DevOps Business Model: Work from Home Environment

DevOps is a culture-oriented software development and operations methodology, and software organizations increasingly adopting it due to its flexibility and good business gains. Especially, in Covid situations DevOps give a good support to software development organizations to carry development and operations activities through cloud-native DevOps in work from home environment and starting new businesses. The technological advancement makes the world a global village, though, there is dire need of guidelines and standards for the adoption of DevOps across the borders and out of office. Considering the significance of DevOps in current era of software business, we plan to develop a roadmap aiming to assist the software development organizations to adopt DevOps process over the globe and in work-from-home format. In this study, we are proposing an initial idea towards the development of robust and comprehensive guide for DevOps adoption in geographically distributed environment.Post-print / Final draf

Towards People Maturity for Secure Development and Operations: A vision

Abstract DevOps (development and operations) is a set of collaborative practices that automate continuous delivery of new software versions with an aim to reduce the development life cycle and produce quality software products. Security is an important attribute of quality software. Software is secure if it does not allow the confidentiality, integrity, and availability of its data, code, or service to be compromised. In order to take full advantage of DevOps, security needs to play an integral part in the development life cycle of a software. The DevSecOps (development, security, and operations) refers to the integrating security practices within the DevOps process. DevSecOps promotes the shifting security to the early stages of a project. Traditionally, security testing is done towards the end of the software lifecycle. However, fixing issues later in the process is more costly than making sure defects do not happen in the beginning. DevSecOps goes beyond automation, continuous integration, testing and delivery processes, since it also encompasses people. In fact, DevSecOps promotes the collaboration between the development, operations, and security teams. When security comes into DevOps routines, people play an even more relevant role involving the collaboration between those teams and security team. In any organization policies, standards, procedures and code of conducts are designed for people to follow. People are executers of policies. The human factor is one of the major forces behind effectiveness, or failure of a security system. Traditionally, the organizations focus on protecting their infrastructure, from security threats and they ignore human behavior that may result in malicious activities during software development process. Human aspect is considered as one of the major reasons of security vulnerability is due to malicious human behavior, who are involved in DevSecOps process; human may make mistakes due to lack of security perceptions, skills, and knowledge. These mistakes would bring a great loss if they are not properly handled. To overcome this challenge, there is a need of a specific maturity model that help to assess and guide the DevSecOps adoption. The key objective of this research project is to develop a people maturity model for DevSecOps (PMM-DevSecOps), that could help the practitioners to assess and manage their security vulnerability caused by human malicious behavior and lack of skills. To address the objective of this research project, we will use the systematic literature review (SLR), multivocal literature review (MLR) and questionnaire survey approach to identify and validate the critical success factors (CSFs), critical challenges (CCHs) and the related best practices of human related vulnerabilities for DevSecOps. Using the identified CSFs, CCHs and their related best practices, we will develop the maturity levels of proposed maturity model (i.e., PMM-DevSecOps), based on the concepts of the existing maturity models in other software engineering domains and the perceptions of the practitioners and academic researchers. Every maturity level will comprise of different CSFs and CCHs that can help in assessing and managing security vulnerability caused by human malicious behavior and lack of skills. We are confident that the proposed model will provide a roadmap for software development organizations to measure their maturity to assess and improve their security vulnerability caused by human malicious behavior and lack of skills while executing DevSecOps process.Abstract DevOps (development and operations) is a set of collaborative practices that automate continuous delivery of new software versions with an aim to reduce the development life cycle and produce quality software products. Security is an important attribute of quality software. Software is secure if it does not allow the confidentiality, integrity, and availability of its data, code, or service to be compromised. In order to take full advantage of DevOps, security needs to play an integral part in the development life cycle of a software. The DevSecOps (development, security, and operations) refers to the integrating security practices within the DevOps process. DevSecOps promotes the shifting security to the early stages of a project. Traditionally, security testing is done towards the end of the software lifecycle. However, fixing issues later in the process is more costly than making sure defects do not happen in the beginning. DevSecOps goes beyond automation, continuous integration, testing and delivery processes, since it also encompasses people. In fact, DevSecOps promotes the collaboration between the development, operations, and security teams. When security comes into DevOps routines, people play an even more relevant role involving the collaboration between those teams and security team. In any organization policies, standards, procedures and code of conducts are designed for people to follow. People are executers of policies. The human factor is one of the major forces behind effectiveness, or failure of a security system. Traditionally, the organizations focus on protecting their infrastructure, from security threats and they ignore human behavior that may result in malicious activities during software development process. Human aspect is considered as one of the major reasons of security vulnerability is due to malicious human behavior, who are involved in DevSecOps process; human may make mistakes due to lack of security perceptions, skills, and knowledge. These mistakes would bring a great loss if they are not properly handled. To overcome this challenge, there is a need of a specific maturity model that help to assess and guide the DevSecOps adoption. The key objective of this research project is to develop a people maturity model for DevSecOps (PMM-DevSecOps), that could help the practitioners to assess and manage their security vulnerability caused by human malicious behavior and lack of skills. To address the objective of this research project, we will use the systematic literature review (SLR), multivocal literature review (MLR) and questionnaire survey approach to identify and validate the critical success factors (CSFs), critical challenges (CCHs) and the related best practices of human related vulnerabilities for DevSecOps. Using the identified CSFs, CCHs and their related best practices, we will develop the maturity levels of proposed maturity model (i.e., PMM-DevSecOps), based on the concepts of the existing maturity models in other software engineering domains and the perceptions of the practitioners and academic researchers. Every maturity level will comprise of different CSFs and CCHs that can help in assessing and managing security vulnerability caused by human malicious behavior and lack of skills. We are confident that the proposed model will provide a roadmap for software development organizations to measure their maturity to assess and improve their security vulnerability caused by human malicious behavior and lack of skills while executing DevSecOps process

