Sami Hyrynsalmi

Lappeenranta – Lahti University of Technology LUT · Department of Software Engineering

Agile methods increase the speed and reduce the cost of software projects; however, they have been criticized for lack of documentation, traditional quality control, and, most importantly, lack of security assurance - mostly due to their informal and self-organizing approach to software development. This paper clarifies the requirements for securit...

The ‘App economy’ is a highly lucrative and competitive market for independent software vendors as it potentially offers an easy highway to reach millions of users. However, the mobile application landscape is scattered and an application developer has to publish the software for several different platforms to be able to serve a majority of smart p...

Robert C. Martin presented a software metric for a set of classes i.e. a package. The objective of the package level metric is to identify poorly designed packages. The Martin’s metric actually consists of eight metrics which measure a few different characteristics of packages. The metric is widely known, but there is lack of theoretical and empiri...

There are always two sides to every story. This statement is true also for the most recent hype term gamification – i.e., bringing game design elements into non-game contexts – that has been used to improve users’ motivation and performance in various domains. Previous studies on gamification have mainly taken a positive approach towards the phenom...

This study structures the ecosystem literature by using a bibliometrical approach by analysing theoretical roots of ecosystem studies. Several disciplines, such as innovation, management and software studies have established own streams in the ecosystem research. This paper reports the results of analysing 601 articles from the Thomson Reuters Web...

Data has been quickly becoming as the fuel, the new oil, of growth and prosperity of companies in the modern age. With useful data and sufficient tools, companies have the ability to enhance their current products, presents new innovations and services as well as generate new revenue streams with a secondary customer base. While there are ongoing e...

In a large-scale agile environment, a Product Owner receives requests from many different directions. Freedom to influence the direction of the product and push ideas forward sometimes requires saying “no”. This is a case study that has been made by interviewing several Product Owners or people working in a Product Owner type of role. The case comp...

Product Operations (Product Ops) is a concept gaining momentum among product management practitioners in the software domain. Practitioners share success stories and describe various benefits of implementing Product Ops in software organizations. However, there is a lack of consensus on a definition and areas of responsibility of the role, which ma...

Abstract: In the Scrum Guide, the Product Owner (PO) is defined as being accountable for maximizing the value of the product they are responsible for. Thus, a Product Owner shares many responsibilities with a Software Product Manager (SPM), who is defined as a role governing the creation of the highest possible value to the business from the produc...

Highlights • A systematic literature review was conducted to identify critical success factors. • A total of 38 primary studies and nearly 100 different factors were identified. • Results were categorized into 10 main critical success factors. • A synthesized model of critical success factors in DevOps and their relationships is proposed. Conte...

Purpose Data economy is a recent phenomenon, raised by digital transformation and platformisation, which has enabled the concentration of data that can be used in economic purposes. However, there is a lack of clear procedures and ethical rules on how data economy ecosystems are governed. As a response to the current situation, there has been criti...

Software producing organizations face the challenges of changing demands, rapidly evolving technology, and a dynamic ecosystem in which their products and services need to operate. These challenges hinder software organizations being sustainable. The 5th International Workshop on Software-Intensive Business (IWSiB) brought researchers and practitio...

A growing number of software companies nowadays offer their solutions using the SaaS model. The model promises multiple business-related benefits for these companies; however, existing software companies are forced to re-develop products and reconsider product strategies to address all the aspects of the new SaaS model. The existing literature prov...

Data has been claimed to be the new oil of the 21st century as it has seen to be able both to improve the existing products and services as well as to create new revenue streams for its utilizing company with a secondary customers base. However, while there is active streams of research for developing machine learning and data science methods, cons...

DevOps is a set of organizational practices as well as a culture which tries to eliminate the barriers between the Devs and Ops teams, improve the collaboration and communication among teammates. DevOps is used in different organizations because it supports quicker production, stability and reliability for software development. While the success fa...

In this study, we explore prominent contemporary technology trajectories in the software industry and how they are expected to influence the work in the software industry. Consequently, we build on cultural lag theory to analyze how technological changes affect work in software development. We present the results from a series of expert interviews...

[Context] The COVID-19 pandemic has had a disruptive impact on how people work and collaborate across all global economic sectors, including the software business. While remote working is not new for software engineers, forced Work-from-home situations to come with both constraints, limitations, and opportunities for individuals, software teams and...

The Internet of Things (IoT) is a growing area in everyday life. New applications under the umbrella term IoT are being developed continually. This development has raised the need for framework definitions for different purposes. This research introduces a special software/hardware framework for data gathering systems to be used in IoT related syst...

Agile software development was introduced in the beginning of the 2000s to increase the visibility and efficiency software projects. Since then it has become as an industry standard. However, fitting sequential security engineering development models into iterative and incremental development practices in agile methods has caused difficulties in de...

