Skip to main content

Über dieses Buch

This book constitutes the refereed proceedings of the 17th International Conference on Software Process Improvement and Capability Determination, SPICE 2017, held in Palma de Mallorca, Spain, in October 2017.

The 34 full papers presented together with 4 short papers were carefully reviewed and selected from 65 submissions. The papers are organized in the following topical sections: SPI in agile approaches; SPI in small settings; SPI and assessment; SPI and models; SPI and functional safety; SPI in various settings; SPI and gamification; SPI case studies; strategic and knowledge issues in SPI; education issues in SPI.



SPI in Agile Approaches


NDT-Agile: An Agile, CMMI-Compatible Framework for Web Engineering

Agile and Web Engineering show important synergies, making Agile a common approach for Web development. Besides, several initiatives emerged to support CMMI-DEV within Agile, where CMMI-DEV aims to improve organizations’ software development process. An approach integrating Agile, Web and CMMI-DEV might be of great value, since they might allow Web development teams to use Agile, as well as progress through CMMI-DEV maturity levels. For this purpose, we developed NDT-Agile, an NDT-based Agile framework to achieve the goals of CMMI-DEV in the context of Web Engineering. It was developed by mapping Agile practices to the goals of CMMI-DEV so as to identify existing gaps. Next, we searched for suitable Agile practices to cover the gaps and integrated them into a framework called NDT-Agile, which was validated using an expert-judgment technique: the Delphi method. This paper describes how we integrated Agile and CMMI-DEV into a Web Engineering framework. Besides, it also analyzes its initial evaluation, together with a first tool developed to support it.

Carlos J. Torrecilla-Salinas, Tatiana Guardia, Olga De Troyer, Manuel Mejías, Jorge Sedeño

DevSecOps: A Multivocal Literature Review

Involving security in DevOps has been a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps. This study is meant to give an overview of what DevSecOps is, what implementing DevSecOps means, the benefits gained from DevSecOps and the challenges an organization faces when doing so. To that end, we conducted a multivocal literature review, where we reviewed a selection of grey literature. We found that implementing security that can keep up with DevOps is a challenge, but it can gain great benefits if done correctly.

Håvard Myrbakken, Ricardo Colomo-Palacios

Towards the Development of a Sequential Framework for Agile Adoption

This research demonstrates the first steps towards the creation of a generic sequential Agile adoption framework. The presented Framework is the result of a detailed analysis of academic literature and industrial reports, and a multi-case study conducted in three large enterprises in Spain and Serbia. The proposed Agile adoption framework is composed of three main sequential phases for Agile method adoption process: Preparation, Transformation and Agile organisation. Preparation, the first phase of the framework, is developed to the highest level of detail and validated in three case companies. The main contribution of the paper is the proposed framework, from which the first phase is ready to be used by practitioners, and second and third phases are useful for academic society and they can be developed and validated further in the future. Integrated list of contingency factors, and list of situational factors, may be used by practitioners independently of using the generic Framework for Agile adoption presented in the paper.

Miloš Jovanović, Antoni-Lluís Mesquida, Antònia Mas, Bojan Lalić

SPI in Small Settings


Comparing SPI Survival Studies in Small Settings

Small organisations have been applying several quality approaches such as CMMI-DEV or ISO/IEC 15504-5 with quite diverse results. In order to build an experience factory we are gathering our experiences in a database containing the assessment results of more than 90 initiatives. This paper provides an empirical comparison of survival analysis for different improvement initiatives in the context of very small entities. We compare the Cox Proportional Hazard Regression models of our 90 initiatives, and we discriminated them by the reference model used: ISO/IEC29110, CMMI-DEV or ITMark.

Xabier Larrucea, Izaskun Santamaria

Assessment Model for HCI Practice Maturity in Small and Medium Sized Software Development Companies

Usability and user experience aspects need to be better integrated during software process improvements in the software industry. This study develops and evaluates a comprehensive continuous representation model for conducting peer and self-assessment of HCI practice in software development companies. In this paper, we report on the evolution of an HCI practice assessment model that can be used in software development projects and processes. The specific focus of the model is on the human-centered design practice in four categories: Human-centredness; Process and Infrastructure; Design and Outcomes; and Usability Impact. In order to know whether the model would be beneficial to companies, we conducted two case studies in Estonian software companies. The outcomes indicate that the model can help to increase HCI awareness, self-learning and sharing of a common vision among software practitioners and propel companies towards goal setting for continuous improvement of their HCI practice.

