Search

Your search keyword '"Roel Wieringa"' showing total 133 results
Start Over Author "Roel Wieringa"

Refine your results

more »

more »

more »

more »
133 results on '"Roel Wieringa"'

4. Analyzing SAFe Practices with Respect to Quality Requirements: Findings from a Qualitative Study

Author

Wasim Alsaqaf, Roel Wieringa, Preethu Rose Anish, and Maya Daneva

Subjects
Process management, Requirements engineering, business.industry, Computer science, media_common.quotation_subject, Exploratory research, Documentation, Empirical research, Scaled Agile Framework, Quality (business), business, Agile software development, media_common, Qualitative research
Abstract

Quality Requirements (QRs) pose challenges in many agile large-scale distributed projects. Often, project organizations counter these challenges by borrowing some heavyweight practices, e.g. adding more documentation. At the same time, agile methodologists proposed a few scaled agile frameworks to specifically serve agile organizations working on large and distributed systems. Little is known about the extent to which these proposals address QRs and the specific ways in which this happens. Moreover, evidence regarding the practical implementation of these frameworks with respect to QRs is scarce. Our paper makes a step towards narrowing this gap of knowledge. Using an exploratory research process, we analyze one well-documented framework, namely the Scaled Agile Framework (SAFe). We first analyzed the elements of SAFe as they were described in the methodological book of SAFe to identify the possible remedies to the QRs challenges reported in previous work. We then conducted a qualitative interview-based study to understand the practices that SAFe practitioners actually use to mitigate those QRs challenges. Our documentary analysis of SAFe resulted in identifying 25 SAFe elements that could (at least partially) mitigate one or more of the reported QRs challenges. Nine of those SAFe elements were reported in our interview-based study by SAFe practitioners as remedy for some of the reported QRs challenges. While practitioners attempted to use the recommended SAFe strategies for QRs, they often changed them in their own ways, or altogether resorted to heavyweight practices that the case study organizations knew from previously done non-SAFe projects.

Published
2021

5. Transitioning to Platform-based Services and Business Models in a B2B Environment

Author

Jens Poeppelbuss, Shirley Gregor, Fadime Kaya, Emanuel Marx, Jaap Gordijn, Martin Matzner, Tor Helge Aas, Tobias Pauli, Katja Maria Hydle, and Roel Wieringa, Margunn Aanestad, Erwin Fielt, Jürgen Anke, and Ruonan Sun

Subjects
VDP::Samfunnsvitenskap: 200::Økonomi: 210, Engineering management, ddc:330, Business, Business model
Abstract

Given the considerable success of companies such as Apple, Amazon or Airbnb, the term platform is on everyone’s lips today. Accordingly, platforms have long since also found their way into service science. However, mastering the transition from established product-sales-based offerings to platform-based services and business models comes with a multitude of challenges. In a B2B context, incumbent companies need to carefully evaluate how they can benefit from the establishment of platforms, especially in light of the effects on their existing business models and ties to other actors. Hence, we invited scholars with different backgrounds to provide viewpoints on the opportunities and challenges of the transition to platform-based services and business models in a B2B environment. The individual commentaries provide various insights on how to conduct this transition and benefit from it successfully. To do so, they contrast different approaches for establishing and governing ecosystems around platforms, discuss B2B-specific pitfalls and opportunities of platform business models, uncover the supporting role of platforms for smart service development, and stress the importance of platform and ecosystem thinking as a necessary mindset.

Published
2021

6. A minimalistic decision tree for blockchain business cases in healthcare

Author

Fadime Kaya, Jaap Gordijn, Roel Wieringa, Feltus, Christophe, Johannesson, Paul, and Proper, Henderik A.

Subjects
Blockchain, Healthcare, Decision tree, Business case
Abstract

Distributed Ledger Technology (DLT) is an emerging technology to remove middlemen from an eco-system. However, many DLT/BC projects are very technologically oriented and fail to address the business case and the re-design of its eco-system. Therefore, many DLT/BC projects do fail. We propose a minimalistic decision tree to check whether a business case is suitable for implementation by DLT/BC technology and evaluate the tree in the healhtcare domain.

Published
2020

7. Exploring governance in a decentralized energy trading eco-system

Author

Marc X. Makkes, Roel Wieringa, Jaap Gordijn, and Fadime Kaya

Subjects
Computer science, business.industry, Corporate governance, Energy trading, Distributed generation, Business model, Environmental economics, business, Decentralization
Abstract

Increasingly, large tech firms dominate eco-systems. From a societal perspective this is not always beneficial since these companies behave as value extractors; they charge an unreasonable high fee for their services and they can do so because they are monopolists. A possible solution to this substantial power concentration can be decentralized ecosystems, e.g., enabled by blockchain technology, in which decision power is distributed fairly. However, this comes also with the requirement that such eco-systems need a decentralized governance model. This paper explores if such a governance model can be represented by conceptual models, in particular, e3value. We answer this question by designing a decentralized eco-system in the field of electricity supply, which enables peer to peer energy trading, and checking if important governance decisions, motivated by a systematic literature review, can be represented.