DevOps is a software development and operation practice, and a recent addition to a large family of different kinds of software process models. The model was born as it was observed that information systems operations and information system developments are closely integrated activities for the success of any organization. Thus, DevOps methods are...

Blockchain is a software innovation which is based on a cryptographically secured, decentralised, and distributed storage of data. The technological breakthrough was done as a part of and became familiar through cryptocurrencies, where it is used to openly store currency transactions among its users. Block-chain technology has been since proposed a...

The global pandemic has shown: thanks to advanced software technologies, society and businesses were able to quickly respond to environmental disruptions. Software-intensive businesses had to quickly pivot their business models, and demands in software-based service offer- ings facilitating remote work drastically increased and challenged control m...

Free-to-play games are dominating the gaming environment on mobile phones. They are free to download and fast to get known and can hook gamers for a long period of time. Yet game companies are generating revenue with in-game payments. Research has shown that a small percentage of gamers actually use money in free-to-play games. This survey study is...

In this work we explore digital transformation in software development. A set of interviews were conducted among industry experts to identify and elucidate the drivers and trajectories of digital transformation within the software industry. Using the Gioia method for qualitative analysis and synthesis, two major trajectories were found: (1) automat...

The COVID-19 pandemic has shaken the world and limited work/personal life activities. Besides the loss of human lives and agony faced by humankind, the pandemic has badly hit different sectors economically, including the travel industry. Special arrangements, including COVID test before departure and on arrival, and voluntary quarantine, were enfor...

The COVID-19 pandemic has shaken the world and limited work/personal life activities. Besides the loss of human lives and agony faced by humankind, the pandemic has badly hit different sectors economically, including the travel industry. Special arrangements, including COVID test before departure and on arrival, and voluntary quarantine, were enfor...

When used in its best way, interactive storytelling has the power to create unique, adaptive and unforgettable stories for an interactor. However, the same mechanisms that are able to create elements of surprise and joy can be used to construct ethically questionable and even malevolent experiences. As the creators are often held responsible for th...

Software Product Management (SPM) is a relatively young research area which aims to understand how to productise a software product or a service as well as how to align it with the organisation's strategy. While the research of an academic discipline of SPM started to emerge as yearly as 1990s, the most impactful works have been published during 20...

The crosscutting need for high-skilled specialists is descriptive for the newest industrial revolution. The software industry is one of the most knowledge-intensive fields and the lack of competent labor can be harmful for the growth of the industry. Furthermore, the lack of competent workforce in the software industry will harm other industries as...

The demand for high-skill and deep knowledge is a key characteristic for modern-day software business. In addition, the whole impact of information and communication technology (ICT) is seen as a cross-cutting element in different industries. The software industry in Finland is suffering from a severe labour shortage and the estimations of needed l...

In this research, we investigate peer review in the development of Linux by drawing on network theory and network analysis. We frame an analytical model which integrates the sociological principle of homophily (i.e., the relational tendency of individuals to establish relationships with similar others) with prior research on peer-review in general...

Context: Contemporary software development is typically conducted in dynamic, resource-scarce environments that are prone to the accumulation of technical debt. While this general phenomenon is acknowledged, what remains unknown is how technical debt specifically manifests in and affects software processes, and how the software development techniqu...

Although blockchain-based digital services promise trust, accountability, and transparency, multiple paradoxes between blockchains and GDPR have been highlighted in the recent literature. Some of the recent literature also proposed possible solutions to these paradoxes. This article aims to conduct a systematic literature review on GDPR compliant b...

In seeking to complement consultants' and tool vendors' reports, there has been an increasing academic focus on understanding the adoption and use of software development methods and practices. We surveyed practitioners working in Brazil, Finland, and New Zealand in a transnational study to contribute to these efforts. Among our findings we observe...

Business Model Canvas (BMC) is a tool widely used to describe startup business models. Despite the various business aspects described, BMC pays a little emphasis on team-related factors. The importance of team-related factors in software development has been acknowledged widely in literature. While not as extensively studied, the importance of team...

Location-based games—urban games which are played in real life locations—are growing their share in the mobile gaming markets. While these kinds of games have been present since the growing popularity of so-called feature phones, they gained remarkable momentum through the popularity of Niantic Inc.’s Pokémon Go, Ingress and later Harry Potter: Wiz...

International Conference on Software Business (ICSOB), one of the first software-intensive business specific conference series, was founded in 2010 and during the last decade, it has each year hosted tens of studies addressing various aspects of doing business with software products and services. As the conference has remained rather similar, it ac...

Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activiti...

Context: Software security engineering provides the means to define, implement and verify security in software products. Software security engineering is performed by following a software security development life cycle model or a security capability maturity model. However, agile software development methods and processes, dominant in the software...

