Abstract. The software process landscape is rich in complexity and many alternative software development approaches have emerged over the past 40 years. However, no single software development approach is universally implemented and it seems likely that no single approach can be universally useful. One of the primary reasons that no single approach is universally useful is that no two software development settings are identical. We have assembled a team of recognized academics, who together with industrial collaborators, plan to map the complex world of software processes with the context of software development projects. The results of our initial mapping efforts, reported in this paper, demonstrate that although there are challenges in an undertaking such as this, the outcomes are potentially of considerable value to both software researchers and practitioners.
Software development companies moving into the medical device domain often find themselves overwhelmed by the number of regulatory requirements they need to satisfy before they can market their device. Several international standards and guidance documents have been developed to help companies on their road to regulatory compliance, but working their way through the various standards is a challenge in itself. In order to help software companies in the medical device domain, we have developed an integrated framework of medical device software development best practices called MDevSPICE®. This framework integrates generic software development best practices with medical device standards' requirements enabling consistent assessment of medical device processes. MDevSPICE® can be used by software companies evaluating their readiness for regulatory audits as well as by large medical device manufacturers for selecting suitable software suppliers.In this paper, we describe the development of the MDevSPICE® framework-its process reference model, process assessment model, assessment method and assessor training and certification scheme. We also illustrate the benefits and significance of the framework for the medical device-manufacturing community as learned from the various MDevSPICE® assessments that we conducted to date.
System security is an important artefact. However security is typically
considered only at implementation stage nowadays in industry. This makes it
difficult to communicate security solutions to the stakeholders earlier and
raises the system development cost, especially if security implementation
errors are detected. On the one hand practitioners might not be aware of the
approaches that help represent security concerns at the early system
development stages. On the other hand a part of the problem might be that
there exists only limited support to compare different security development
languages and especially their resulting security models. In this paper we
propose a systematic approach to assess quality of the security models. To
illustrate validity of our proposal we investigate three security models,
which present a solution to an industrial problem. One model is created using
PL/SQL, a procedural extension language for SQL; another two models are
prepared with SecureUML and UMLsec, both characterized as approaches for
model-driven security. The study results in a higher quality for the later
security models. These contain higher semantic completeness and correctness,
they are easier to modify, understand, and facilitate a better communication
of security solutions to the system stakeholders than the PL/SQL model. We
conclude our paper with a discussion on the requirements needed to adapt the
model-driven security approaches to the industrial security analysis.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.