Published
2020

8. Quantitative, value-driven risk analysis of e-services

Author

Jaap Gordijn, Roel Wieringa, Dan Ionita, Ahmed Seid Yesuf, Software and Sustainability (S2), Network Institute, and Software & Services

Subjects
Risk analysis, Information Systems and Management, SDG 16 - Peace, Profitability estimation, Management Information Systems, Management of Technology and Innovation, Accounting, 0502 economics and business, E-services, Actuarial science, Value modelling, 05 social sciences, Fraud, SDG 16 - Peace, Justice and Strong Institutions, 050201 accounting, Justice and Strong Institutions, n/a OA procedure, Human-Computer Interaction, Business, Value (mathematics), 050203 business & management, Software, Information Systems
Abstract

Modern e-services are provided by networks of collaborating businesses. However, collaborators, and even customers, don't always behave as expected or agreed upon, and fraudsters attempt unfair exploitation, legally or illegally.Profitability assessments of e-services should therefore look beyond revenue streams and also consider threats to the financial sustainability of the service offering. More importantly, any such analysis should consider the business network in which the e-service is embedded. The e3value method is an established modeling and analysis method that allows enterprises to estimate the net value flows of a networked e-business. Recently, the method and its ontology have been extended to cover aspects related to risk, e.g., fraud. In this paper, we introduce four new software-enabled risk and sensitivity analyses, which build upon this extension. The techniques are quantitative and therefore support making motivated risk mitigation decisions. We illustrate them in the context of three realistic case studies.

Published
2019

9. An integrated conceptual model for information system security risk management supported by enterprise architecture management

Author

Nicolas Mayer, Roel Wieringa, Christophe Feltus, Eric Grandry, Elio Goettelmann, and Jocelyn Aubert

Subjects
Process management, business.industry, Process (engineering), Computer science, Conceptual model (computer science), 020207 software engineering, Usability, 02 engineering and technology, Domain model, Information system security, n/a OA procedure, Domain (software engineering), Enterprise architecture management, Modeling and Simulation, 0202 electrical engineering, electronic engineering, information engineering, Information system, business, Software, Risk management
Abstract

Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.

Published
2019

10. Status quo in requirements engineering: a theory and a global family of surveys

Author

Tomi Männistö, Antonio Vetro, Marie-Therese Christiansson, Rafael Prikladnicki, Tayana Conte, Sagar Sen, Birgit Penzenstadler, Stefan Wagner, Marcos Kalinowski, Markku Oivo, Daniel Méndez Fernández, Roel Wieringa, Michael Felderer, Rodrigo O. Spínola, Guenther Ruhe, André Schekelmann, Jose Luis de la Vara, Ahmed Tuzcu, Maleknaz Nayebi, Casper Lassenius, Desmond Greer, Dietmar Pfahl, Dietmar Winkler, Koziolek, Anne, Schaefer, Ina, Seidl, Christoph, Empirical Software Engineering research group, and Department of Computer Science

Subjects
FOS: Computer and information sciences, Requirements analysis, GENERAL-THEORY, Programvaruteknik, Computer science, 02 engineering and technology, SOFTWARE, Computer Science - Software Engineering, Empirical research, Software, survey research, 0202 electrical engineering, electronic engineering, information engineering, Theory, Survey, media_common, Requirements Engineering, Requirements Engineering, Requirement Specification, Point (typography), Replication, Requirements engineering, Survey research, Management science, 05 social sciences, 050301 education, PAIN, Computer Science Applications, Empirical studies, Survey Resear, replication, ORGANIZATIONS, Process (engineering), Status quo, media_common.quotation_subject, Context (language use), Quality (business), survey, theory, Bootstrapping, business.industry, 020207 software engineering, Software design document, 113 Computer and information sciences, n/a OA procedure, Software Engineering (cs.SE), business, 0503 education, software engineering
Abstract

Requirements Engineering (RE) has established itself as a software engineering discipline during the past decades. While researchers have been investigating the RE discipline with a plethora of empirical studies, attempts to systematically derive an empirically-based theory in context of the RE discipline have just recently been started. However, such a theory is needed if we are to define and motivate guidance in performing high quality RE research and practice. We aim at providing an empirical and valid foundation for a theory of RE, which helps software engineers establish effective and efficient RE processes. We designed a survey instrument and theory that has now been replicated in 10 countries world-wide. We evaluate the propositions of the theory with bootstrapped confidence intervals and derive potential explanations for the propositions. We report on the underlying theory and the full results obtained from the replication studies with participants from 228 organisations. Our results represent a substantial step forward towards developing an empirically-based theory of RE giving insights into current practices with RE processes. The results reveal, for example, that there are no strong differences between organisations in different countries and regions, that interviews, facilitated meetings and prototyping are the most used elicitation techniques, that requirements are often documented textually, that traces between requirements and code or design documents is common, requirements specifications themselves are rarely changed and that requirements engineering (process) improvement endeavours are mostly intrinsically motivated. Our study establishes a theory that can be used as starting point for many further studies for more detailed investigations. Practitioners can use the results as theory-supported guidance on selecting suitable RE methods and techniques., 47 pages, 19 figures, accepted for publication in ACM Transactions on Software Engineering and Methodology (TOSEM)

Published
2019

11. SmTIP: A Big Data Integration Platform for Synchromodal Transport

Author

Roel Wieringa, Marten van Sinderen, and Prince Singh

Subjects
Transplantation, Computer science, business.industry, Integration platform, Big data, Systems engineering, Data analysis, User interface, business, Dynamic planning
Abstract

This chapter reports on the design of an interaction platform that supports the collection and analysis of third-party, real-time data for the dynamic planning of cargo transportation. Especially, flexible allocation of cargo to transplantation modes and routes is targeted, also known as synchromodal transportation. A prototype of the integration platform was developed, including a user interface for planners, to support them in decision-making by providing information about potential disruptions of planned or ongoing shipments. Potential disruptions are detected by analysis of data received from one or more live data sources.