Abiodun Ogunyemi, David Lamas, Jan Stage, Marta Lárusdóttir

Cultural Issues and Impacts of Software Process in Very Small Entities (VSEs)

ISO/IEC29110 is an international standard of software lifecycle for small software companies also known as Very Small Entities (VSEs). While VSEs come from a diversity of cultural backgrounds, the current ISO/IEC29110 for VSEs does not address these cultural variations. VSEs from various cultural backgrounds might therefore find it difficult to adapt such a standard. This paper raises the issue that the current ISO/IEC29110 should recognize the impacts of cultural variation on software processes and cultural suggestions. It also point out one cultural dimension has a significant impact on software processes and their efficacy. Furthermore, the concepts of cultural consideration should not be limited to regions but, also cover the management perspective of individual VSE. In this paper, we identified two opposite cultural types which affect their software processes significantly. We propose that to make software process standards more practical for VSEs from different cultural backgrounds.

Tatsuya Nonoyama, Lian Wen, Terry Rout, David Tuffley

SPI and Assessment


The Maturity of Usability Maturity Models

The integration of usability practices in software development is not a straightforward process. In this context, the application of usability maturity models (UMM) in a software organization can provide insightful information to improve such integration. This paper discusses the design and application characteristics of the UMMs used over the last decade. The analysis of recent UMMs confirms that, even when the UMM field is a matter of interest and is getting adapted to new development contexts (for instance, agile or open source). UMMs lack detailed empirical evidence and supporting documentation for their objective application. In addition, our study also identifies other open issues related such as the level of prescriptiveness or mutability of UMMs. Consequently this paper identifies different opportunities for improving the maturity of UMMs. The application of mature UMMs would contribute to a better incorporation of usability and user experience practices in software organizations.

Carmen L. Carvajal, Ana M. Moreno

Comparative Study of Cybersecurity Capability Maturity Models

According to ESET, cybersecurity can be defined as the protection of information assets, through the treatment of threats that put at risk the information that is processed, stored and transported by information systems that are interconnected; and a process that involves prevention, detection and reaction or response. This article aims to describe and compare the most used cybersecurity capability maturity models, as a result of a systematic review (SR) of published studies from 2012 to 2017. For this, a taxonomy for comparing cybersecurity capability maturity models was developed, based on Halvorsen and Conradi’s taxonomy. Also, the taxonomy is adapted and applied to the cybersecurity capability maturity models identified in the SR. It was observed that the cybersecurity capability maturity models have similar elements because they use processes and levels of maturity, they also manage the risk, although at different levels of depth. Finally, it has been observed that each model due to its particularity has different fields of application.

Angel Marcelo Rea-Guaman, Tomás San Feliu, Jose A. Calvo-Manzano, Isaac Daniel Sanchez-Garcia

The Evolution of the TIPA Framework: Towards the Automation of the Assessment Process in a Design Science Research Project

Managing processes remain a key challenge for most organizations which need to preserve competitiveness. Process assessment frameworks can help by providing instruments guiding process improvement and regulation alignment. Several process assessment frameworks such as TIPA® are based on the ISO Process assessment standard series ISO/IEC 15504, currently revised in the ISO/IEC 330xx family of standards. Following a Design Science Research (DSR) methodology, this paper visits the TIPA Framework evolution throughout iterative cycles in terms of design, rigour and relevance. It investigates how original and new artefacts are being developed and improved over the period of ten years, in particular the new strategic move towards the automation of the assessment process. By demonstrating the evolution of the TIPA framework using a DSR perspective, this paper explicates design knowledge regarding the role and value of the framework within the ISO standards community and in practice.