A Vision of DevOps Requirements Change Management Standardization

Abstract DevOps (development and operations) aims to shorten the software development process and provide continuous delivery with high software quality. To get the potential gains of DevOps, the software development industry considering global software development (GSD) environment to hire skilled human resources and round-the-clock working hours. However, due to the lack of frequent communication and coordination in GSD, the planning and managing of the requirements change process becomes a challenging task. As in DevOps, requirements are not only shaped by development feedback but also by the operations team. This means requirements affect development, development affects operations and operations affect requirements. However, DevOps in GSD still faces many challenges in terms of requirement management. The purpose of this research project is to develop a DevOps requirement change management and implementation maturity model (DevOps-RCMIMM) that could assist the GSD organizations in modifying and improving their requirement management process in the DevOps process. The development of DevOps-RCMIMM will be based on the existing DevOps and RCM literature, industrial empirical study, and understanding of factors that could impact the implementation of the DevOps requirement change management process in the domain of GSD. This vision study presents the initial results of a systematic literature review that will contribute to the development of maturity levels of the proposed DevOps-RCMIMM.Abstract DevOps (development and operations) aims to shorten the software development process and provide continuous delivery with high software quality. To get the potential gains of DevOps, the software development industry considering global software development (GSD) environment to hire skilled human resources and round-the-clock working hours. However, due to the lack of frequent communication and coordination in GSD, the planning and managing of the requirements change process becomes a challenging task. As in DevOps, requirements are not only shaped by development feedback but also by the operations team. This means requirements affect development, development affects operations and operations affect requirements. However, DevOps in GSD still faces many challenges in terms of requirement management. The purpose of this research project is to develop a DevOps requirement change management and implementation maturity model (DevOps-RCMIMM) that could assist the GSD organizations in modifying and improving their requirement management process in the DevOps process. The development of DevOps-RCMIMM will be based on the existing DevOps and RCM literature, industrial empirical study, and understanding of factors that could impact the implementation of the DevOps requirement change management process in the domain of GSD. This vision study presents the initial results of a systematic literature review that will contribute to the development of maturity levels of the proposed DevOps-RCMIMM

A Vision of DevOps Requirements Change Management Standardization

DevOps (development and operations) aims to shorten the software development process and provide continuous delivery with high software quality. To get the potential gains of DevOps, the software development industry considering global software development (GSD) environment to hire skilled human resources and round-the-clock working hours. However, due to the lack of frequent communication and coordination in GSD, the planning and managing of the requirements change process becomes a challenging task. As in DevOps, requirements are not only shaped by development feedback but also by the operations team. This means requirements affect development, development affects operations and operations affect requirements. However, DevOps in GSD still faces many challenges in terms of requirement management. The purpose of this research project is to develop a DevOps requirement change management and implementation maturity model (DevOps-RCMIMM) that could assist the GSD organizations in modifying and improving their requirement management process in the DevOps process. The development of DevOps-RCMIMM will be based on the existing DevOps and RCM literature, industrial empirical study, and understanding of factors that could impact the implementation of the DevOps requirement change management process in the domain of GSD. This vision study presents the initial results of a systematic literature review that will contribute to the development of maturity levels of the proposed DevOps-RCMIMM

Quantum Software Engineering: A New Genre of Computing

Quantum computing (QC) is no longer only a scientific interest but is rapidly becoming an industrially available technology that can potentially tackle the limitations of classical computing. Over the last few years, major technology giants have invested in developing hardware and programming frameworks to develop quantum-specific applications. QC hardware technologies are gaining momentum, however, operationalizing the QC technologies trigger the need for software-intensive methodologies, techniques, processes, tools, roles, and responsibilities for developing industrial-centric quantum software applications. This paper presents the vision of the quantum software engineering (QSE) life cycle consisting of quantum requirements engineering, quantum software design, quantum software implementation, quantum software testing, and quantum software maintenance. This paper particularly calls for joint contributions of software engineering research and industrial community to present real-world solutions to support the entire quantum software development activities. The proposed vision facilitates the researchers and practitioners to propose new processes, reference architectures, novel tools, and practices to leverage quantum computers and develop emerging and next generations of quantum software