Published
2018

12. Reference architecture for integration platforms

Author

Marten van Sinderen, Prince Singh, and Roel Wieringa

Subjects
050210 logistics & transportation, Computer science, business.industry, Best practice, 05 social sciences, Integration platform, Interoperability, 02 engineering and technology, Hardware_PERFORMANCEANDRELIABILITY, Enterprise Distributed Object Computing, Business goals, Engineering management, Software, 0502 economics and business, Commonality analysis, 0202 electrical engineering, electronic engineering, information engineering, Hardware_INTEGRATEDCIRCUITS, 020201 artificial intelligence & image processing, Reference architecture, Software engineering, business, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, Hardware_LOGICDESIGN
Abstract

In addition to in-house applications, networked enterprises are increasingly using data and services from various external sources. Conversion of data to useful information and IT alignment with business goals are big challenges faced by these enterprises. Integration platforms (IPs) aid enterprises in solving such challenges. However, the large number of commercial and academic IPs currently available have created a new problem for enterprises, namely whether to build their own IP or buy/rent a existing IP. Also, how to choose from the plethora of different design/solution options that are available? This paper presents a study and analysis of 31 IPs to bring out best practices in IP design. Following a commonality analysis of IPs from different research domains, an IP reference architecture is proposed. The reference architecture will aid enterprises in making better IP design/solution choices. It can also contribute to IP research by acting as a common reference point for future IP analysis.

Published
2017

13. Requirements Engineering Since the Year One Thousand

Author

Roel Wieringa

Subjects
Engineering, Requirements engineering, business.industry, Systems engineering, business, Construction engineering
Abstract

This paper argues that for each advance in RE that has been made in the past 1000 years, the older practices were not replaced but still exist, and need to be studied empirically.

Published
2017

14. Agile quality requirements engineering challenges: first results from a case study

Author

Wasim Alsaqaf, Roel Wieringa, and Maya Daneva

Subjects
Government, Requirements engineering, business.industry, Computer science, media_common.quotation_subject, 010102 general mathematics, Functional requirement, 02 engineering and technology, 01 natural sciences, Popularity, Scrum, Engineering management, Harm, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Quality (business), 0101 mathematics, business, Agile software development, media_common
Abstract

Agile software development methods have become increasingly popular in the last years. Despite their popularity, they have been criticized for focusing on delivering functional requirements and neglecting the quality requirements. Several studies have reported this shortcoming. However, there is little known about the challenges organizations currently face when dealing with quality requirements. Based on a qualitative exploratory case study, this research investigated real life large-scale distributed Agile projects to understand the challenges Agile teams face regarding quality requirements. Eighteen semi-structured open-ended in-depth interviews were conducted with Agile practitioners representing six different organizations in the Netherlands. Based on the analysis of the collected data, we have identified nine challenges Agile practitioners face when engineering quality requirements in large-scale distributed Agile projects that could harm the implementation of the quality requirements and result in neglecting them.

Published
2017

15. Empirical research methods for technology validation: Scaling up to practice

Author

Roel Wieringa

Subjects
Requirements engineering, Generalization, business.industry, Computer science, Empirical process (process control model), IR-89698, Machine learning, computer.software_genre, METIS-303987, Empirical research methods, Abductive reasoning, Hardware and Architecture, Similarity (psychology), Statistical inference, Artificial intelligence, Data mining, Action research, IS-Design science methodology, business, computer, Scaling, SCS-Services, Software, EWI-24282, Information Systems
Abstract

Before technology is transferred to the market, it must be validated empirically by simulating future practical use of the technology. Technology prototypes are first investigated in simplified contexts, and these simulations are scaled up to conditions of practice step by step as more becomes known about the technology. This paper discusses empirical research methods for scaling up new requirements engineering (RE) technology. When scaling up to practice, researchers want to generalize from validation studies to future practice. An analysis of scaling up technology in drug research reveals two ways to generalize, namely inductive generalization using statistical inference from samples, and analogic generalization using similarity between cases. Both are supported by abductive inference using mechanistic explanations of phenomena observed in the simulations. Illustrations of these inferences both in drug research and empirical RE research are given. Next, four kinds of methods for empirical RE technology validation are given, namely expert opinion, single-case mechanism experiments, technical action research and statistical difference-making experiments. A series of examples from empirical RE will illustrate the use of these methods, and the role of inductive generalization, analogic generalization, and abductive inference in them. Finally, the four kinds of empirical validation methods are compared with lists of validation methods known from empirical software engineering. The lists are combined to give an overview of some of the methods, instruments and data analysis techniques that may be used in empirical RE.

Published
2014

16. Understandability of Goal Concepts by Requirements Engineering Experts

Author

Roel Wieringa, Wilco Engelsman, and Services, Cybersecurity & Safety

Subjects
Relation (database), Requirements engineering, Computer science, Management science, Stakeholder, Enterprise architecture, Sample (statistics), Generalizability theory, SCS-Services, Replication (computing), Graphical language, n/a OA procedure
Abstract

ARMOR is a graphical language for modeling business goals and enterprise architectures. In previous work we have identified problems with understandability of goal-oriented concepts for practicing enterprise architects. In this paper we replicate the earlier quasi-experiments with experts in requirements engineering, to see if similar problems arise. We found that fewer mistakes were made in this replication than were made in the previous experiment with practitioners, but that the types of mistakes made in all the concepts were similar to the mistakes made in our previous experiments with enterprise architects. The stakeholder concept was used perfectly by our sample, but the goal decomposition relation was not understood. The subjects provided explanations for understandability problems that are similar to our previous hypothesized explanations. By replicating some of our earlier results, this paper provides additional support for the generalizability of our earlier results.

Published
2014

17. Engineering Security Agreements Against External Insider Threat

Author

Pascal van Eck, André van Cleeff, Roel Wieringa, and Virginia N. L. Franqueira

Subjects
Cloud computing security, IR-89545, Strategy and Management, Insider threat, Library and Information Sciences, METIS-302602, Computer security, computer.software_genre, Security information and event management, Threat, Insider, Security service, Security through obscurity, Security convergence, Economics, EWI-24231, Business and International Management, SCS-Services, computer
Abstract

Companies are increasingly engaging in complex inter-organisational networks of business and trading partners, service and managed security providers to run their operations. Therefore, it is now common to outsource critical business processes and to completely move IT resources to the custody of third parties. Such extended enterprises create individuals who are neither completely insiders nor outsiders of a company, requiring new solutions to mitigate the security threat they cause. This paper improves the method introduced in Franqueira et al. (2012) for the analysis of such threat to support negotiation of security agreements in B2B contracts. The method, illustrated via a manufacturer-retailer example, has three main ingredients: modelling to scope the analysis and to identify external insider roles, access matrix to obtain need-to-know requirements, and reverse-engineering of security best practices to analyse both pose-threat and enforce-security perspectives of external insider roles. The paper also proposes future research directions to overcome challenges identified.