Béatrix Barafort, Anup Shrestha, Stéphane Cortina

Development of an Assessment Model for Industry 4.0: Industry 4.0-MM

The application of new technologies in the manufacturing environment is ushering a new era referred to as the 4th industrial revolution, and this digital transformation appeals to companies due to various competitive advantages it provides. Accordingly, there is a fundamental need for assisting companies in the transition to Industry 4.0 technologies/practices, and guiding them for improving their capabilities in a standardized, objective, and repeatable way. Maturity Models (MMs) aim to assist organizations by providing comprehensive guidance. Therefore, the literature is reviewed systematically with the aim of identifying existing studies related to MMs proposed in the context of Industry 4.0. Seven identified MMs are analyzed by comparing their characteristics of scope, purpose, completeness, clearness, and objectivity. It is concluded that none of them satisfies all expected criteria. In order to satisfy the need for a structured Industry 4.0 assessment/maturity model, SPICE-based Industry 4.0-MM is proposed in this study. Industry 4.0-MM has a holistic approach consisting of the assessment of process transformation, application management, data governance, asset management, and organizational alignment areas. The aim is to create a common base for performing an assessment of the establishment of Industry 4.0 technologies, and to guide companies towards achieving a higher maturity stage in order to maximize the economic benefits of Industry 4.0. Hence, Industry 4.0-MM provides standardization in continuous benchmarking and improvement of businesses in the manufacturing industry.

Ebru Gökalp, Umut Şener, P. Erhan Eren

A SPICE-Based Maturity Model for the Governance and Management of Green IT

Organizations around the world are increasingly concerned about the environment, adopting sustainable practices in their business processes. In the field of Information Technologies (IT) several Green IT practices have been proposed, but in isolation, so a framework is needed if the Green IT is to be implemented and improved in an efficient and integrated way. In this paper, we propose a maturity model (based on SPICE) to help organizations to implement the governance and management of Green IT gradually, as well as to improve their maturity level in this area. The validation of this proposal by experts and a case study seems to indicate that the proposal can be useful for implementing and improving the Green IT processes in organizations.

J. David Patón-Romero, Moisés Rodríguez, Mario Piattini

A Multi-layer Representation Model for the ISO/IEC 33000 Assessment Framework: Analysing Composition and Behaviour

Software Process Improvement (SPI) models are a very important topic for SPI workers as software engineering students that require a good comprehension of the process assessment models. This paper proposes a visual multi-layered representational model describing in a highly practical way the ISO/IEC 33000 Assessment Framework through of structural and behavioural views. This kind of representation comprises several semantic layers based on the dimensions of the key elements of the model with an additional dimension for specifying measurements. The structural elements of the model are assigned on distinct layers and connected through dependence and co-occurrence connector in applying the Assessment Model on software processes. The representation model was tested with software developers, academic experts and students.

Alvaro Fernández Del Carpio

SPI and Models


Applying Agent-Based Simulation to the Improvement of Agile Software Management

Among agile methodologies, eXtreme Programming (XP) is one of the best known and better defined. However, one factor that hinders its application is the lack of native XP support for project management. One of the techniques that could help in the improvement of XP projects management is the simulation modeling. In this paper, we examine, through a literature review, the evidences of the application of modeling and simulation techniques to support the management in XP projects. From this review we conclude that there is still work to be done in this area, and more specifically in the teamwork management, having in mind that agile team management is the most influential factor in achieving agile team productivity. As a proof of concept, we present Sim-Xperience: a simulation model to assist the XP team in the management of their projects; this model, unlike those found in the literature, has been developed following the agent-based paradigm, especially suited to simulate social behaviors. Through the model input parameters you can configure the specific features of the project you want to simulate and of the development team. Thus, the model allows you to analyze the effect of different decisions on team management process, observing the evolution of the project development as well as the deviations in comparison with initial estimations. To illustrate the model simulation we have conducted a case study, where we have seen the results of the simulation model under two different allocation tasks strategies, concluding that using a strategy where the team member experience is not the priority criterion is better for the increase of team experience in the long term.

