A SEMINAR REPORT ON

EVIDENCE BASED SOFTWARE ENGINEERING (EBSE)

Maharaja Agrasen Institute of Technology, PSP Area,
Sector-22, Rohini, New elhi - !!""#$
Submitted By:-
Shefai !a"##$
Maharaja Agrasen Institute of Technology
Roll No !$"!%#2&"&'MAIT' ()Tech)*+SE,'"&
&
th
Se-ester
!
Ta.le of +ontents Ta.le of +ontents
%: I&t$#du'ti#& (
): S#ft*a$e E&+i&ee$i&+ ,
2)! /i-itations of e0isting software engineering 1ractices &
2)2 Nee2 for alternati3e a11roaches in SE in the for- of E(SE #
-: Cu$$e&t S'e&a$i# .
4)! Pro2ucti3ity 3s) success rate !"
(: G#a #f EBSE %%
,: /eth#d##+y #f EBSE %)
$)! Ste1 I- As5 an answera.le 6uestion !4
$)2 Ste1 II- 7in2 the .est e3i2ence !%
$)2 Ste1 III- +ritically a11raise the e3i2ence !$
$)2 Ste1 I8- A11ly the e3i2ence !9
$)2 Ste1 8- E3aluate 1erfor-ance !&
0: A""i'ati#& #f EBSE i& e1i2ti&+ 2#ft*a$e e&+i&ee$i&+ ife 'y'e %3
9)! +ase of +y.er 7orensics !#
9)!)! Pro1ose2 Syste- !:
9)!)2 eri3e2 Algorith- 2"
9)2 A11lication of E(SE in ITES an2 E-Ser3ice sectors 22
4: EBSE i& A'ademi'2 a&d Edu'ati#&a I&2titute2 )(
&)! Moti3ation of teaching E(SE to uni3ersity stu2ents 2%
3: Im"i'ati#&2 f#$ EBSE )0
2
.: C#&'u2i#& )4
A""e&di1 A: G#22a$y )3
A""e&di1 B: 5i2t #f Fi+u$e2 ).
A""e&di1 C: Refe$e&'e2 -6
4
+;APTER ! +;APTER !
INTRO<+TION
E3i2ence (ase2 Software Engineering *E(SE, is a -echanis- to su11ort an2 i-1ro3e the
technology a2o1tion, 2e3elo1-ent an2 -anage-ent techni6ues) E(SE -etho2ology ai-s to
i-1ro3e 2ecision -a5ing relate2 to software 2e3elo1-ent .y integrating current .est
e3i2ence fro- research with 1ractical e01erience an2 hu-an 3alues) This 1rocess ai-s at
i-1ro3ing software engineering 2ecisions) Software -anagers an2 1ractitioners often -ust
-a5e 2ecisions a.out what technologies to e-1loy on their 1rojects7 They -ight .e aware of
1ro.le-s with their current 2e3elo1-ent 1ractices i)e) 1ro2uction .ottlenec5s or nu-erous
2efect re1orts fro- custo-ers an2 want to resol3e the-) ;owe3er, 1ractitioners can ha3e
2ifficulty in -a5ing infor-e2 2ecisions a.out whether to a2o1t a new technology or not)
Software engineers also -ight -a5e incorrect 2ecision a.out a2o1ting new techni6ues if
they 2on=t consi2er scientific e3i2ence a.out the techni6ue>s efficacy) They shoul2 consi2er
using 1roce2ures si-ilar to ones 2e3elo1e2 for e3i2ence-.ase2 -e2icine) Software
co-1anies are often un2er 1ressure to a2o1t i--ature technologies .ecause of -ar5eting
an2 -anage-ent 1ressures) Therefore, e3i2ence .ase2 software engineering is suggeste2 as
-echanis- to su11ort an2 i-1ro3e their technology a2o1tion 2ecisions) The e01erience of
the success of -e2ical 1ractice a2o1ting e3i2ence .ase2 1ara2ig-, has 2e-onstrate2 the
suita.ility of this a11roach for other .ranches also) ?e e01lore the 1ossi.ility of e0ten2ing
the sco1e the e3i2ence-.ase2 a11roach for software engineering an2 i2entify the 1otential
2ifficulties associate2 with the a11roach) ?e 2iscuss the E(SE a11roach for con3entional
software engineering an2 illustrate it for 1rogra- 2e3elo1-ent an2 co2ing 1hase through a
case of +y.er forensic illustration) ?e e0ten2 the E(SE a11roach for IT Ena.le2 Ser3ice
*ITES, Sector an2 .ring out new a3enues for a11lication of E(SE
%
+;APTER 2 +;APTER 2
SO7T?ARE EN@INEERIN@
Software has .eco-e critical to a23ance-ent in al-ost all areas of hu-an en2ea3our)
Software engineering has the o.jecti3e of sol3ing these 1ro.le-s .y 1ro2ucing goo2 6uality
-aintaina.le software on ti-e within .u2get)
Software engineering is 2efine2 as the esta.lish-ent an2 use of well-esta.lishe2 an2 1ro3en
engineering 1rinci1les in or2er to o.tain econo-ically 2e3elo1e2 software that is relia.le an2
wor5s efficiently on real -achines) AB)B AggarwalC ?e use the wor2 real -achines here
intentionally since non-IT 1rofessionals 3iew the software in its intangi.le for-) The goal of
software engineering is to 1ro3i2e -o2els an2 1rocesses that lea2 to the 1ro2uction of well