Published
2013

18. Reusing knowledge in embedded system modelling

Author

Yan Lucas, Jelena Marincic, Roel Wieringa, and Angelika Mader

Subjects
EWI-24500, business.industry, Management science, Computer science, System Generation, Software development, Reuse, IR-89681, Model-based design, METIS-302876, Theoretical Computer Science, reuse, Software development process, Embedded software, Software, Computational Theory and Mathematics, Artificial Intelligence, Control and Systems Engineering, Software system, business, Software engineering, SCS-Services, plant modelling
Abstract

Model-based design is a promising technique to improve the quality of software and the efficiency of the software development process. We are investigating how to efficiently model embedded software and its environment to verify the requirements for the system controlled by the software. The software environment consists of mechanical, electrical and other parts; modelling it involves learning how these parts work, deciding what is relevant to model and how to model it. It is not possible to fully automate these steps. There are general guidelines, but given that every modelling problem differs, much is left to the modeller's own preference, background and experience. Still, when the next generation of a system is designed, the new system will have common elements with its previous version. Therefore, lessons learned from the current model could inform future models. We propose a framework for identifying the non-formal elements of knowledge, insights and a model itself, which can support modelling of the next system generation. We will present the application of our framework on an action research case – modelling mechanical parts of a paper-inserting machine.

Published
2013

19. Mechanistic modelling of cancer: some reflections from software engineering and philosophy of science

Author

Roel Wieringa, José M. Cañete-Valdeón, and Kieran Smallbone

Subjects
Knowledge representation and reasoning, Computer science, Science, Systems biology, Compromise, media_common.quotation_subject, EWI-22651, METIS-293727, Argumentation framework, Field (computer science), IR-83609, Neoplasms, Humans, Mainstream, Ecology, Evolution, Behavior and Systematics, media_common, Philosophy of science, business.industry, General Medicine, Models, Theoretical, Dilemma, Philosophy, Software engineering, business, SCS-Services, Software
Abstract

There is a growing interest in mathematical mechanistic modelling as a promising strategy for understanding tumour progression. This approach is accompanied by a methodological change of making research, in which models help to actively generate hypotheses instead of waiting for general principles to become apparent once sufficient data are accumulated. This paper applies recent research from philosophy of science to uncover three important problems of mechanistic modelling which may compromise its mainstream application, namely: the dilemma of formal and informal descriptions, the need to express degrees of confidence and the need of an argumentation framework. We report experience and research on similar problems from software engineering and provide evidence that the solutions adopted there can be transferred to the biological domain. We hope this paper can provoke new opportunities for further and profitable interdisciplinary research in the field.

Published
2012

20. ArgueSecure: Out-of-the-Box Security Risk Assessment

Author

Roel Wieringa, Roeland H.P. Kegel, Andrei Baltuta, and Dan Ionita

Subjects
Engineering, Traceability, business.industry, computer.software_genre, Data science, Electronic mail, Argumentation theory, Tree (data structure), Tree structure, Ranking, Data mining, business, Risk assessment, computer, Risk management
Abstract

Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework – called ArgueSecure – focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.

Published
2016

21. Probing for requirements knowledge to stimulate architectural thinking

Author

Abhishek Sainani, Balaji Balasubramaniam, Roel Wieringa, Preethu Rose Anish, Jane Cleland-Huang, Smita Ghaisas, and Maya Daneva

Subjects
Engineering, Process management, Requirements engineering, business.industry, Stakeholder, 020207 software engineering, Functional requirement, 02 engineering and technology, Software, Ask price, 0202 electrical engineering, electronic engineering, information engineering, Systems engineering, Leverage (statistics), 020201 artificial intelligence & image processing, Software requirements, business, Relevant information
Abstract

Software requirements specifications (SRSs) often lack the detail needed to make informed architectural decisions. Architects therefore either make assumptions, which can lead to incorrect decisions, or conduct additional stakeholder interviews, resulting in potential project delays. We previously observed that software architects ask Probing Questions (PQs) to gather information crucial to architectural decision-making. Our goal is to equip Business Analysts with appropriate PQs so that they can ask these questions themselves. We report a new study with over 40 experienced architects to identify reusable PQs for five areas of functionality and organize them into structured flows. These PQ-flows can be used by Business Analysts to elicit and specify architecturally relevant information. Additionally, we leverage machine learning techniques to determine when a PQ-flow is appropriate for use in a project, and to annotate individual PQs with relevant information extracted from the existing SRS. We trained and evaluated our approach on over 8,000 individual requirements from 114 requirements specifications and also conducted a pilot study to validate its usefulness.