Nuria Hurtado, Mercedes Ruiz, Cristina Capitas, Elena Orta

An Exploratory Study on Usage of Process Mining in Agile Software Development

Agile software development methods have become popular in the software development field during the last decade. Majority of software organizations develop or claim to develop software based on agile methods. Process mining is a process management technique that allows for the analysis of business processes based on the event logs. The aim of process mining is to discover, monitor and improve real processes, but not assumed processes, by extracting knowledge from event logs readily available in information systems. Process mining can be used to discover agile processes followed in organizations/projects to determine the actual processes followed. Process mining can also establish the necessary evidences for assessing or measuring the agility of organizations. This study explores the usability of process mining methods in agile software development context. The results of an exploratory case study on using process mining techniques in a software project managed by Scrum are depicted. We also discuss the benefits of the process mining techniques used and compare different tools utilized.

Sezen Erdem, Onur Demirörs

A Formalization of the ISO/IEC 15504: Enabling Automatic Inference of Capability Levels

This paper presents a formalization that captures definitions of a number of concepts of ISO/IEC 15504 and relations among the concepts. The formalization is expressed in a formal language, OWL. The two main objectives for this formalization was to be consistent with the ISO/IEC 15504-5 process assessment model and to be effective, i.e., to allow for an automatic determination of a process capability level based upon data about the process attributes and ratings. The formalization is presented in a number of levels, from more general concepts to more specific. To assess the validity of the formalization, a number of test cases for the scenario of automatic determination of the capability levels were developed. A set of OWL reasoners were then used to derive the capability levels for the acquisition process group. While the test results were all positive, the real value of this formalization comes from the fact that it faithfully captured the main aspects of ISO/IEC 15504, a well established and accepted model for the assessment of processes capability levels, and that an inference engine was able to support the assessment of processes capability levels of an organization.

Diogo Proença, José Borbinha

A Model-Driven Proposal to Execute and Orchestrate Processes: PLM4BS

Business Processes Management (BPM) is a widely consolidated business strategy to improve and optimize the internal operation of any company. However, BPM is not usually simple to apply in software organizations because Software Processes (SPs) involve high degree of creativity, abstraction and rework, among other aspects. This situation provokes that these companies usually focus on modeling their processes but later, the orchestration and execution are manually and/or unilaterally performed by each involved role. This situation makes each SP difficult to maintain, monitor, evolve and measure. At present, there are model-based proposals to model SPs, but most of them fail to define the execution context of the process. This paper presents PLM4BS, a model-driven framework to support modeling, execution and orchestration of SPs. It has been successfully validated in different real environments, what has returned us valuable feedback to improve PLM4BS in the near future.

Julián Alberto Garcia-Garcia, Ayman Meidan, Antonio Vázquez Carreño, Manuel Mejias Risoto

An Axiom Based Metamodel for Software Process Formalisation: An Ontology Approach

Software development usually follows well known process models and standards for development processes. However, these are usually diverse and described in natural language which complicates their automation, adaptivity and verification. The need for process formalisation has long been highlighted, and we have provided a formalisation and translation algorithm to that effect in earlier work. However, to systematically and faithfully formalise heterogeneous processes from different standards and process models, there is a need to utilise uniform concepts to underpin the formalisation process. Metamodels and ontologies have been explored recently to lay a foundation for structuring and expressing additional rigour to process formalisation. In this study, we develop an axiom based metamodel utilising powertype patterns as a conceptual framework to underpin homogeneous process formalisation. The advantage of an axiomatic and powertype based metamodel approach lies in its potential to determine the metamodel basic constituents and formalism as well as its extensibility and adaptability. We formalise the metamodel using ontologies while adopting use cases from ISO/IEC 29110 and ISO/IEC 24744 standards for metamodel illustrations. Ontology based process descriptions enable process automated verification and adaptivity capability through the use of ontology reasoning support engines.

Edward Kabaale, Lian Wen, Zhe Wang, Terry Rout

Towards a Semi-automated Tool for Interoperability Assessment: An Ontology-Based Approach

Interoperability is an essential requirement to be verified when enterprises are starting and maintaining a collaborative relationship. To ensure that such a requirement is continuously met, interoperability needs to be assessed. Various assessment approaches have been proposed in the literature to identify strengths and weakness of an enterprise in terms of their ability to interoperate. However, the main existing approaches are addressing specific aspects of interoperability and focusing on one type of measurement. To assess different aspects of interoperability of the same company, one may use multiple approaches which might cause redundancy and confusion considering the different metrics. Therefore, the objective of this paper, is to propose an assessment approach based on the so called Ontology of Enterprise Interoperability. The proposed approach is supported by a semi-automated tool aiming at reducing the time and paperwork required for evaluation. An example of a networked enterprise is used to validate the approach.