2ocu-ente2 software) A software cycle -o2el is a 1articular a.straction that re1resents a
software life cycle) The -ost fa-iliar -o2el is a waterfall -o2el, which has the following
stagesD
!) Re6uire-ents
2) esign
4) I-1le-entation E <nit testing)
%) Integration E Syste- testing
$) O1eration E -aintenance
The har2est 1art of .uil2ing a software syste- is to 2eci2e 1recisely its re6uire-ents)
Re6uire-ents are gathere2 in the initial 1hase of software life cycle calle2 as re6uire-ent
engineering) The re6uire-ent elicitation a2o1ts <se-case 2iagra- an2 ata flow 2iagra-s,
in its 3arious for-s) ;owe3er in this 1roject, the I-1le-entation ste1 is use2, in the
illustration of the +y.er 7orensic Mo2ule)
$
7ig)!D Software life cycle
9
2)! /i-itations of e0isting software engineering 1ractices
The -ost significant ste1 in the software life cycle is the ocu-entation) Re6uire-ents, after
.eing collecte2 are 2ocu-ente2 in for- of a SRS *Software Re6uire-ent S1ecification,) The
2esigning 1hase of the life cycle -o2el also has a S *Software esign ocu-ent,, which
translates re6uire-ents into a 2escri1tion of the software structure) (ut these software
1ractices are irrele3ant for the ITES sector, as they 2o not ha3e to 2eal 2irectly with the
syste- or software 2e3elo1-ent) An ITES organiFation 1ro3i2es ser3ices to the 1eo1le, an2
the 2ocu-entation of any software, is insignificant to their wor5) ;owe3er, large a-ount of
1u.lic -oney ha3e .een waste2 an2 cor1orate house are charge2 for it on IT Assets) The
2irect a2a1tation of the conte-1orary software engineering 1rinci1les an2 1ractices to the
ITES sector are causing 2elays, an2 2issatisfaction a-ongst the 1rofessional co--unity G
.oth solution 1ro3i2er an2 solution user)
In -ost cases, software is .uilt with technologies for which we ha3e insufficient e3i2ence to
confir- their suita.ility, li-its, 6ualities, costs an2 3arious ris5s)
&
2)2 Nee2 for alternati3e a11roaches in Software Engineering in for- of
E(SE
?e therefore suggest an alternate strategy of a2o1ting an e3i2ence-.ase2 techni6ue, which
-ight .e .eneficial to the software 1ractitioners an2 their clients) Such a strategy can
i-1ro3e the 2e1en2a.ility of software in3ol3ing the a2o1tion of .etter software 2e3elo1-ent
1roce2ures) This new a11roach, E(SE ena.les software 1ractitioners to i2entify, e3aluate
an2 a11ly 3ali2 research results in -a5ing 2ecisions relate2 to the 3arious software 1ractices)
It is 1ossi.le that E(SE can 1ro3i2e the -echanis-s nee2e2 to assist 1ractitioners to a2o1t
fa3oura.le technologies)
Initially it is worthwhile consi2ering why e3i2ence woul2 .e .eneficial to software
2e3elo1ers, users an2 other sta5ehol2ers e)g) 1u.lic 1urchasing .o2ies, certification .o2ies
an2 the general 1u.lic) E(SE is 1otentially i-1ortant .ecause of the central 1lace software
intensi3e syste-s are starting to ta5e in e3ery2ay life)
7or e0a-1leD
+urrent 1lans for a23ance2 life-critical syste-s such as 2ri3e-.y-wire a11lications for
cars an2 weara.le -e2ical 2e3ices ha3e the 1otential for i--ense econo-ic an2
social .enefit .ut can also 1ose a -ajor threat to in2ustry, to society, an2 to
in2i3i2uals) If syste-s are relia.le, usa.le an2 useful, the 6uality of life of in2i3i2ual
citiFens will .e enhance2)
;owe3er, there are far too -any e0a-1les of syste-s that ha3e not only waste2 large
a-ounts of 1u.lic -oney .ut ha3e also cause2 har- to in2i3i2ual citiFens (e.g. the
automated command and control system for the London Ambulance Service). In2i3i2ual
citiFens ha3e a right to e01ect their go3ern-ents to 1ro1erly a2-inister ta0 re3enues use2 to
co--ission new software syste-s an2 1ut in 1lace controls to -ini-iFe the ris5 of such
syste-s causing har-) There are -any strategies to i-1ro3e the 2e1en2a.ility of software
in3ol3ing the a2o1tion of H.etterI software 2e3elo1-ent 1roce2ures an2 1ractices) At a high
le3el, the +a1a.ility Maturity Mo2el an2 SPI+E suggest 1roce2ures for i-1ro3ing the