Published
2016

22. Naming the Pain in Requirements Engineering: Contemporary Problems, Causes, and Effects in Practice

Author

Roel Wieringa, Rafael Prikladnicki, Desmond Greer, Tayana Conte, Birgit Penzenstadler, M. Nayabi, Guenther Ruhe, D. Méndez Fernández, Sagar Sen, Antonio Vetro, Dietmar Pfahl, Markku Oivo, Stefan Wagner, Ahmet Tuzcu, Casper Lassenius, Marcos Kalinowski, P. Mafra, J. L. de la Vara, André Schekelmann, Michael Felderer, Rodrigo O. Spínola, Tomi Männistö, Marie-Therese Christiansson, Publica, Empirical Software Engineering research group, and Department of Computer Science

Subjects
FOS: Computer and information sciences, Status quo, Computer science, media_common.quotation_subject, Context (language use), 02 engineering and technology, Computer Science - Software Engineering, Software, MANAGEMENT, 0202 electrical engineering, electronic engineering, information engineering, SOFTWARE COMPANIES, QUALITY, Relevance (law), Survey research, Empirical evidence, media_common, Requirements engineering, SCS-services, requirements engineering, survey research, business.industry, 020207 software engineering, 113 Computer and information sciences, n/a OA procedure, Complement (complexity), Software Engineering (cs.SE), Risk analysis (engineering), 020201 artificial intelligence & image processing, business, Dependency (project management)
Abstract

Requirements Engineering (RE) has received much attention in research and practice due to its importance to software project success. Its inter-disciplinary nature, the dependency to the customer, and its inherent uncertainty still render the discipline diffcult to investigate. This results in a lack of empirical data. These are necessary, however, to demonstrate which practically relevant RE problems exist and to what extent they matter. Motivated by this situation, we initiated the Naming the Pain in Requirements Engineering (NaPiRE) initiative which constitutes a globally distributed, bi-yearly replicated family of surveys on the status quo and problems in practical RE. In this article, we report on the analysis of data obtained from 228 companies in 10 countries. We apply Grounded Theory to the data obtained from NaPiRE and reveal which contemporary problems practitioners encounter. To this end, we analyse 21 problems derived from the literature with respect to their relevance and criticality in dependency to their context, and we complement this picture with a cause-effect analysis showing the causes and effects surrounding the most critical problems.Our results give us a better understanding of which problems exist and how they manifest themselves in practical environments. Thus, we provide a rst step to ground contributions to RE on empirical observations which, by now, were dominated by conventional wisdom only.

Published
2016
Full Text
View/download PDF

24. Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization

Author

Roel Wieringa, Wolter Pieters, André van Cleeff, and Frits van Tiel

Subjects
Cloud computing security, Computer Networks and Communications, Computer science, SCS-Cybersecurity, IR-78123, Computer security model, Computer security, computer.software_genre, Security testing, Security information and event management, EWI-20549, Security service, Security through obscurity, Security convergence, METIS-278812, Safety, Risk, Reliability and Quality, SCS-Services, computer, Software, Physical security
Abstract

Virtualization is one of the enabling technologies of cloud computing. It turns once dedicated physical computing resources such as servers into digital resources that can be provisioned on demand. Cloud computing thus tends to replace physical with digital security controls, and cloud security must be understood in this context. In spite of extensive research on new hardware-enabled solutions such as trusted platforms, not enough is known about the actual physical-digital security trade-off in practice. In this paper, we review what is currently known about security aspects of the physical-digital trade-off, and then report on three case studies of private clouds that use virtualization technology, with the purpose of identifying generalizable guidelines for security trade-off analysis. We identify the important security properties of physical and digital resources, analyze how these have been traded off against each other in these cases, and what the resulting security properties were, and we identify limits to virtualization from a security point of view. The case studies show that physical security mechanisms all work through inertness and visibility of physical objects, whereas digital security mechanisms require monitoring and auditing. We conclude with a set of guidelines for trading off physical and digital security risks and mitigations. Finally, we show how our findings can be used to combine physical and digital security in new ways to improve virtualization and therefore also cloud security.

Published
2011

25. A2thOS: availability analysis and optimisation in SLAs

Author

Sandro Etalle, Emmanuele Zambon, and Roel Wieringa

Subjects
Service (business), Process management, Computer Networks and Communications, business.industry, Computer science, Availability management, Information technology, Computer security, computer.software_genre, Computer Science Applications, Outsourcing, Task (project management), Core (game theory), Customer satisfaction, business, computer
Abstract

Information technology (IT) service availability is at the core of customer satisfaction and business success for today's organisations. Many medium- to large-size organisations outsource part of their IT services to external providers, with service-level agreements describing the agreed availability of outsourced service components. Availability management of partially outsourced IT services is a non-trivial task since classic approaches for calculating availability are not applicable, and IT managers can only rely on their expertise to fulfil it. This often leads to the adoption of non-optimal solutions. In this paper we present A2thOS, a framework to calculate the availability of partially outsourced IT services in the presence of SLAs and to achieve a cost-optimal choice of availability levels for outsourced IT components while guaranteeing a target availability level for the service. Copyright © 2011 John Wiley & Sons, Ltd.

Published
2011

26. MaDe4IC: an abstract method for managing model dependencies in inter-organizational cooperations

Author

Roel Wieringa, Manfred Reichert, Andreas Wombacher, Lianne Bodenstaff, and Databases (Former)

Subjects
Value creation, Computer science, 020207 software engineering, Context (language use), 02 engineering and technology, computer.software_genre, Management Information Systems, Consistency (database systems), Inter organizational, Risk analysis (engineering), Hardware and Architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Maintenance phase, Consistency, Software system, Data mining, SCS-Services, Inter-organizational models, computer, Software, Information Systems
Abstract

Inter-organizational cooperations are complex in terms of coordination, agreements, and value creation for involved partners. When managing complex cooperations, it is vital to maintain models describing them. Changing one model to regain consistency with the running system might result in new inconsistencies. As a consequence, this maintenance phase grows in complexity with increasing number of models. In this context, challenges are to ensure consistency at design time and to monitor the system at runtime, i.e., at design time, consistency between different models describing the cooperation needs to be ensured. At runtime, behavior of the software system needs to be compared with its underlying models. In this paper, we propose a structured and model-independent method that supports ensuring and maintaining consistency between running system and underlying models for inter-organizational cooperations.

