Davide Fucci’s research while affiliated with Blekinge Institute of Technology and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (110)


Formalization of a requirements specification R2 using passive voice
Formalization of a requirements specification R3 using an ambiguous pronoun
Reduced version of the activity-based requirements quality theory (Frattini et al. 2023)
Causal assumptions about the impact of passive voice
Domain modeling task example for requirement 4

+9

Applying bayesian data analysis for causal inference about requirements quality: a controlled experiment
  • Article
  • Full-text available

November 2024

·

10 Reads

Empirical Software Engineering

·

Davide Fucci

·

·

[...]

·

It is commonly accepted that the quality of requirements specifications impacts subsequent software engineering activities. However, we still lack empirical evidence to support organizations in deciding whether their requirements are good enough or impede subsequent activities. We aim to contribute empirical evidence to the effect that requirements quality defects have on a software engineering activity that depends on this requirement. We conduct a controlled experiment in which 25 participants from industry and university generate domain models from four natural language requirements containing different quality defects. We evaluate the resulting models using both frequentist and Bayesian data analysis. Contrary to our expectations, our results show that the use of passive voice only has a minor impact on the resulting domain models. The use of ambiguous pronouns, however, shows a strong effect on various properties of the resulting domain models. Most notably, ambiguous pronouns lead to incorrect associations in domain models. Despite being equally advised against by literature and frequentist methods, the Bayesian data analysis shows that the two investigated quality defects have vastly different impacts on software engineering activities and, hence, deserve different levels of attention. Our employed method can be further utilized by researchers to improve reliable, detailed empirical evidence on requirements quality.

Download

Figure 2: Number of primary studies published per year
Systematic Mapping Study on Requirements Engineering for Regulatory Compliance of Software Systems

November 2024

·

91 Reads

·

1 Citation

Information and Software Technology

Context: As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. We argue that, as with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering-i.e., during requirements engineering (RE). Objectives: In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS. Method: We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles, and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle process areas. We retrieved 6914 studies published from 2017 (January 1) until 2023 (December 31) from four academic databases, which we filtered down to 280 relevant primary studies. Results: We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices addressing challenges. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts in developing principles and practices. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields (privacy, quality) and application domains (healthcare, software development, avionics). Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation. Conclusion: Our findings highlight the need for an in-depth investigation of stakeholders' roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice.


Figure 2: Number of primary studies published per year
Systematic Mapping Study on Requirements Engineering for Regulatory Compliance of Software Systems

November 2024

·

55 Reads

Context: As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. As with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering - i.e., during requirements engineering (RE). Objectives: In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS. Method: We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle phases. We retrieved 6914 studies published from 2017 until 2023 from four academic databases, which we filtered down to 280 relevant primary studies. Results: We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields and application domains. Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation. Conclusion: Our findings highlight the need for an in-depth investigation of stakeholders' roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice.




Relevant information in TDD experiment reporting

August 2024

·

7 Reads

ACM Transactions on Software Engineering and Methodology

Experiments are a commonly used method of research in software engineering (SE). Researchers report their experiments following detailed guidelines. However, researchers do not, in the field of test-driven development (TDD) at least, specify how they operationalized the response variables and, particularly, the measurement process. This article has three aims: (i) identify the response variable operationalization components in TDD experiments that study external quality; (ii) study their influence on the experimental results; (iii) determine if the experiment reports describe the measurement process components that have an impact on the results. We used two-part sequential mixed methods research. The first part of the research adopts a quantitative approach applying a statistical analysis of the impact of the operationalization components on the experimental results. The second part follows on with a qualitative approach applying a systematic mapping study (SMS). The test suites, intervention types and measurers have an influence on the measurements and results of the statistical analysis of TDD experiments in SE. The test suites have a major impact on both the measurements and the results of the experiments. The intervention type has less impact on the results than on the measurements. While the measurers have an impact on the measurements, this is not transferred to the experimental results. On the other hand, the results of our SMS confirm that TDD experiments do not usually report either the test suites, the test case generation method, or the details of how external quality was measured. A measurement protocol should be used to assure that the measurements made by different measurers are similar. It is necessary to report the test cases, the experimental task and the intervention type in order to be able to reproduce the measurements and statistical analyses, as well as to replicate experiments and build dependable families of experiments.