software 1ro2uction 1rocess) In a22ition, the 1rofessional .o2ies are esta.lishing 1roce2ures
for certification of in2i3i2ual software engineers) ;owe3er, the high le3el 1rocess an2 the
in2i3i2ual engineers are constraine2 .y the s1ecific technologies *-etho2s, tools an2
1roce2ures, they use) In -ost cases software is .uilt with technologies for which we ha3e
insufficient e3i2ence to confir- their suita.ility, li-its, 6ualities, costs, an2 inherent ris5s)
Thus, it is 2ifficult to .e sure that changing software 1ractices will necessarily .e a change
for the .etter) It is 1ossi.le that E(SE can 1ro3i2e the -echanis-s nee2e2 to assist
1ractitioners to a2o1t a11ro1riate technologies an2 to a3oi2 ina11ro1riate technologies)
#
+;APTER 4 +;APTER 4
+<RRENT S+ENARIO
?e are 1ro2ucing software syste-s that are -uch -ore co-1le0 an2 so1histicate2 than
those of yesteryear) Our 1rogress, .oth in ter-s of functionality an2 1ro2ucti3ity, is
i-1ressi3e)
On the other han2D
Our 1rogress in ter-s of 1roject success is not i-1ressi3e) I-agine that the software
in2ustry has a -eter that -onitors 1roject successes an2 failures -- a 2ial gauge with a
nee2le 1ointing along a nu-erical scale) O3er the 1ast se3eral 2eca2es, the nee2le recor2s
a slowly a23ancing success rateJ itKs -o3ing in a 1ositi3e 2irection, .ut the 1ace is
glacial)
Table 1: Software project success rates reported by Standish Group

Date Su''e22 Rate
7irst +;AOS re1ort !::% !9L
ME0tre-e +;AOSM 2""! 2#L
Most recent +;AOS 2""4 4!L
The conclusion is that we are -a5ing 1rogress on the success-rate front, .ut slowly) The
i-1ro3e-ent is a.out !)& 1ercentage 1oints a year an2 a11ears to .e linear .ase2 on this
s-all sa-1le of 2ata) If the current i-1ro3e-ent rate continues, we shoul2 achie3e a $"
1ercent success rate in the year 2"!%)
Software is the engine of our econo-y, at the root of al-ost e3erything we 2o) Our success
rate has .een cree1ing u1 in recent years, .ut one thing is sureD there has .een NO
.rea5through) <nless you consi2er al-ost M2ou.lingM the success rate in nine years a
.rea5throughJ I woul2 clai- that this effect is the result of a 3ery low .aseline for
co-1arison) ?e -ay still .e in the .usiness of har3esting low-hanging fruit)
:
4)! Pro2ucti3ity 3s) success rate
(esi2es the success-rate -etric, we also nee2 to consi2er 1ro2ucti3ity) Is our software
.eco-ing -ore or less e01ensi3e to 2e3elo1N
This is a 2ifficult 6uestion, .ecause the a11lications that we 2e3elo1 continue to .eco-e
-ore an2 -ore rich an2 so1histicate2 in their sco1e an2 functionality) The software 1rojects
we now un2erta5e are -uch -ore co-1le0 than software 1rojects were ten or twenty years
ago) There is no 2ou.t that we e01ect -ore fro- software to2ay than e3er .efore)
In a sense, we ha3e a Mchic5en an2 eggM 1ro.le- here) Are we 2oing -ore 2aunting things
to2ay .ecause we canN That is, are we atte-1ting -ore a-.itious 1rojects .ecause we ha3e
.etter -etho2ologies an2 tools that ena.le their conce1tion an2 e0ecutionN Or ha3e the
-etho2ologies an2 tools just 5e1t 1ace with the increasing challenges an2 2egree of
2ifficulty 2e-an2e2 .y the e0ternal worl2N 7ran5ly, I 2onKt thin5 there is a clear an2
una-.iguous answer to this 6uestion)
?hat we can say is that when 1rojects are successful, we ha3e 1ro2ucti3ity le3els that are
-uch higher than heretofore) The -ountains we are cli-.ing are higher, an2 we are cli-.ing
the- with 1ro1ortionately fewer resources than in the 1ast) That is the .right si2e of software
2e3elo1-entD .etter syste-s an2 higher 1ro2ucti3ity)
The 2ar5 si2e of the e6uation is 1roject success rates) ?hy 2oes the nee2le on success rates
-o3e so slowlyN It is al-ost as though all the a23ances in -etho2ologies an2 tools ha3e
hel1e2 us .uil2 -ore a-.itious syste-s, yet there is so-e other factor that is 5ee1ing us
fro- .eing successful -ore of the ti-e) Perha1s there is so-ething in the a11roach of the
1ast se3eral 2eca2es that is -issing the 1oint)
!"