Published
2010

28. Automated analysis of security requirements through risk-based argumentation

Author

Roel Wieringa, Virginia N. L. Franqueira, Yijun Yu, Bashar Nuseibeh, and Thein Than Tun

Subjects
Computer science, Standard of Good Practice, METIS-312450, Vulnerability, EWI-25102, Information security, IR-95948, Computer security model, Computer security, computer.software_genre, Security information and event management, Security testing, Threat, Hardware and Architecture, Security through obscurity, Security management, Risk assessment, computer, SCS-Services, Software, Information Systems
Abstract

Included definition of premises.Adjusted the metamodel according to the Toulmin-style arguments.Revised the examples according to the changed metamodel.Added descriptions to Figs. 7 and 8.Fixed typos and improved the language. Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (RIsk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks and arguments, our automated checking of formal arguments can identify relevant risks as rebuttals to those arguments, and identify mitigations from publicly available security catalogues when possible. As a result, security engineers are able to make informed and traceable decisions about the security of their computer-based systems. The application of OpenRISA is illustrated with examples from a PIN Entry Device case study.

Published
2015

29. Requirements engineering paper classification and evaluation criteria: a proposal and a discussion

Author

Nancy R. Mead, Roel Wieringa, Neil Maiden, and Colette Rolland

Subjects
Engineering, Requirements engineering, Management science, business.industry, Steering committee, METIS-237985, EWI-1314, 020207 software engineering, 02 engineering and technology, IR-57657, Empirical research, Conceptual framework, Requirements engineering research Research methods Paper classification Paper evaluation criteria, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, IS-Design science methodology, Systematic mapping, business, SCS-Services, Software, Information Systems
Abstract

In recent years, members of the steering committee of the IEEE Requirements Engineering (RE) Conference have discussed paper classification and evaluation criteria for RE papers. The immediate trigger for this discussion was our concern about differences in opinion that sometimes arise in program committees about the criteria to be used in evaluating papers. If program committee members do not all use the same criteria, or if they use criteria different from those used by authors, then papers might be rejected or accepted for the wrong reasons. Surely not all papers should be evaluated according to the same criteria. Some papers describe new techniques but do not report on empirical research; others describe new conceptual frameworks for investigating certain RE problems; others report on industrial experience with existing RE techniques. Other kinds of papers can also be easily recognized. All of these types of papers should be evaluated according to different criteria. But we are far from a consensus about what classes of paper we should distinguish, and what the criteria are for each of these classes.

Published
2005

30. PROJECT GRAAL: TOWARDS OPERATIONAL ARCHITECTURE ALIGNMENT

Author

Henk Blanken, Pascal van Eck, Roel Wieringa, and Databases (Former)

Subjects
Enterprise architecture framework, Knowledge management, EWI-6899, Computer science, Strategic alignment, business.industry, Computer Science Applications, The Open Group Architecture Framework, Operational View, Applications architecture, Reference architecture, View model, Software engineering, business, SCS-Services, Software architecture description, Information Systems
Abstract

This paper presents a framework for architecture alignment that can be positioned between approaches for software architecture, which concern software artefacts only, and strategic alignment models, which have a business focus. The framework is currently applied in case study research to find alignment patterns used in practice. First results presented in this paper indicate that the framework might yield an operationalization of strategic architecture alignment models. We also present an alignment pattern which shows a difference between how architectures are designed at the application level and the infrastructure level. We think this difference is significant for practical alignment models.

Published
2004

31. Requirements-level semantics and model checking of object-oriented statecharts

Author

Roel Wieringa, David N. Jansen, Rik Eshuis, and Information Systems IE&IS

Subjects
Model checking, Object-oriented programming, Computer science, Programming language, Semantics (computer science), IR-38256, USable, Object (computer science), computer.software_genre, EWI-1718, METIS-209492, Asynchronous communication, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, Software requirements, computer, SCS-Services, Software, Information Systems
Abstract

In this paper we define a requirements-level execution semantics for object-oriented statecharts and show how properties of a system specified by these statecharts can be model checked using tool support for model checkers. Our execution semantics is requirements-level because it uses the perfect technology assumption, which abstracts from limitations imposed by an implementation. Statecharts describe object life cycles. Our semantics includes synchronous and asynchronous communication between objects and creation and deletion of objects. Our tool support presents a graphical front-end to model checkers, making these tools usable to people who are not specialists in model checking. The model-checking approach presented in this paper is embedded in an informal but precise method for software requirements and design. We discuss some of our experiences with model checking.

Published
2002

33. Technical Action Research

Author

Roel Wieringa

Subjects
Human–computer interaction, Process (engineering), Computer science, Enterprise architecture, Problem context, Artifact (software development), Action research, Knowledge question, Abductive reasoning, Field (computer science)
Abstract

Technical action research (TAR) is the use of an experimental artifact to help a client and to learn about its effects in practice. The artifact is experimental, which means that it is still under development and has not yet been transferred to the original problem context. A TAR study is a way to validate the artifact in the field. It is the last stage in the process of scaling up from the conditions of the laboratory to the unprotected conditions of practice.

Published
2014

34. The Structure of Goal Models in Requirements Engineering

Author

Henderik A. Proper and Roel Wieringa

Subjects
Requirements management, Structure (mathematical logic), Requirement, Non-functional requirement, Goal modeling, Requirements engineering, Computer science, Systems engineering, Requirements analysis
Published
2014

35. Statistical Difference-Making Experiments

Author

Roel Wieringa

Subjects
education.field_of_study, business.industry, Population, Statistical difference, Outcome measures, Pattern recognition, Object (computer science), Causal inference, Unify modeling language, Statistical inference, Artificial intelligence, business, education, Mathematics, Sequence (medicine)
Abstract

In a statistical difference-making experiment, two or more experimental treatments are compared on samples of population elements to see if they make a difference, on the average, for a measured variable.More than two treatments may be compared, and more than one outcome measure may be used. Different treatments may be applied to different objects of study in parallel or to the same object of study in sequence.