Figure 1: Relevant Factors Influencing the Response Variable in a Crossover-Design Experiment
Figure 2: Types of subjects in the experiments
Figure 8: Availability of Analysis Scripts
Data Extraction Attributes
Types of Threat Addressal
Crossover Designs in Software Engineering Experiments: Review of the State of Analysis

August 2024

·

18 Reads

Experimentation is an essential method for causal inference in any empirical discipline. Crossover-design experiments are common in Software Engineering (SE) research. In these, subjects apply more than one treatment in different orders. This design increases the amount of obtained data and deals with subject variability but introduces threats to internal validity like the learning and carryover effect. Vegas et al. reviewed the state of practice for crossover designs in SE research and provided guidelines on how to address its threats during data analysis while still harnessing its benefits. In this paper, we reflect on the impact of these guidelines and review the state of analysis of crossover design experiments in SE publications between 2015 and March 2024. To this end, by conducting a forward snowballing of the guidelines, we survey 136 publications reporting 67 crossover-design experiments and evaluate their data analysis against the provided guidelines. The results show that the validity of data analyses has improved compared to the original state of analysis. Still, despite the explicit guidelines, only 29.5% of all threats to validity were addressed properly. While the maturation and the optimal sequence threats are properly addressed in 35.8% and 38.8% of all studies in our sample respectively, the carryover threat is only modeled in about 3% of the observed cases. The lack of adherence to the analysis guidelines threatens the validity of the conclusions drawn from crossover design experiments




A natural language-based method to specify privacy requirements: an evaluation with practitioners

July 2024

·

35 Reads

·

1 Citation

Requirements Engineering

Organisations are becoming concerned with effectively dealing with privacy-related requirements. Existing Requirements Engineering methods based on structured natural language suffer from several limitations both in eliciting and specifying privacy requirements. In our previous study, we proposed a structured natural-language approach called the “Privacy Criteria Method” (PCM), which demonstrates potential advantages over user stories. Our goal is to present a PCM evaluation that focused on the opinions of software practitioners from different companies on PCM’s ability to support the specification of privacy requirements and the quality of the privacy requirements specifications produced by these software practitioners. We conducted a multiple case study to evaluate PCM in four different industrial contexts. We gathered and analysed the opinions of 21 practitioners on PCM usage regarding Coverage, Applicability, Usefulness, and Scalability. Moreover, we assessed the syntactic and semantic quality of the PCM artifacts produced by these practitioners. PCM can aid developers in elaborating requirements specifications focused on privacy with good quality. The practitioners found PCM to be useful for their companies’ development processes. PCM is considered a promising method for specifying privacy requirements. Some slight extensions of PCM may be required to tailor the method to the characteristics of the company.


Citations (53)


... The case analysis highlights also other scenarios under which bias correction can be done under the GDPR. From a broader perspective, the paper also contributes to the growing research domain of compliance in software engineering [10]. To this end, the opening Section II introduces the EU laws considered in the case analysis. ...

Reference:

On Algorithmic Fairness and the EU Regulations
Systematic Mapping Study on Requirements Engineering for Regulatory Compliance of Software Systems

Information and Software Technology

... We hope that the overview of the state of practice of analyzing crossover design experiments in SE encourages authors to investigate this topic more thoroughly and that both our visualizations as well as the recovery of the data analysis script from the original guidelines [34] will support the latter in guiding authors towards a correct analysis. We encourage authors to abandon the overly simple NHST analysis [12] for more complex (G)LMMs, which enable them to adequately address threats to the validity of crossoverdesign experiments during analysis. ...