Gabriel S. S. Leal, Wided Guédria, Hervé Panetto, Erik Proper

SPI and Functional Safety


How Does Scrum Conform to the Regulatory Requirements Defined in MDevSPICE®?

Medical device software development is subject to high regulations due to the potential risk of harming patients with unsafe medical devices. These regulations require software development to be performed with high discipline and evidence to be provided for auditory purposes. It’s not easy to manage both conformance to regulations and efficiency in medical device development. Therefore, there is a transition towards agility in safety critical systems development, to build high quality systems, shorten time to market, improve customer and employee satisfaction and ensure both safety and reliability. In this study, we evaluated one of the most highly adopted agile software development methods, Scrum from a regulatory perspective. We investigated to what extend the regulatory requirements defined in MDevSPICE® are met with implementation of the Scrum method and what additional processes and practices have to be performed to ensure safety and regulatory compliance in the healthcare domain.

Özden Özcan-Top, Fergal McCaffery

Testing in Automotive SPICE and TestSPICE: Synergies and Benefits

The paper describes the overall structure of Automotive SPICE and TestSPICE. It presents a comparison between the processes in Automotive SPICE® and TestSPICE and then focuses on the testing processes and some specific test topics. The paper shows potential benefits of TestSPICE for the automotive industry. It deals with topics like test data management, test automation and test techniques, which are not or only roughly mentioned in Automotive SPICE. The paper also gives a short explanation of the agile extension of TestSPICE.

Tomas Schweigert, Klaudia Dussa-Zieger

Deep Learning in Automotive: Challenges and Opportunities

The interest of the automotive industry in deep-learning-based technology is growing and related applications are going to be pervasively used in the modern automobiles. Automotive is a domain where different standards addressing the software development process apply, as Automotive SPICE and, for functional safety relevant products, ISO 26262. So, in the automotive software engineering community, the awareness of the need to integrate deep-learning-based development with development approaches derived from these standards is growing, at the technical, methodological, and cultural levels. This paper starts from a lifecycle for deep-learning-based development defined by the authors, called W-model, and addresses the issue of the applicability of Automotive SPICE to deep-learning-based developments. A conceptual mapping between Automotive SPICE and the deep learning lifecycles phases is provided in this paper with the aim of highlighting the open issues related to the applicability of automotive software development standards to deep learning.

Fabio Falcini, Giuseppe Lami

A Proposed Approach to the Revision of IEC 80001-1 Following Annex SL

IEC 80001-1 was published in 2010 and is now undergoing revision. Feedback gathered on the adoption of the standard has revealed a number of barriers that have impacted its adoption. The standard provides requirements related to the roles, responsibilities and activities that need to be performed for the risk management of medical IT networks. One reported barrier is a lack of drivers to motivate Top Management to implement the standard. In addition, there is a lack of alignment between IT and biomedical engineering departments within hopitals. Finally, the IEC 80001-1 standard was considered to be too complicated and complex to implement. This paper presents the barriers identified in the feedback and presents an approach to the revision of the standard as a process based management system standard in accordance with ISO/IEC Directives Annex SL as a means to overcome these barriers.

Silvana Togneri MacMahon, Todd Cooper, Fergal McCaffery

SPI in Various Settings


Enterprise SPICE Extension for Smart Specialization Based Regional Innovation Strategy

Process capability modeling became a tool for the systematization and codification of knowledge for process oriented activities in various areas. Enterprise SPICE defines a domain independent integrated model for enterprise-wide assessment and continuous process improvement. This paper presents the use of a SPICE conformant application dependent process modeling to support a smart specialization based regional innovation strategy process. Smart specialization is the main approach for the development and implementation of innovation strategies to improve of European regions within the programming period 2014–2020 driven by EU structural funds. The work presented in this paper provides the details of the regional innovation strategy process capability assessment model that is designed as an extension of the Enterprise SPICE Model.

