Software product lines (SPL) aim at reducing time-to-market and increasing software quality through extensive, planned reuse of artifacts. An essential activity in SPL is variability management, i.e., defining and managing commonality and variability among member products. Due to the large scale and complexity of today's software-intensive systems, variability management has become increasingly complex to conduct. Accordingly, tool support for variability management has been gathering increasing momentum over the last few years and can be considered a key success factor for developing and maintaining SPLs.While several studies have already been conducted on variability management, none of these analyzed the available tool support in detail. In this work, we report on a survey in which we analyzed 37 existing variability management tools identified using a systematic literature review to understand the tools' characteristics, maturity, and the challenges in the field. We conclude that while most studies on variability management tools provide a good motivation and description of the research context and challenges, they often lack empirical data to support their claims and findings. It was also found that quality attributes important for the practical use of tools such as usability, integration, scalability, and performance were out of scope for most studies. CCS Concepts: • General and reference → Surveys and overviews • Software and its engineering → Software product lines • Software and its engineering → Software notations and tools • Software and its engineering → Software configuration management and version control systems XX:2 • R. Bashroush et al.Defining and managing commonalities and variability in software product lines is widely referred to as variability management and is a key step of the SPL engineering process [van Gurp et al. 2001]. The variability management process guides the construction of product line variability models. Different types of variability models have been proposed, e.g., feature models, decision models, Orthogonal Variability Models (OVM), and UML-based approaches. In Section 1.1 we provide an overview of existing modeling approaches. For a detailed comparison and classification of variability modeling approaches we refer to [Czarnecki et al. 2012] and [Sinnema and Deelstra 2007]. Variability models define the commonalities and variability of the product line from a problem space (e.g., features, decisions, or variation points) and a solution space (e.g., the reusable assets or variants) perspective along with the relationships that exist between these two spaces and among the elements in these spaces. Example relationships include exclusivity (when two features cannot exist in one product at the same time); inclusivity (when the existence of one feature depends on another); and alternatives (when only one of a number of alternative features can be supported), to name a few. Variability models tend to be very large in size, in many cases comprising thousands of features, and comp...
In recent years, 'Cyber Security' has emerged as a widely-used term with increased adoption by practitioners and politicians alike. However, as with many fashionable jargon, there seems to be very little understanding of what the term really entails. Although this is may not be an issue when the term is used in an informal context, it can potentially cause considerable problems in context of organizational strategy, business objectives, or international agreements. In this work, we study the existing literature to identify the main definitions provided for the term 'Cyber Security' by authoritative sources. We then conduct various lexical and semantic analysis techniques in an attempt to better understand the scope and context of these definitions, along with their relevance. Finally, based on the analysis conducted, we propose a new improved definition that we then demonstrate to be a more representative definition using the same lexical and semantic analysis techniques.
Purpose -In this study, we examined the influence of one or more information security breaches on an organization's stock market value as a way to benchmark the wider economic impact of such events. Design/Methodology/approach -We used an event studies based approach where a measure of the event's economic impact can be constructed using security prices observed over a relatively short period of time. Findings -Based on the results, we argue that although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches. Research limitations/implications -One of the main limitations of this study was the quantity and quality of published data on security breaches, as organizations tend not to share this information. Practical implications -One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives. Originality/value -We envisage that as more breach event data become more widely available due to compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.
-Research on technological aspects of information security risk is a well-established area and familiar territory for most information security professionals. The same cannot be said about the economic value of information security investments in organisations. While there is an emerging research base investigating suitable approaches measuring the value of investments in information security, it remains difficult for practitioners to identify key approaches in current research. To address this issue, we conducted a systematic literature review on approaches used to evaluate investments in information security. Following a defined review protocol, we searched several databases for relevant primary studies and extracted key details from the identified studies to answer our research questions. The contributions of this work include: a comparison framework and a catalogue of existing approaches and trends that would help researchers and practitioners navigate existing work; categorisation and mapping of approaches according to their key elements and components; and a summary of key challenges and benefits of existing work, which should help focus future research efforts.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.