+;APTER % +;APTER %
@OA/ O7 E(SE
The goal of e3i2ence-.ase2 software engineering *E(SE, is to to 1ro3i2e the -eans .y
which current .est e3i2ence fro- research can .e integrate2 with 1ractical e01erience an2
hu-an 3alues in the 2ecision -a5ing 1rocess regar2ing the 2e3elo1-ent an2 -aintenance of
software)
Thus E(SE woul2 1ro3i2eD
O A co--on goal for in2i3i2ual researchers an2 research grou1s to ensure that their research
is 2irecte2 to the re6uire-ents of in2ustry an2 other sta5ehol2er grou1s)
O A -eans .y which in2ustry 1ractitioners can -a5e rational 2ecisions a.out technology
a2o1tion)
O A -eans to i-1ro3e the 2e1en2a.ility of software intensi3e syste-s, as a result of .etter
choice of 2e3elo1-ent technologies)
O A -eans to increase the acce1ta.ility of software intensi3e syste-s that interface with
in2i3i2ual citiFens)
O An in1ut to certification 1rocesses)
!!
+;APTER $ +;APTER $
MET;O/O@P O7 E(SE
E(SE in3ol3es fi3e ste1sD
!) +on3ert a rele3ant 1ro.le- or infor-ation nee2 into an answera.le 6uestion)
2) Search the literature for the .est a3aila.le e3i2ence to answer the 6uestion)
4) +ritically a11raise the e3i2ence for its 3ali2ity, i-1act, an2 a11lica.ility)
%) Integrate the a11raise2 e3i2ence with 1ractical e01erience an2 the custo-er=s 3alues
an2 circu-stances to -a5e 2ecisions a.out 1ractice)
$) E3aluate 1erfor-ance an2 see5 ways to i-1ro3e it)
E(SE 1ro3i2es -echanis-s to su11ort 3arious 1arts of S'w PRO+ESS IMPRO8EMENT
!2
$)! STEP-I As5 an answera.le 6uestion)
E(SE 2oesn=t 1ro1ose a s1ecific -etho2 to i2entify an2 1rioritiFe 1ro.le-s)
If you are using SPI you shoul2 -onitoring your 1roject an2 so .e in a 1osition to i2entify
1rojects an2 1ro2ucts 1ro.le-s) Otherwise 1ro.le- i2entification relies on the e01ertise of
in2i3i2ual staff -e-.ers) Another for- of hel1 is the goal 6uestion -etric -etho2 in which
you 2eri3e 6uestion fro- s1ecific goals) Once you ha3e i2entifie2 the 1ro.le-, you nee2 to
s1ecify an answera.le 6uestion)
The well-for-ulate2 6uestions usually ha3e three co-1onents)
!) The -ain inter3ention or action you are intereste2 in)
2) The conte0t or s1ecific situation of interest)
4) The -ain outco-es or effects of interest)
In the SE conte0t factors to consi2er which 6uestion to .e answere2 first inclu2esD -
O ?hich 6uestion is -ost i-1ortant to your custo-erN
O ?hich 6uestion is -ost rele3ant to your situationN
O ?hich 6uestion is -ost li5ely to reoccur in your 1racticeN
O ?hich 6uestion is 1ossi.le to .e answere2 in a3aila.le ti-eN
The -ain challenge in this ste1 is, in other wor2s, to con3ert a 1ractical 1ro.le- into a
6uestion that=s s1ecific enough to .e answere2 .ut not so s1ecific that you 2on=t get any
answers)
!4
$)2 STEP-II 7in2 the .est e3i2ence
7in2ing an answer to your 6uestion inclu2es selecting an a11ro1riate infor-ation resource
an2 e0ecuting a search strategy) ;owe3er, you nee2 to se1arate the 6uestion you want to
answer, the 6uestion i-1le-ente2 in the search 5eywor2s, an2 the 6uestions answere2 in the
stu2ies foun2)
There are se3eral infor-ation sources you can use) Pou can, for e0a-1le, get 3iew1oints
fro- your custo-ers or the S'w users) As5 an e01ert or use research-.ase2 e3i2ence, which
is our -ain focus) Pou can for e0a-1le get 3iew1oints of your custo-ers or the software
usersJ use your own e01erience an2 search for research-.ase2 e3i2ence, which is our -ain
focus) The -ain source of the e3i2ence is the scientific journals) A22itional sources inclu2e
.oo5s, .i.liogra1hical 2ata.ases, an2 the Internet) 7or -ost 1ractitioners rea2ing i-1ortant
-agaFines such as +o--unication of A+M, +o-1uter, IEEE, S'w an2 IT Professional is
enough to get an o3er3iew of the latest S'w 2e3elo1-ents) Bee1ing u1 to 2ate is -uch easier
when you can use sources that co-.ine results fro- in2e1en2ent e-1irical stu2ies of a
1articular 1heno-enon)
Syste-atic re3iews ha3e clearly 2efine2 inclusion criteria an2 stan2ar2iFe2 in2icators of
in2i3i2ual an2 co-.ine2 effect siFes) Such re3iews su--ariFe the a3aila.le e3i2ence
regar2ing s1ecific 1heno-ena, showing where the stu2ies corres1on2 or contra2ict an2
unco3ering ga1s in your 5nowle2ge) ;owe3er, A+M co-1uting ser3ice is the only SE
journal 2e2icate2 to syste-atic re3iews) So, we nee2 to search for such re3iews in journal as
well)
!%
$)4 STEP-III +ritically a11raise the e3i2ence
<nfortunately, 1u.lishe2 research is not always of goo2 6uality, the 1ro.le- un2er stu2y
-ight .e unrelate2 to 1ractice or the research -etho2 -ight ha3e wea5nesses such that you