Published
2014

36. What Is Design Science?

Author

Roel Wieringa

Subjects
Knowledge management, Scope (project management), Computer science, business.industry, Context (language use), Artifact (software development), Design science, Applied science, business, Sect, Object (philosophy), Learning sciences
Abstract

To do a design science project, you have to understand its major components, namely, its object of study and its two major activities. The object of study is an artifact in context (Sect. 1.1), and its two major activities are designing and investigating this artifact in context (Sect. 1.2). For the design activity, it is important to know the social context of stakeholders and goals of the project, as this is the source of the research budget as well as the destination of useful research results. For the investigative activity, it is important to be familiar with the knowledge context of the project, as you will use this knowledge and also contribute to it. Jointly, the two major activities and the two contexts form a framework for design science that I describe in Sect. 1.3. In Sect. 1.4, I show why in design science the knowledge that we use and produce is not universal but has middle-range scope.

Published
2014

37. Stakeholder and Goal Analysis

Author

Roel Wieringa

Subjects
Structure (mathematical logic), Research design, Stakeholder, Normative, Stakeholder analysis, Context (language use), Engineering ethics, Design science research, Business, Design science
Abstract

Design science research projects take place in normative context of laws, regulations, constraints, ethics, human values, desires, and goals. In this chapter, we discuss goals. In utility-driven projects, there are stakeholders who have goals that the research project must contribute to. In exploratory projects, potential stakeholders may not know that they are potential stakeholders, and it may not be clear what their goals are. Nevertheless, or because of that, even in exploratory projects, it is useful to think about who might be interested in the project results and, importantly, who would sponsor the project. After all, design research should produce potentially useful knowledge. We therefore discuss possible stakeholders in Sect. 4.1 and discuss the structure of stakeholder desires and goals in Sect. 4.2. In Sect. 4.3, we classify possible conflicts among stakeholder desires that may need to be resolved by the project.

Published
2014

38. Observational Case Studies

Author

Roel Wieringa

Subjects
Requirements engineering, restrict, Intervention (counseling), Applied psychology, Observational study, Knowledge question, Psychology, Abductive reasoning
Abstract

An observational case study is a study of a real-world case without performing an intervention. Measurement may influence the measured phenomena, but as in all forms of research, the researcher tries to restrict this to a minimum.

Published
2014

39. The Design Cycle

Author

Roel Wieringa

Subjects
Set (abstract data type), Treatment design, Computer science, Iterated function, Design science research, Design cycle, Design science, Industrial engineering, Task (project management)
Abstract

A design science project iterates over the activities of designing and investigating. The design task itself is decomposed into three tasks, namely, problem investigation, treatment design, and treatment validation. We call this set of three tasks the design cycle, because researchers iterate over these tasks many times in a design science research project.

Published
2014

40. Analogic Inference Design

Author

Roel Wieringa

Subjects
education.field_of_study, Theoretical computer science, Generalization, Computer science, Schema (psychology), Population, Inference, Analogy, Statistical model, education, Abductive reasoning, Similitude
Abstract

Analogic inference is generalization by similarity. In our schema of inferences (Fig. 15.1), analogic inference is done after abductive inference. What we generalize about by analogy is not a description of phenomena, nor a statistical model of a population, but an explanation. In Sect. 15.1, we show that it can be used in case-based and in sample-based research. In Sect. 15.2, we contrast feature-based similarity with architectural similarity and show that architectural similarity gives a better basis for generalization than feature-based similarity. Analogic generalization is done by induction over a series of positive and negative cases, called analytical induction (Sect. 15.3). We discuss the validity of analogic generalizations in Sect. 15.4 and generalize the concept of generalization to that of a theory of similitude in Sect. 15.5.

Published
2014

41. A Road Map of Research Methods

Author

Roel Wieringa

Subjects
Part iii, Empirical research, Conceptual framework, Computer science, Management science, Research questions, Design science research, Road map, Design cycle
Abstract

The road map of this book was shown in outline in the Preface, and is here shown with more detail in Fig. 16.1 (Research Goals and Research Questions). As stated in the Introduction, design science research iterates over solving design problems and answering knowledge questions. Design problems that need novel treatments are dealt with rationally by the design cycle, which has been treated in Part II. Knowledge questions that require empirical research to answer, are dealt with rationally by the empirical cycle, which has been treated in Part IV. Design and empirical research both require theoretical knowledge in the form of conceptual frameworks and theoretical generalizations, which enhance our capability to describe, explain, and predict phenomena, and to design artifacts that produce these phenomena. Theoretical frameworks have been treated in Part III.

Published
2014

42. Single-Case Mechanism Experiments

Author

Roel Wieringa

Subjects
Experimental mechanics, Computer science, Mechanism (biology), restrict, Data mining, computer.software_genre, Object (computer science), computer, Implementation evaluation, Test (assessment)
Abstract

A single-case mechanism experiment is a test of a mechanism in a single object of study with a known architecture. The research goal is to describe and explain the cause-effect behavior of the object of study. This can be used in implementation evaluation and problem investigation, where we do real-world research. It can also be used in validation research, where we test validation models. In this chapter, we restrict ourselves to validation research, and in the checklist and examples, the object of study is a validation model.

Published
2014

44. The Empirical Cycle

Author

Roel Wieringa

Subjects
Sociology of scientific knowledge, Knowledge management, business.industry, Computer science, business, Checklist
Abstract

We now turn to the empirical cycle, which is a rational way to answer scientific knowledge questions. It is structured as a checklist of issues to decide when a researcher designs a research setup and wants to reason about the data produced by this setup.