Michael Boronowsky, Ieva Mitasiunaite-Besson, Antanas Mitasiunas, David Wewetzer, Tanja Woronowicz

Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context

With risk management as a key topic for most organizations, aligning and improving organisational and business processes is essential. Capability and Maturity Models can contribute to assess and then enable process improvement. With the need to integrate risk management in IT settings (IT department/organisation), ISO/IEC 15504-330xx process assessment approach combined with ISO 31000 for risk management can be the foundations for new process models. An integrated process-based approach with various market-demanded ISO standards (ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001) is proposed in the paper; it explains how the Integrated Risk Management Process Model for IT settings in an ISO multi-standards context is developed with a Design Science research method.

Béatrix Barafort, Antoni-Lluís Mesquida, Antònia Mas

A Framework for Assessing Organisational IT Governance, Risk and Compliance

Enterprises have reached to understanding that information technology (IT) is more than just a technical issue. Domains such as IT governance, risk management and compliance (GRC) have been established to steer it. Though there has been some improvements, these domains are usually considered separately, thus less business value is created due to complexity of the process flows. There has been little attempts to integrate all three aspects, however this was done using domain specific standard and not taking into account the existing state of the art. In this paper, we conduct a systematic literature review to understand the processes, roles, strategies, and technologies of IT GRC as well as their integration. Based on the results of the review, we propose an assessment framework, which could guide evaluation of the enterprise’s IT GRC concerns.

Mikhel Vunk, Nicolas Mayer, Raimundas Matulevičius

A Process Reference Model and A Process Assessment Model to Foster R&D&I Management in Organizations: MGPDI

A strategy to foster innovation in organizations consists of the adoption of a Research, Development and Innovation (R&D&I) management model. This paper describes the MGPDI model focused on Process Improvement & Assessment that is applicable to any organization independently of size, type and activity. This new model is based on: (i) requirements based on innovation best practices and Brazilian and Spanish Standards; (ii) the ISO/IEC 330xx family of standards for Process Assessment; (iii) lessons learned with the Brazilian model (MPS) for software process improvement. The MGPDI model has three components: a Process Reference Model (MR-MGPDI), a Process Assessment Model (MA-MGPDI), and a Business Model (MN-MGPDI). This paper also describes the validation of this model and its pilot implementation and assessment in three Brazilian companies. In addition to its relevance in Brazil, it has a high potential for replication in other countries.

Kival Chaves Weber, Cristina Filipak Machado, Renato Ferraz Machado, Ana Liddy Magalhães, Ana Marcia Debiasi Duarte, Maria Teresa Villalobos Aguayo, Cristiano Schwening, Rosane Melchionna, José Antonio Antonioni

SPI and Gamification


Gamification for Improving IT Service Incident Management

Support groups’ agents are a very important element of IT service incident management process, and to increase their motivation and commitment, to improve their skills and to modify their behaviors is fundamental for improving the process and meeting the business objectives. Gamification, the application of game elements in non-game contexts to modify and influence the behavior of the people, is helpful in this field. This paper introduces a method for gamifying the incident management process that is based on the gamification method proposed by Werbach and Hunter and ITIL incident management process. To illustrate the usefulness of the method proposed an example of use is also presented.

Elena Orta, Mercedes Ruiz, Alejandro Calderón, Nuria Hurtado

A Systematic Investigation into the Use of Game Elements in the Context of Software Business Landscapes: A Systematic Literature Review

The software development process is a set of socio-technical activities to produce software artifacts in which humans play a crucial role. Since it is a people centric activity, factors such as user motivation, engagement, communication and collaboration might constrain these activities. Therefore, software business organizations stand to benefit from adopting different tools and methods in order to overcome these obstacles and to improve their software business processes. Research has been made to increase software quality and enhance the software development process. Alongside these studies, innovative techniques and concepts are beneficial. As a solution, the notion of gamification (i.e. employing game elements in non-gaming contexts) has been introduced to enhance the software development process and overcome the challenges mostly related to human factors. However, the applicability of game elements in the context of software business landscapes is still a controversial issue and not totally proven as of yet. Numerous studies have been conducted to examine the benefits of gamification and how game elements affect the software development process. Thus, in this paper, a systematic literature review was conducted in order to investigate the application of game elements both in research and industrial levels of software development and as well as in software business landscapes.