cannot trust the results) To access whether research is a goo2 6uality an2 is a11lica.le to
1ractice you -ust .e a.le to critically a11raise the e3i2ence)
In e3i2ence-.ase2 -e2icine, the -ost con3incing for- of e3i2ence is a syste-atic re3iew of
a series of 2ou.le .lin2 ran2o-iFe2 fiel2 trials) SE 2oes not yet ha3e -any well-con2ucte2
re1lications of rigorous e01eri-ents, so our e-1irical stu2ies are -uch less relia.le
scientifically)
?hen you ha3e e3i2ence fro- 2ifferent ty1es of stu2ies, you nee2 so-e way to access each
stu2ies 6uality) Australian National ;ealth an2 Me2ical Research +ouncil gui2elines
2iscusse2 the relati3e trustworthiness of 2ifferent ty1es of e-1irical stu2ies)
+urrently e3i2ence relate2 to software engineering technologies that is a3aila.le isD
8 Fragmented and limited7
Many in2i3i2ual research grou1s un2erta5e 3alua.le e-1irical stu2ies) ;owe3er, .ecause the
goal of such wor5 is either in2i3i2ual 1u.lications an2'or 1ost-gra2uate theses, there is
so-eti-es little sense of o3erall 1ur1ose to such stu2ies) ?ithout ha3ing a research culture
that strongly a23ocates syste-atic re3iews an2 re1lication, it is easy for researchers to
un2erta5e research in their own areas of interest rather than contri.ute to a wi2er research
agen2a)
8 Not properly integrated7
+urrently, there are no agree2 stan2ar2s for syste-atic re3iews) Thus, although -ost Ph
stu2ents un2erta5e re3iews of the HState of the ArtI in their to1ic of interest, the 6uality of
such re3iews is 3aria.le, an2 they 2o not as a rule lea2 to 1u.lishe2 1a1ers) There is little
a11reciation of the 3alue of syste-atic re3iews, for e0a-1le, there is only one +o-1uting
journal that solicits re3iews *ACM Surveys,) 7urther-ore, if we consi2er H-eta-analysisI,
which is a -ore statistically rigorous for- of syste-atic re3iew, there ha3e .een few
atte-1ts to a11ly -eta-analytic techni6ues to software engineering not least .ecause of the
li-ite2 nu-.er of re1lications) In general there are few incenti3es to un2erta5e re1lication
stu2ies in s1ite of their i-1ortance in ter-s of the scientific -etho2)
8 Without agreed standards7
There are no generally acce1te2 gui2elines or stan2ar2 1rotocols for con2ucting in2i3i2ual
e01eri-ents) The recent 2is1ute .etween (erry an2 Tichy an2 So.el an2 +lar5son o3er the
!$
con2uct of an e01eri-ent into for-al -etho2s -a5es it clear that e-1irical software
engineering is .a2ly in nee2 of gui2elines an2 1rotocols) Bitchenha- et al) 1ro1ose2 so-e
1reli-inary gui2elines for for-al e01eri-ents an2 sur3eys)
$)% STEP-I8 A11ly the e3i2ence
To e-1loy the e3i2ence in a 2ecision--a5ing, we integrate it with 1ractical e01erience,
custo-er re6uire-ents an2 5nowle2ge of the concrete situation=s s1ecific circu-stances an2
then a11ly it in 1ractice)
Acti3e use of new 5nowle2ge consists of a11lying or a2a1ting s1ecific e3i2ence to a s1ecific
situation in 1ractice) This contrasts with tra2itional, 1assi3e -o2e of trans-itting infor-ation
through teachers, .oo5s, -anuals etc) Although such trans-ission can hel1 in arranging the
con2itions re6uire2 for learning to occur, it cannot su.stitute for learning through 2irect
e01erience) ?hat characteriFes a software 2e3elo1er using E(SE is that he or she -a5es
in2i3i2ual ju2g-ent in a gi3en situation rather than si-1ly confir-ing to a11ro3e stan2ar2s
an2 1roce2ures)
The ease of a11lying e3i2ence 2e1en2s on the ty1e of technology *Metho2, Tool, Techni6ue,
you are e3aluating) So-e technologies a11lie2 at the le3el of in2i3i2ual 2e3elo1er i)e) a
2e3elo1er can a2o1t e3i2ence relate2 to how .est to co--ent 1rogra-s) ;owe3er, e3i2ence
relate2 to the a2o1tion of a co-1uter-ai2e2 s'w engineering tool or a s1ecific -athe-atically
.ase2 for-al -etho2 re6uires su11ort fro- 1roject an2 senior -anagers) So it is at this 1oint
that you nee2 to integrate E(SE with SPI)
E(SE woul2 wor5 well in an organiFation that has a strong co--it-ent to 1rocess
i-1ro3e-ent, e)g) .ase2 on the reco--en2ations in) ;owe3er, currently this 2oes not a11ear
to .e ha11ening)
Research results areD
8 Not in widespread use in industry7
Researchers often a22ress issues that are not 1ercei3e2 to .e of rele3ance to in2ustry or
1resent their results in a way that is 3irtually inco-1rehensi.le to 2ecision -a5ers in
in2ustry)
8 Not of perceived value to sta!eholders7
+ertification .o2ies, 1u.lic 1urchasing .o2ies, an2 consu-er grou1s shoul2 all .e concerne2
a.out the 6uality of the techni6ues use2 to .uil2 software 1ro2ucts) It is li5ely that any trust