A Second Look at the Impact of Passive Voice Requirements on Domain Modeling: Bayesian Reanalysis of an Experiment
  • Citing Conference Paper
  • August 2024

... Privacy Training and Development: Regular training in privacy compliance and secure coding practices is essential, particularly for developers working within industries regulated by GDPR, CCPA, and HIPAA. Training equips developers to implement privacy-by-design measures autonomously, integrating compliance more seamlessly into agile processes(Peixoto et al. 2024).Agile-Compatible Privacy Frameworks: Organizations can implement frameworks like Agile Security Development Lifecycle (Agile SDL), which merges agile methodologies with secure development practices, allowing for continuous integration of privacy without disrupting agile sprints. Privacy impact assessments and risk evaluations can be scheduled at the beginning of each sprint, maintaining privacy-by-design standards within the agile structure(Canedo et al. 2021). ...

A natural language-based method to specify privacy requirements: an evaluation with practitioners

Requirements Engineering

... This section offers valuable insights into 32 predictors [7,[12][13][14][15][16][17][18][19][20][21][22][23][24][33][34][35][36][37][38][39][40][41][42][43][44][45][46][47][48][49][50] developed over past 10 years for conflict/duplicate detection in requirements. Among these, specifically 12 predictors [7,12,16,17,[33][34][35][36][37][38][39][40] focus on duplicate detection, while 17 predictors [13,14,18,19,[22][23][24][41][42][43][44][45][46][47][48][49][50] target conflict identification. ...

Replication in Requirements Engineering: the NLP for RE Case
  • Citing Article
  • April 2024

ACM Transactions on Software Engineering and Methodology

... Recent studies have explicitly focused on requirements conversations, analyzing their characteristics. Ferrari et al. [5], [15] examined ambiguity in requirements interviews and incorporated voice and biofeedback into conversational artifacts. Our approach differs by applying automated solutions to analyze these conversations, offering a more nuanced understanding and extraction of requirements. ...

Using Voice and Biofeedback to Predict User Engagement during Product Feedback Interviews

ACM Transactions on Software Engineering and Methodology

... Software requirements specifications (SRS), the explicit manifestation of requirements as an artifact (Méndez Fernández et al. 2019), serve as input for various subsequent software engineering (SE) activities, such as deriving a software architecture, implementing features, or generating test cases (Méndez Fernández and Penzenstadler 2015). As a consequence, the quality of an SRS impacts the quality of requirements-dependent activities (Frattini et al. 2023;Femmer and Vogelsang 2018;Femmer et al. 2015). A quality defect in an SRS-for example, an ambiguous formulation-can cause differing interpretations and result in the design and implementation of a solution that does not meet the stakeholders' needs (Méndez et al. 2017). ...

Requirements quality research: a harmonized theory, evaluation, and roadmap

Requirements Engineering

... Finally, the attributes from the material group record to what degree both the data obtained by the experiment and the script(s) used to perform the analysis are available. We recorded the availability attribute based on a previously established, categorical scale of research artifact availability [14] which includes levels like archived, ...

Let's Stop Building at the Feet of Giants: Recovering unavailable Requirements Quality Artifacts

... Estudos recentes demonstram a relevância da Dívida Técnica de Requisitos (DTR) nas empresas [9]. Porém, embora a DTR seja amplamente discutida na indústria e nas pesquisas científicas, sua aplicação em projetos acadêmicos ainda é limitada, com pouca informação disponível na literatura. ...

An initial theory to understand and manage requirements engineering debt in practice

Information and Software Technology

... Requirements quality research seeks answers to this need . One main driver of this research is requirements quality factors (Frattini et al. 2022), i.e., metrics that can be evaluated on NL requirements specifications to determine quality defects. For example, the voice of an NL sentence (active or passive) is considered a quality factor, as the use of passive voice is associated with bad requirements quality due to potential omission of information (Femmer et al. 2014). ...

A Live Extensible Ontology of Quality Factors for Textual Requirements

... Lenarduzzi et al. [13] [5] (P2) discuss RTD Interest in terms of extra effort related to the current development stage, or the implementation of the selected change to address the amount of change between the current implementation and the SRS, which we see as examples for RTD Interest constituents New Code Cost associated with RTD and Rework Cost associated with RTD. Other examples for these RTD Interest constituents include P10 Rework on Code (extra rework due to RTD) [29] and P16 Need for refactoring [35]. ...

An Initial Theory to Understand and Manage Requirements Engineering Debt in Practice

SSRN Electronic Journal