Change Management in Cloud-Based Offshore Software Development: A Researchers Perspective

Cloud based Offshore Software Development Outsourcing (COSDO) concept is complex and comes with various challenges, specifically related to the Requirements Change Management (RCM) process. This study aims to investigate the success factors (SF) that could positively influence RCM activities in COSDO firms and to propose a theoretical framework for the investigated aspects. A systematic literature review (SLR) method was adopted to investigate SF. Finally, based on the investigated factors, we developed a theoretical framework that shows the relationship between the identified factors and the implementation of the RCM process in the COSDO domain. The findings of this study could help researchers and practitioners address the key issues of the RCM process in COSDO organizations.Post-print / Final draf

A systematic decision-making framework for tackling quantum software engineering challenges

Quantum computing systems harness the power of quantum mechanics to execute computationally demanding tasks more effectively than their classical counterparts. This has led to the emergence of Quantum Software Engineering (QSE), which focuses on unlocking the full potential of quantum computing systems. As QSE gains prominence, it seeks to address the evolving challenges of quantum software development by offering comprehensive concepts, principles, and guidelines. This paper aims to identify, prioritize, and develop a systematic decision-making framework of the challenging factors associated with QSE process execution. We conducted a literature survey to identify the challenging factors associated with QSE process and mapped them into 7 core categories. Additionally, we used a questionnaire survey to collect insights from practitioners regarding these challenges. To examine the relationships between core categories of challenging factors, we applied Interpretive Structure Modeling (ISM). Lastly, we applied fuzzy TOPSIS to rank the identified challenging factors concerning to their criticality for QSE process. We have identified 22 challenging factors of QSE process and mapped them to 7 core categories. The ISM results indicate that the ‘resources’ category has the most decisive influence on the other six core categories of the identified challenging factors. Moreover, the fuzzy TOPSIS indicates that ‘complex programming’, ‘limited software libraries’, ‘maintenance complexity’, ‘lack of training and workshops’, and ‘data encoding issues’ are the highest priority challenging factor for QSE process execution. Organizations using QSE could consider the identified challenging factors and their prioritization to improve their QSE process

A theory on human factors in DevOps adoption

Context:DevOps is a software engineering paradigm that enables faster deliveries and higher quality products. However, DevOps adoption is a complex process that is still insufficiently supported by research. In addition, human factors are the main difficulty for a successful DevOps adoption, although very few studies address this topic.Objective:This paper addresses two research gaps identified in literature, namely: (1) the characterization of DevOps from the perspective of human factors, i.e. the description of DevOps’ human characteristics to better define it, and (2) the identification and analysis of human factors’ effect in the adoption of DevOps.Method:We employed a hybrid methodology that included a Systematic Mapping Study followed by the application of a clustering technique. A questionnaire for DevOps practitioners (n = 15) was employed as an evaluation method.Results:A total of 59 human factors related to DevOps were identified, described, and synthesized. The results were used to build a theory on DevOps human factors.Conclusion:The main contribution of this paper is a theory proposal regarding human factors in DevOps adoption. The evaluation results show that almost every human factor identified in the mapping study was found relevant in DevOps adoption. The results of the study represent an extension of DevOps characterization and a first approximation to human factors in DevOps adoption

Venturing ChatGPT's lens to explore human values in software artifacts: a case study of mobile APIs

Software is designed for humans and must account for their values. However, current research and practice focus on a narrow range of well-explored values, e.g. security, overlooking a more comprehensive perspective. Those exploring a broader array of values rely on manual identification, which is labour-intensive and prone to human bias. Moreover, existing methods offer limited reliability as they fail to explain their findings. In this paper, we propose leveraging the reasoning capabilities of Large Language Models (LLMs) for automated inference about values. This allows for not only detecting values but also explaining how they are expressed in the software. We aim to examine the effectiveness of LLMs, specifically ChatGPT (Chat Generative Pre-Trained Transformer), in automated detection and explanation of values in software artifacts. Using ChatGPT, we investigate how mobile APIs align with human values based on their documentation. Human evaluation of ChatGPT's findings shows a reciprocal shift in understanding values, with both ChatGPT and experts adjusting their assessments through dialogue. While experts recognise ChatGPT's potential for revealing values, emphasis is placed on human involvement to enhance the accuracy of the findings by detecting and eliminating convincing but inaccurate explanations provided by the language model due to potential hallucinations or confabulations