such grou1s ha3e in the 6uality of software intensi3e 1ro2ucts woul2 .e su.stantially
un2er-ine2 if they were aware that the choice of 2e3elo1-ent techni6ues is .ase2 on fashion
an2 hy1e rather than scientific e3i2ence)
!9
$)$ STEP-8 E3aluate 1erfor-ance
In SPI the final ste1 is usually to confir- that the 1rocess change has wor5e2 as e01ecte2) In
1articular, you as5 yourself how well you are integrating e3i2ence with 1ractical e01erience
custo-er re6uire-ents an2 your 5nowle2ge of s1ecific circu-stances) 7ollowing SPI
1ractice, we -ust also access whether 1rocess change has .een effecti3e) ;owe3er,
en3iron-ental tur.ulence an2 ra1i2 changes in technology often lea2 to the nee2 to a2a1t an2
learn 2uring 1rojects) This in3ol3es high 2egree of creati3ity an2 i-1ro3isation, which
suggests that we cannot wait until a 1roject=s en2 to 2raw out the lessons learne2) ?hen a
1roject or a -ajor 1art of it is co-1lete2, SPI 1rinci1les suggest that we -ust confir- that
the e01ecte2 i-1ro3e-ent has ta5en 1lace)
A si-1le way to 2o this is to arrange a 1ost -orte- analysis *PMA,) A PMA is si-ilar to an
after action re3iew .ut is con2ucte2 in -ore 2e1th) A PMA results -ainly in .etter e3i2ence
regar2ing the s1ecific 1rocess or technology) - E3i2ence that we -ight reuse as gui2elines for
the future)
After action re3iews, short -eetings ai-e2 at e3aluating 1erfor-ance in the -i22le of action
are a si-1le way for in2i3i2uals an2 the tea-s to learn i--e2iately fro- .oth successes an2
failures)
!&
+;APTER 9 +;APTER 9
APP/I+ATIONS O7 E(SE IN EQISTIN@ SO7T?ARE
EN@INEERIN@ /I7E +P+/E
9)!+ase of +y.er 7orensics
The ra1i2 1roliferation of the Internet has resulte2 in increase in the +y.er-cri-es also,
es1ecially in the conte0t of harass-ent of the networ5 user 1o1ulation) +y.er-cri-es -ay .e
2efine2 as those cri-es in3ol3ing co-1uters as tools for co--itting cri-es or co-1uters as
the targets of cri-es) +o--unity centers, Internet 5ios5s, cy.er cafes 1ro3i2ing Internet
access 1oints in large cities, townshi1s an2 -etros are o.ject of attac5 fro- antisocial
ele-ents) So-e of the co--on anti-social acti3ities here inclu2e s1a--ing of -ails,
hac5ing, sales an2 in3est-ent frau2s) Si-ilar to con3entional cri-es an2 its forensic
analysis, the cri-es an2 its in3estigation an2 analysis in the cy.er worl2 for-s a 1art of the
+y.er 7orensics)
!#
9)!)! Pro1ose2 Syste-
A han2-hel2, 1orta.le ga2gets with the ca1a.ility of 2ownloa2ing a few 5ilo.ytes of security
2ata fro- an Internet Ser3ice Pro3i2er=s we. ser3er for effecti3e -onitoring in real-ti-e
-o2e to hel1 1olice 1atrol to classify 1atrolling o1erations in ris5y an2 safe classes) These
han2hel2 2e3ices, which were 1ro1ose2, ta5e 2ata fro- the we. .rowsers at cy.er cafes in
3arious locations) Monitoring the 3arious e3i2ences recei3e2 .y the we. .rowsers, filtere2
2ata is sent to the 1olice 1atrol) 7or e0a-1le we ha3e 3arious e3i2ences of the age of a
1erson, we. .rowsers use2, location of the user, we.site accesse2 etc) ata or infor-ation
a.out thousan2s of 1eo1le are collecte2 an2 store2 at the 2ata.ase at the .ac5en2) An
Infor-ation syste- is -a2e out of the 2ata .ase, an2 on the .asis of e3i2ence, a 2ecision is
-a2e as to which user coul2 .e a 1otential cy.er-cri-inal ' cy.er-attac5 3icti-) (efore
1rocee2ing any further, we nee2 to 2escri.e, as to what are Infor-ation Syste-s)
7ig 2) Pro1ose2 Infor-ation Syste-
The 1roject is actually a -onitoring syste-, which -a5es references to the 2ata.ase of the
users an2 their 3arious attri.utes) The relationshi1 .etween these attri.utes 2eci2es, whether
a user is a cy.er-cri-inal or not) The e3i2ence collection algorith- gi3en .elow will hel1 in
-a5ing the conte0t clearer)
!:
9)!)2 eri3e2 Algorith-
2"
7ig 4) Algorith-
In an e01lanation to the a.o3e algorith-, first we first choose a single 1ara-eter *i)e) age,)
Then we fin2 the result, which is the infor-ation gain in this case) The infor-ation gain
o.taine2, is sai2 to .e 3ali2, within a certain range of 3alues) If the Infor-ation gain is not
a2e6uate, then we collect further e3i2ences of the sus1ecte2 users to fin2 out whether they
are 1otential ele-ents to a11en2 to the sus1icious set of the -o2ule If the Infor-ation gain is
within a certain 2efine2 li-its, then we -onitor another set of 1ara-eters) ;ence, this
a11lication hel1s in -onitoring the syste- an2 hel1s in 2eci2ing which Infor-ation is to .e,
sent to the han2hel2 2e3ice)
"hus the #$S# techni%ues of &nformation gain and 'ough Set "heory applied here
increases the success rate.