Location-based games-urban games which are played in real life locations-are growing their share in the mobile gaming markets. While these kinds of games have been present since the growing popularity of so-called feature phones, they gained remarkable momentum through the popularity of Niantic Inc.'s Pokémon Go, Ingress and later Harry Potter: Wiz...

Abstract. International Conference on Software Business (ICSOB), one of the first software-intensive business specific conference series, was founded in 2010 and during the last decade, it has each year hosted tens of studies addressing various aspects of doing business with software products and services. As the conference has remained rather simi...

Business Model Canvas (BMC) is a tool widely used to describe startup business models. Despite the various business aspects described, BMC pays a little emphasis on team- related factors. The importance of team-related factors in software development has been acknowledged widely in literature. While not as extensively studied, the importance of tea...

This position paper identifies benefits of using open source ecosystem practices within civic tech projects, the barriers against it, and offers some technical solutions that could address some of these barriers. We also lay the foundation for looking into less tangible aspects such as mutual benefits between the communities and cross community lea...

The widespread adoption of the freemium business model together with the introduction of cost-efficient analytics tools have made the use of analytics pervasive in the game industry. While big data and analytics have drawn extensive scholarly attention, the research focusing particularly on game analytics is scant and largely descriptive. Thus, the...

Blockchain is a recent development in technology which allows a cryptographically secured, decentralised and distributed storage of data. The technology innovation was done as a part of and became familiar through Bitcoin cryptocurrency, where it is used to openly store currency transactions among its users. Whereas a majority of recent research an...

Context: Coordination is a fundamental tenet of software engineering. Coordination is required also for identifying discovered and disclosed software vulnerabilities with Common Vulnerabilities and Exposures (CVEs). Motivated by recent practical challenges, this paper examines the coordination of CVEs for open source projects through a public maili...

Digitisation of governmental services has become a common approach to make governing more effective and efficient. The eGovernment services can be built on top of a variety of information systems and supplied to and between individuals and organisations on both national and international levels. This results in a complex organisational and socio-te...

Modern gaming—especially in mobile platforms—has turned into a quagmire of questionable practices. This chapter takes a look into the ethical problems brought about by the increasing importance of monetisation in game design. We recognise five factors that are threatening the player’s game experience and argue how they constitute unethical behaviou...

Location-based games (LBGs), where the user's physical location is a central part of gameplay, have become popular since the commercial success of Pokémon Go. The extant literature has focused to explain the success of LBGs by focusing on aspects of gratification and reasons to start, continue and quit playing. This study departs from the previous...

ACM SIGSOFT International Workshop on Software-intensive Business: Start-ups, Platforms and Ecosystems (IWSiB 2019) was hosted by ESEC/FSE 2019 and it was held in Tallinn in August 2019. The workshop was motivated by a preceding Dagstuhl Seminar 18182 in which the participants agreed on founding of a workshop series for promoting and advancing the...

Asynchronous telemedicine systems face many challenges related to information security as the patient's sensitive information and data on medicine dosage is transmitted over a network when monitoring patients and controlling asynchronous telemedical IoT devices. This information may be modified or spied on by a malicious adversary. To make asynchro...

Since the breakthrough of Apple's iOS platform and AppStore marketplace a decade ago, different kinds of ecosystems and platforms have conquered the world. In the ecosystem-based business model, a platform owner offers a technological solution (e.g., Apple, Google) for end-users (e.g., smart phone users) and producers (e.g., application and content...

Software vulnerabilities are security-related software bugs. Direct disclosure refers to a practice that is widely used for communicating the confidential information about vulnerabilities between two parties, vulnerability discoverers and software producers. Building on software vulnerability life cycle analysis, this empirical paper observes the...

What do you imagine in your mind when hearing the term ‘business ecosystem’? Is the image the same as your colleague’s vision or how it was used in the latest ecosystem paper you have read? In this paper, Ulrich Beck’s theory of a zombie category is used as an instrument to raise the question whether the general concept of an ‘ecosystem’ is already...

The software industry is facing rapid changes both in the field of new technologies and skills demanded. New kind of people with a multiple background are sought by recruiters and industry is already suffering from a severe labour shortage. One of the solutions have been to get more to the industry and past decades a lot of work has been done for g...

While the importance of data is growing as the fuel of the new data economy, also the role of the data ecosystems is growing. The new data ecosystems enables the use, reuse and enrichment of big data sets by or together with third parties. However, in the context of technology management, the governance of these kinds of data ecosystems raises ethi...

The software architecture plan describes the high-level structure and logic of a software system. The architectural plan acts as a constitution and dictates the fundamental principles of the system; therefore, the plan also eventually determines which kinds of business models the software system can support. In the modern mercury business, there is...