Serhan Olgun, Murat Yilmaz, Paul M. Clarke, Rory V. O’Connor

Coverage of the ISO 21500 Standard in the Context of Software Project Management by a Simulation-Based Serious Game

Bringing professional practice into the learning/teaching process is an especially difficult task in the scope of software project management and can turn into a challenge in the context of software process standards education. The ISO 21500 standard is an international reference standard that provides generic guidance and good practices in project management. In this paper, we perform a literature review in order to analyze the current studies related to the use of serious games for understanding, teaching and supporting the education of the ISO 21500 standard. Moreover, we propose ProDec, a serious game for software project management training, and provide a mapping between the different stages of the game lifecycle and the ISO 21500 standard applying its management processes in the context of software projects. As a result, we observe that in this context, ProDec is able to cover seven of the ten subject groups and almost 75% of the project management processes of the ISO 21500 standard.

Alejandro Calderón, Mercedes Ruiz, Rory V. O’Connor

SPI Case Studies


Exploration of a Practical Approach for Assessing the Measurement Capability of Software Organizations

Measurement is the foundation for successful software management. However, it is not easy for software organizations to evaluate their measurement practices and to determine what they should do to improve them. There are models to evaluate capability and maturity of measurement processes. However, they frequently focus on the measurement process in relation with a well-defined capability model like CMMI or SPICE. Organizations following recent agile methodologies do not desire to apply these holistic models. We have developed a model to assess measurement capability of software organizations by inspecting individual measures, independent from software development approach and process architecture. The model includes sample of core measures for aspects and defines generic practices for three capability levels. Organizations can use the model to determine and improve their measurement capability. In the paper, an exploratory case study conducted in a large telecommunication company is discussed and the results are evaluated.

Murat Salmanoğlu, Onur Demirörs, Ahmet Coşkunçay, Ali Yıldız

SPICE in the Real World: Success for Large Infrastructural Projects with ISO/IEC 15504 Part 6

Since 2005, the Dutch Infrastructure Authority Rijkswaterstaat (RWS) is changing the way of tendering huge infrastructure contracts away from traditional projects to PPP (Public Private Partnership) projects. In such PPP Projects a company/consortium has to deliver the design, build, finance and maintenance of large infrastructural works. These projects are challenging and demand a mature management system. To check the maturity of these management systems, RWS asks for frequent external independent assessments using ISO/IEC 15504 Part 6, Systems Engineering and defines tough roadmaps for process improvement, which require process capabilities at the start of the project that cannot be testified due to the structure of the capability model. This paper explains the problem and potential solutions of this issue.

Dirk Pfauder, Tomas Schweigert, Paul Hendriks

The Role of International Standards to Corroborate Artefact Development and Evaluation: Experiences from a Design Science Research Project in Process Assessment

International standards were used to corroborate artefact development and evaluation in a Design Science Research (DSR) project within the context of Process Assessments in IT Service Management (ITSM). While there have been significant research efforts towards extending DSR guidelines and the development and revisions of the standards, reports of the application of International Standards to validate DSR artefacts are scant. DSR, akin to any academic research, is required to demonstrate rigour and relevance with the use of theories and prior knowledge. Moreover, DSR presents an artefact as a solution to a class of problems and reports how the artefact is developed and evaluated. Our DSR project demonstrated that concerns about the quality of artefacts can be addressed and thereby the utility and validity of the artefact can be verified with the use of International Standards. Using three International Standards, process assessment ISO/IEC 15504-33000 series, IT Service Management ISO/IEC 20000, and System and Software Quality Models ISO/IEC 25010, this paper presents an account of a real-life DSR project that demonstrates the significant role of International Standards to guide DSR researchers during artefact design, development and evaluation.

Anup Shrestha, Aileen Cater-Steel, Mark Toleman, Terry Rout

Strategic and Knowledge Issues in SPI


The Impact of Situational Context on the Software Development Process – A Case Study of a Highly Innovative Start-up Organization

Over the past six years, we have examined the impact of situational context of the software development process. Our early work involved the systematic development of a comprehensive situational factors reference framework. More recently, our efforts have focused on the application of this reference framework to different types of situational context. In this latest in a series of case studies, we examine the case of a small start-up organization, exploring in detail the process adopted. We also undertook a detailed evaluation of the situational context, carefully identifying the situational factors of greatest importance and how these factors have influenced the process design. The outcome of our case study confirms our earlier finding that a software development process is highly dependent on the organizational context. We also discovered some interesting new themes in this start-up environment, including the difficulty associated with prioritizing situational factors and the complexity that surrounds software process design. The role of organizational learning and feedback into improved development processes is also presented as a critical feature.