2!
9)2 A11lication of E(SE in ITES an2 E-Ser3ice sectors
The Infor-ation technology Ena.le2, ser3ices *ITES,, is a for- of outsource2 ser3ice, which
has e3ol3e2, 2ue to the in3ol3e-ent of IT in 3arious fiel2s, such as .an5ing an2 finance,
teleco--unications, insurance etc) 7ir-s, usually fro- 2e3elo1e2 countries, outsource such
ser3ices to countries li5e In2ia, +hina, in or2er to gain fro- large talent 1ool at low cost)
@oing ahea2 we -ay see -ore co-1anies outsourcing such ser3ices an2 hence high
co-1etition is e01ecte2 within countries an2 co-1anies 1ro3i2ing IT-ena.le2 ser3ices)
?hile entering into such outsourcing contracts, the effecti3e role 1laye2 .y trustworthiness
of the organiFation, which will .e e0ecuting the 1roject, inlays a significant role) This is
analogous to +re2it history a2o1te2 .y .an5s for sanctioning loans) Since we. has .eco-e a
2o-inant uni3ersal -e2iu- of interaction for .usinesses, in2i3i2uals an2 the society, the
sco1e an2 co-1le0ity of ?e. a11lications ha3e grown significantly fro- infor-ation
2isse-ination to online transactions, enter1rise-wi2e 1lanning sche2uling syste-s,
colla.orati3e wor5 en3iron-ents an2 1ersonaliFe2 we. sites) ITES inclu2es we.-.ase2
a11lications .ase2 on functionality, li5e in the transactional an2 in the interacti3e wor5
en3iron-ents) This 1ri-arily in3ol3es online or2ering of goo2s an2 ser3ices, online .an5ing,
status -onitoring an2 su11ly chain -anage-ent) As it has .een .rought out in the 1re3ious
sections, there is a strong nee2 to assess the figure of -erit fro- the security 1oint of 3iew
for any city-.ase2 infrastructure in an outsourcing'outsource2 nation where the 1roject is
.eing e0ecute2) The infrastructure 2oes not -erely refer to the 1hysical har2ware'software
setu1)
There is a certain trustworthiness le3el of any 1articular ser3ice unit *ITES, an2 how far the
ser3ice unit has succee2e2 in achie3ing an2 -aintaining its targets) The assess-ent of
1ara-eters, which 1lay a significant role in 2eter-ining +y.er trustworthiness of any ser3ice
unit, re6uire e3i2ence collection)
These 1ara-eters areD
(i) (yber (rime &nde) (((&)
This is the -easure of the 3arious +y.er +ri-es that occur at a 1articular ser3ice unit in a
city where the outsourcing infrastructure has .een installe2 an2 in3ol3es inter-nation illegal
atte-1ts that ha3e ta5en 1lace in the ti-e 1erio2 of o.ser3ation) This +y.er +ri-e In2e0 can
.e 2eter-ine2 .y certain actions 1erfor-e2 .y the user) ?e suggest a22ing a ser3ice 1atch
with the o1erating syste- that tells the occurrences of cy.er-cri-es) 7or instance, if a user is
using >co1y >co--an2, then it shoul2 .e foun2 as to what co--an2s has he'she use2 .efore
an2 after the >co1y=co--an2) If the user uses >cut= co--an2 .efore >co1y= an2 >1aste=
co--an2 after the >co1y= co--an2 continuously, for a large nu-.er of 1rocesses, then it
-ight create a sus1icion, that so-ething wrong is .eing 2one) A nu-.er of e3i2ences are
further calculate2 to 2etect the cy.er cri-inal) ;ence we reco--en2 a har2ware *o1erating
syste-, 1atch to .e 2esigne2, on the .asis of e3i2ence collection, as 2escri.e2 a.o3e)
22
(ii) (ustomer satisfaction rate
It 2eter-ines the 1ercentage-.ase2 3alue of the nu-.er of the satisfie2 custo-ers 1er unit
ti-e) The +SR 3alue 2eter-ines the relia.ility an2 the ser3icea.ility of the infrastructure
unit) ?ee5ly 1roject 1rogress of the target as 1er the PERT chart ser3es an i-1ortant
1ara-eter) There are a nu-.er of online ser3ices a3aila.le to 2eter-ine the custo-er
satisfaction rate in any location)
