No Arabic abstract
Industrial standards for developing medical device software provide requirements that conforming devices must meet. A number of reference software architectures have been proposed to develop such software. The ISO/IEC 25010:2011 family of standards provides a comprehensive software product quality model, including characteristics that are highly desirable in medical devices. Furthermore, frameworks like 4+1 Views provide a robust framework to develop the software architecture or high level design for any software, including for medical devices. However, the alignment between industrial standards and reference architectures for medical device software, on one hand, and ISO/IEC 25010:2011 and 4+1 Views, on the other, is not well understood. This paper aims to explore how ISO/IEC 25010:2011 and 4+1 Views are supported by current standards, namely ISO 13485:2016, ISO 14971:2012, IEC 62304:2006 and IEC 62366:2015, and current reference architectures for medical device software. We classified requirements from medical devices standards into qualities from ISO/IEC 25010:2011 and architectural views from 4+1 Views. A systematic literature review (SLR) method was followed to review current references software architectures and a mapping of their support for the identified ISO/IEC 25010:2011 qualities in the previous step was carried out. Our results show that ISO/IEC 25010:2011 qualities like functional suitability, portability, maintainability, usability, security, reliability and compatibility are highly emphasised in medical device standards. Furthermore, we show that current reference architectures only partially support these qualities. This paper can help medical device developers identify focus areas for developing standards-compliant software. A wider study involving under-development medical devices can help improve the accuracy of our findings in the future.
Software and IT industry in Pakistan have seen a dramatic growth and success in past few years and is expected to get doubled by 2020, according to a research. Software development life cycle comprises of multiple phases, activities and techniques that can lead to successful projects, and software evaluation is one of the vital and important parts of that. Software estimation can alone be the reason of product success factor or the products failure factor. To estimate the right cost, effort and resources is an art. But it is also very important to include the risks that may arise in the in a software project which can affect your estimates. In this paper, we highlight how the risks in Pakistan Software Industry can affect the estimates and how to mitigate them.
Empirical Standards are natural-language models of a scientific communitys expectations for a specific kind of study (e.g. a questionnaire survey). The ACM SIGSOFT Paper and Peer Review Quality Initiative generated empirical standards for research methods commonly used in software engineering. These living documents, which should be continuously revised to reflect evolving consensus around research best practices, will improve research quality and make peer review more effective, reliable, transparent and fair.
In the last decade, companies adopted DevOps as a fast path to deliver software products according to customer expectations, with well aligned teams and in continuous cycles. As a basic practice, DevOps relies on pipelines that simulate factory swim-lanes. The more automation in the pipeline, the shorter a lead time is supposed to be. However, applying DevOps is challenging, particularly for industrial control systems (ICS) that support critical infrastructures and that must obey to rigorous requirements from security regulations and standards. Current research on security compliant DevOps presents open gaps for this particular domain and in general for systematic application of security standards. In this paper, we present a systematic approach to integrate standard-based security activities into DevOps pipelines and highlight their automation potential. Our intention is to share our experiences and help practitioners to overcome the trade-off between adding security activities into the development process and keeping a short lead time. We conducted an evaluation of our approach at a large industrial company considering the IEC 62443-4-1 security standard that regulates ICS. The results strengthen our confidence in the usefulness of our approach and artefacts, and in that they can support practitioners to achieve security compliance while preserving agility including short lead times.
Digitalization is forging its path in the architecture, construction, engineering, operation (AECO) industry. This trend demands not only solutions for data governance but also sophisticated cyber-physical systems with a high variety of stakeholder background and very complex requirements. Existing approaches to general requirements engineering ignore the context of the AECO industry. This makes it harder for the software engineers usually lacking the knowledge of the industry context to elicit, analyze and structure the requirements and to effectively communicate with AECO professionals. To live up to that task, we present an approach and a tool for collecting AECO-specific software requirements with the aim to foster reuse and leverage domain knowledge. We introduce a common scenario space, propose a novel choice of an ubiquitous language well-suited for this particular industry and develop a systematic way to refine the scenario ontologies based on the exploration of the scenario space. The viability of our approach is demonstrated on an ontology of 20 practical scenarios from a large project aiming to develop a digital twin of a construction site.
Performing dependability evaluation along with other analyses at architectural level allows both making architectural tradeoffs and predicting the effects of architectural decisions on the dependability of an application. This paper gives guidelines for building architectural dependability models for software systems using the AADL (Architecture Analysis and Design Language). It presents reusable modeling patterns for fault-tolerant applications and shows how the presented patterns can be used in the context of a subsystem of a real-life application.