Gerard Marks, Rory V. O’Connor, Paul M. Clarke

Aspects You Should Consider in Your Action Plan When Implementing an Improvement Strategy

Both ISO/IEC 15504 (SPICE) and ISO/IEC 33014 include a step in their improvement process called: Develop action plan. But which actions should you include, and are you sure that these actions cover all aspects? We have performed a thorough study of the change strategy literature that is the foundation for the ten overall change strategies defined in ISO/IEC 33014. We have extracted statements from this material that represent generic actions recommended by the authors for each strategy. Through analytic induction we have then identified and validated eight aspects that you should consider when choosing your concrete actions for executing the strategy.

Peter H. Carstensen, Otto Vinter

Exploring Knowledge Loss in Open Source Software (OSS) Projects

Open Source Software is a term used to identify software developed and released under an “open source” license, meaning that under certain conditions; it is openly available for use, inspection, modification, and for redistribution free of cost (or with cost based on the license agreement). Incorporation of OSS while developing software can reduce time and cost of development. The nature of the work force (volunteers and paid) in OSS projects is transient and results in high turnover leading to knowledge loss. In this work, we explore the phenomenon of knowledge loss in OSS projects. Maintenance of OSS projects requires knowledge, typically shared asynchronously using technology-mediated channels. Knowledge sought in this manner is reactive in the sense that a developer will consult these channels looking for possible solutions or supporting information. We follow the backward snowballing to study the relevant literature on knowledge loss in OSS. Our work suggests that proactive knowledge exchange mechanisms may bring some benefits to OSS projects. Further integration of knowledge management practices with the established OSS practices can minimise knowledge loss.

Mehvish Rashid, Paul M. Clarke, Rory V. O’Connor

Education Issues in SPI


Relating Student, Teacher and Third-Party Assessments in a Bachelor Capstone Project

The capstone is arguably the most important course in any engineering program because it provides a culminating experience and is often the only course intended to develop non-technical, but essential skills. In a software development, the capstone runs from requirements to qualification testing. Indeed, the project progress is sustained by software processes. This paper yields different settings where students, teachers and third-party assessors performed [self-] assessment and the paper analyses corresponding correlation coefficients. The paper presents also some aspects of the bachelor capstone. A research question aims to seek if an external process assessment can be replaced or completed with students’ self-assessment. Our initial findings were presented at the International Workshop on Software Process Education Training and Professionalism (IWSPETP) 2015 in Gothenburg, Sweden and we aimed to improve the assessment using teacher and third-party assessments. Revised findings show that, if they are related to curriculum topics, students and teacher assessments are correlated but that external assessment is not suitable in an academic context.

Vincent Ribaud, Vincent Leilde

Evaluation Model of PRO2PI-WORK4E Method for Teaching Software Process Improvement

Methods to guide introduction to Software Process Improvement (SPI) courses to potentiate “learning SPI by doing SPI” and their systematic evaluations are relevant to both practice and research. An evaluation model for an educational method to teach SPI was developed. This model is based on a model for the evaluation of educational games. The developed model is composed of model design; evaluation process, objective and questionnaire; documentation model, data compilation and analysis model and spreadsheet; and example of use. The model was used to evaluate a course. Results of this evaluation provide initial validation of this model and also indicate that the evaluated method is effective in potentiate “learning SPI by doing SPI”.

Clenio F. Salviano

Towards a Strategy for Process Improvement Education and Training

At the 2015 Software Process Education, Training and Professionalism workshop, the focus was on bringing together a Manifesto to include values and principles. However, without a strategy driven by a commonly shared vision, it may be difficult to seek more tangible outcomes. This paper drafts a proposed strategy that might help us move forward.

Linda Ibrahim, Antanas Mitasiunas


Weitere Informationen

Premium Partner