for its adoption, and some VSEs have abandoned their software process improvement initiatives. This paper provides a survival analysis of very small entities when they are implementing an improvement initiative. This study is based on non-parametric (e.g. Kaplan-Meier) and semi-parametric models (e.g. Cox models), and it is useful for practitioners in order to identify the ideal duration of an improvement initiative. These survival functions are applied to our database containing 90 software process improvement initiatives.

Software development is not always a successful task, mainly for human related reasons. This situation highlights the importance of focusing on the human factor to help organizations in reducing the risk of failure due to this factor. As a solution, this paper presents a model that aims to help organizations in the integration of highly effective teams for software development, based on three factors: skills, interactive styles and knowledge. The paper includes the development of the model steps and the proposal of an environment we are developing to implement the model using gamification so that it will present an attractive way to integrate the teams.

Aligning Software Process Improvement with the business and strategic goals of an enterprise is a core factor for process improvement. Achieving success in Software Process Improvement (SPI) has shown to be a problematic challenge for countless organisations. SPI, as a discipline, can be described as a set of use cases, each use case describing the logically related activities that must be undertaken. In addition, each use case is a description of the interactions between itself and the participants, i.e. the Actors. The nature of these interactions more often than not may demand, from the participant, the recognition, and fulfilment, of ethical duties. In this paper we customise a theoretical framework developed by the US Content Subcommittee of the Impact CS Steering Committee that specifies traditional moral and ethical concepts, which can be used to identify the moral issues concerning the Software Process Improvement field. An application of these conventional and generic ethical concepts is made to use cases such as: Determining Business Needs; Conducting Process Improvement Assessment; the Tailoring and Creation of Processes; and Deployment. In doing so a number of ethical issues are highlighted. In the application and utilisation of SPI: business process engineers, software engineering teams, process improvement managers, and so on must be aware of these ethical duties, which have been identified by the application of the moral and ethical concepts, as presented in this paper, in order to become more responsible professionals in general. We propose a set of heuristics for ethical engagement with the SPI discipline proposing that an effective SPI strategy must be underpinned with ethical consideration.

This paper introduces the PERMA model of Martin Seligman and the Positive Leadership model of Kim Cameron. The authors discuss the need to apply these models in software development teams, together with managing the diversity of people, languages and systems, as prerequisites of benefiting from Industry 4.0 and the 6th Kondratieff wave.The Global Trends 2030 and current mega-trends, such as Industry 4.0 require strategies on how to cope with and benefit from diversity of systems, as well as from the linguistic and human diversity in teams and societies.

This paper addresses the need for correct and consistent use of concepts and terms in engineering environments. It provides guidance on how to formulate a corporate terminology policy as a pre-requisite for managing corporate language, designing and implementing a terminology process, and eventually writing definitions and creating new terms. The strategy presented in this paper follows the elcat model, an innovative e-learning initiative that focusses on content development of terminology management modules for the automotive industries. The authors suggest that the role of terminology management is to bring some order to support consistent and more precise language adoption for a period of time. Effective medium to long term terminology management is thereafter enabled through the introduction of a terminology change management procedure.

This paper gives an overview of the global mega trend accessibility, and about the skills and competences needed for the new profession or job role “Web Accessibility Professional” in Europe and world-wide. The authors discuss accessibility, present good practice from Austria (Accessibility through ICT, IT4Blind, OCG cares) and from EU projects (ACT: Accessible Culture and Training), and propose a draft “skills card” for a new European certificate for Web Accessibility Professionals, based on the standardized procedures and quality standards of ECQA®, the European Certification and Qualification Association.

In the process of software development, the importance of a team is unquestionable. Beside the team members’ technical knowledge and their skills, the interaction among them is a relevant factor that could affect their efficiency. According to the Team Software ProcessSM methodology, the phases of the software process and the activities of each team member, involve a multiplicity of situations with different interaction requirements. The objective of this work is to identify the interactive styles relevant to the phases and roles of the team members, through gamification techniques. After that, we would explore how the integration of these individuals with particular interactive styles, will conjointly face the software development process.