Published
2014

45. Statistical Inference Design

Author

Roel Wieringa

Subjects
Predictive inference, Computer science, Frequentist inference, Statistics, Fiducial inference, Statistical inference, Inference, Algorithmic inference, Statistical theory, Bayesian inference
Abstract

Statistical inference is the inference of properties of the distribution of variables of a population, from a sample selected from the population (Fig. 13.1). To do statistical inference, your conceptual research framework should define the relevant statistical structures, namely, a population and one or more random variables (Chap. 8, Conceptual Frameworks). The probability distributions of the variables over the population are usually unknown. This chapter is required for Chap. 20 on statistical difference-making experiments, but not for the other chapters that follow. Open image in new window Fig. 13.1 Statistical inference is the inference of properties of the probability distribution of variables

Published
2014

46. Descriptive Inference Design

Author

Roel Wieringa

Subjects
Reasonable doubt, Descriptive statistics, Computer science, business.industry, Window (computing), Inference, computer.software_genre, Data preparation, Extreme programming practices, Descriptive validity, Artificial intelligence, business, computer, Natural language processing
Abstract

Descriptive inference summarizes the data into descriptions of phenomena (Fig. 12.1). This requires data preparation (Sect. 12.1). Any symbolic data must be interpreted (Sect. 12.2), and quantitative data can be summarized in descriptive statistics (Sect. 12.3). The descriptions produced this way are to be treated as facts, and so ideally there should not be any amplification in descriptive inference. But in practice there may be, and descriptive validity requires that any addition of information to the data be defensible beyond reasonable doubt (Sect. 12.4). Open image in new window Fig. 12.1 Descriptive inference produces descriptions of phenomena from measurement data

Published
2014

47. Implementation Evaluation and Problem Investigation

Author

Roel Wieringa

Subjects
Antenna array, Requirements engineering, Computer engineering, Computer science, Designtheory, Problem context, Artifact (software development), Cloud service provider, Implementation evaluation
Abstract

Treatments are designed to be used in the real world, in the original problem context. Once they are implemented in the original problem context, this is an important source of information about the properties of the artifact and about the treatment that it provides. This may or may not trigger a new iteration through the engineering cycle.

Published
2014

48. Assumption-based Risk identification Method (ARM) in dynamic service provisioning

Author

Eelco Vriezekolk, Alireza Zarghami, Mohammad Eslami, Marten van Sinderen, and Roel Wieringa

Subjects
Service (business), Dynamic service provisioning, Engineering, EWI-23796, Requirements Engineering, Requirements engineering, IR-88326, business.industry, computer.internet_protocol, Service-oriented architecture, Service provider, Composite application, Composite applications, Reliability engineering, System requirements, METIS-300057, Risk analysis (engineering), Formal specification, Component (UML), Risks, Homecare systems, business, computer, SCS-Services
Abstract

In this paper we consider service-oriented applications composed of component services provided by different, economically independent service providers. As in all composite applications, the component services are composed and configured to meet requirements for the composite application. However, in a field experiment of composite service-oriented applications wef found that, although the services as actually delivered by the service providers meet their requirements, there is still a mismatch across service providers due to unstated assumptions, and that this mismatch causes an incorrect composite application to be delivered to end-users. Identifying and analyzing these initially unstated assumptions turns requirements engineering for service-oriented applications into risk analysis. In this paper, we describe a field experiment with an experimental service-oriented homecare system, in which unexpected behavior of the system turned up unstated assumptions about the contributing service providers. We then present an assumptions-driven risk identification method that can help identifying these risks, and we show how we applied this method in the second iteration of the field experiment. The method adapts some techniques from problem frame diagrams to identify relevant assumptions on service providers. The method is informal, and takes the “view from nowhere” in that it does not result in a specification of the component services, but for every component service delivers a set of assumptions that the service must satisfy in order to contribute to the overall system requirements. We end the paper with a discussion of generalizability of this method.

Published
2013

49. A survey of structured and object-oriented software specification methods and techniques

Author

Roel Wieringa

Subjects
IR-61831, Object-oriented programming, General Computer Science, Programming language, Computer science, business.industry, Formal semantics (linguistics), Software development, Software requirements specification, computer.software_genre, Theoretical Computer Science, Formal specification, Decomposition (computer science), EWI-10637, Program Design Language, business, SCS-Services, computer
Abstract

This article surveys techniques used in structured and object-oriented software specification methods. The techniques are classified as techniques for the specification of external interaction and internal decomposition. The external specification techniques are further subdivided into techniques for the specification of functions, behavior, and communication. After surveying the techniques, we summarize the way they are used in structured and object-oriented methods and indicate ways in which they can be combined. This article ends with a plea for simplicity in diagram techniques and for the use of formal semantics to define these techniques. The appendices show how the reviewed techniques are used in 6 structured and 19 object-oriented specification methods.

Published
1998

50. Guest Editors' Introduction: Stakeholders in Requirements Engineering

Author

Roel Wieringa and Martin Glinz

Subjects
Requirements management, Engineering, Knowledge management, Process management, Requirements engineering, business.industry, Process (engineering), Context (language use), System requirements, Stakeholder analysis, Project management, business, Requirements analysis, Software
Abstract

The growing attention being paid to stakeholders' needs and desires reflects the growing importance of requirements engineering (RE) in software and systems development. This introduction reviews the RE process: identifying the stakeholders in a project, determining who and how important they are, prioritizing the identified stakeholder roles, and selecting representative individuals or groups from the identified and prioritized stakeholder roles with whom the development team can elicit and validate system requirements. The authors then mention each article in the issue in the context of today's latest thinking on RE. This article introduces a special issue on stakeholders in requirements engineering.

Published
2007

Catalog

Books, media, physical & digital resources
See catalog results