Different kinds of e-governmental services have taken into use in several countries all over the world. The transition is often driven by the seen benefits in, e.g., efficiency, money savings as well as empowerment of citizens. Different e-governmental systems have been studied and analysed by using different theories and models; however, the curre...

Paper available: http://users.utu.fi/kakrind/cv.html This chapter describes a case of a large ICT service provider building a secure identity management system for a government customer. Security concerns are a guiding factor in the design of software-intensive products and services. They also affect the processes of their development. In regulate...

Paper available: http://users.utu.fi/kakrind/cv.html Agile software development was introduced in the beginning of the 2000s to increase the visibility and efficiency software projects. Since then it has become as an industry standard. However, fitting sequential security engineering development models into iterative and incremental development pr...

Originally published online by CEUR Workshop Proceedings (CEUR-WS.org, ISSN 1613-0073).

This paper examines two questions: what is the role of active users or prosumers-i.e. users who consume as well as produce-in the transformation of a software ecosystem during its lifespan, and how does a digital marketplace transform into an ecosystem. This approach departs from the extant literature where consumers of an ecosystem are often treat...

The term ecosystem has been widely adopted outside its original domain in biology, for example in business and engineering studies. Ecosystem health is a derivative metaphor used to describe the success of the ecosystem. In this paper, we describe the key shortcomings of ecosystem health research. We put forward two key postulates of ecosystem heal...

The concept of ‘Minimum Viable Product’ (MVP) is largely adapted in the software industry as well as in academia. Minimum viable products are used to test hypotheses regarding the target audience, save resources from unnecessary development work and guide a company towards a stable business model. As the game industry is becoming an important busin...

Old ways in the new oil business.

The fourth industrial revolution is expected to bring major changes both in society as well as in the modern industry. Naturally, it will also shake the labour market—however, not only by replacing blue collar duties by robots, but also by renewing the set of skills and competencies needed in new kinds of work duties. In this study, we use a data (...

In the platform economy, a company (the orchestrator) opens its technological platform for others—i.e. organisations and individuals (complementors)— to work with and offer their own products. This kind of an approach can be seen as a useful tool also in development aid. Here, a company, from a western industrialised country builds and offers a tec...

Paper available: http://users.utu.fi/kakrind/cv.html Combining security engineering and software engineering is shaping the software development processes and shifting the emphasis of information security from the operation environment into the main information asset: the software itself. To protect software and data assets, software development i...

This conceptual-analytical paper presents and defines the concept of ‘human resource debt’ (i.e., HR debt). The presented concept draws from the software engineering field’s recent work in the technical debt management, yet it departures from the existing conceptualizations by focusing on skills and competences of individual employees as well as emph...

The modern business world is undergoing digitalisation in fast pace and, therefore, more jobs are born in the field of information and communication technology (ICT). Only in Finland, one of the leading countries in digitalisation, there is an estimated need for 7,000–15,000 software professionals while the demand for skilled labour is growing every...

Much research that analyzes the evolution of a software ecosystem is confined to its own boundaries. Evidence shows, however, that software ecosystems co-evolve independently with other software ecosystems. In other words, understanding the evolution of a software ecosystem requires an especially astute awareness of its competitive landscape and mu...

In this study, we discuss forced trust in the context of information systems, information society and surveillance. Trust definitions and concepts pertinent to the discussion are examined and portrayed with case examples of forced trust in different situations that are central to the information society. As forced trust appears mostly in government...

Context: Diversification and obfuscation are promising techniques for securing software and protecting computers from harmful malware. The goal of these techniques is not removing the security holes, but making it difficult for the attacker to exploit security vulnerabilities and perform successful attacks. Objective: There is an increasing body of...

An increasing amount of software service providers tend to evolve their platforms into business ecosystems. In the mainstream of extant literature, the ecosystems have been seen as an interconnected system of organizations, mainly ignoring the individual level. However, some previous studies have suggested that collaboration—such as building a new...

Context: Coordination is a fundamental tenet of software engineering. Coordination is required also for identifying discovered and disclosed software vulnerabilities with Common Vulnerabilities and Exposures (CVEs). Motivated by recent practical challenges, this paper examines the coordination of CVEs for open source projects through a public maili...

Nowadays the Internet of Things (IoT) is one of the most promising application areas in information technology for future products and services. Therefore, it is not surprising that new technologies arise, which are marketed as "the most useful technology" for applications in IoT devices. In this study, we focus on the new communication technology...

The software ecosystem has become a central conceptualisation for characterising the contemporary software business world. To understand and evaluate ecosystems, the concept of 'ecosystem health' was borrowed from the field of biology. In a 'healthy' ecosystem, the participants will flourish and, vice versa, suffer in an unhealthy one. Yet, there i...