Learn More
Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams, and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 (Common Criteria) together with secure design techniques such(More)
Many software development projects struggle with creating and communicating a testing culture that is appropriate for the project's needs. This may degrade software quality by leaving defects undiscovered. Previous research suggests that social coding sites such as GitHub provide a collaborative environment with a high degree of social transparency.(More)
The experience factory concept enables systematic learning and continuous improvement in software development. As with most learning initiatives, it is hard to establish. In our experience, there is a great deal of uncertainty and skepticism about the mission and contents of an experience factory. The starting phase is especially endangered through pitfalls(More)
The multitude of social media channels that programmers can use to participate in software development has given rise to online developer profiles that aggregate activity across many services. Studying members of such developer profile aggregators, we found an ecosystem that revolves around the <i>social programmer</i>. Developers are assessing each other(More)
During acceptance testing customers assess whether a system meets their expectations and often identify issues that should be improved. These findings have to be communicated to the developers -- a task we observed to be error prone, especially in distributed teams. Here, it is normally not possible to have developer representatives from every site attend(More)
Software development and acquisition require knowledge and experience in many areas of software engineering. Experience helps people to make decisions under uncertainty, and to find better compromises. Experience-based process improvement considers experience as a prerequisite for competent behavior in software development. There is usually a repository to(More)