8arious sur3eys are con2ucte2 to re3eal the critical facts clients nee2 to 5now a.out their
custo-ers, the le3el of satisfaction of the custo-ers) ?e also ha3e an E-ail Message
Manage-ent Syste- *EMMS,, which effecti3ely -anages online sur3ey e-ail -essages to
-eet the uni6ue -essaging re6uire-ents of large-scale co-1le0 sur3ey 1rogra-s)
PersonaliFe2 -essages that enhance relationshi1 an2 2ialog colla.oration can .e 2eli3ere2 to
the 1eo1le who -atter -ost to the success of any organiFation) It is 1ossi.le to sen2
-essages whene3er we nee2 the-, e3en sche2ule the- on the .asis of the rules we set)
So-e ITES organiFations also ha3e an Online Re1ort +enter *OR+,, which 1ro3i2e a ti-ely
an2 relia.le way to access an2 2isse-inate sur3ey results) This OR+ technology 1ro3i2es a
1ainless way to organiFe your sur3ey results into re1orts that s1ecifies the .usiness 1riorities
in a -eaningful, easy-to-rea2 style) It gi3es the 1ower to 6uic5ly res1on2 to .usiness
o11ortunities an2 challenges in ti-e) The OR+ facilities can .e use2 with intuiti3e re1ort
.uil2ing interfaces to e0tensi3ely a sur3ey results) (asic an2 a23ance2 re1orts can .e .uilt
for .oth 1erio2ic sur3eys an2 continuous sur3eys) This -etho2ology is .ase2 on the lines of
TIO(E 1rogra--ing in2e0, which is u12ate2 e3ery -onth) This TIO(E in2e0 -aintains the
list of 1rogra--ing languages as 1er their suita.ility an2 their ratings) (y a11lying a search
engine 6uery, a lot of hit counts are collecte2) The search 6uery is e0ecute2 for regular
@oogle, PahooR An2 MSN we. search)
24
+;APTER & +;APTER &
E(SE IN A+AEMI+S AN E<+ATIONA/
INSTIT<TIONS
Researchers ha3e o.taine2 encouraging results fro- teaching E(SE 1rinci1les to uni3ersity
stu2ents) 7or the last three years E(SE has .een taught to uni3ersity stu2ents at ;EMARB
<NI8ERSITP +O//E@E, RENA, NOR?AP) The -oti3ation for E(SE course is that, it is
essential for the stu2ents as future 1ractitioners, to learn how to .ase i-1ortant software
engineering 2ecisions on the critical e3aluation of the .est a3aila.le e3i2ence)
&)! Moti3ation of teaching E(SE to uni3ersity stu2ents
The -ain -oti3ation for the E(SE course is to 1ro3i2e the future software 1rofessionals
with the 5nowle2ge, e01erience, attitu2e an2 s5ill to ena.le the- to -a5e .etter 2ecisions)
The 3arious reasons for teaching the E(SE courses to uni3ersity stu2ents areJ -
O The software in2ustry will .enefit fro- -o3ing in the right 2irection of e3i2ence-.ase2
software engineering
O Software engineering stu2ents, in general, ha3e insufficient 5nowle2ge an2 1ractice
regar2ing the e3aluation of argu-ents) In their 1rofessional li3es, they are fre6uently
re6uire2 to ar.itrate .etween conflicting conclusions of 2ifferent lines of argu-ent) An
E(SE course -ay su11ort the critical an2 syste-atic e3aluation of argu-ents)
O Stu2ents nee2 to learn to collect infor-ation fro- all ty1es of sources, e)g) fro- li.rary
2ata.ases, te0t.oo5s, the Internet an2 other 1eo1le=s e01eriences, an2 to assess critically, the
rele3ance an2 3ali2ity of this infor-ation) 7or e0a-1le, the stu2ents we ha3e taught E(SE
ha2 ne3er ha2 any teaching in how to e0a-ine scientific stu2ies critically or how to
syste-atically e3aluate the argu-ents 1resente2 in course te0t.oo5s an2 co-1uter
-agaFines)
O <ni3ersities shoul2 ha3e a stronger focus on how to ac6uire new 5nowle2ge an2 s5ill)
2%
S5ill in the for-ulation of -eaningful 6uestions, the i2entification of rele3ant infor-ation
an2 critical assess-ent of stu2ies are of a long lasting 3alue)
O The software in2ustry is full of hy1e) ;y1es are s-all changes of ol2 -etho2 hea3ily
-ar5ete2 as -etho2s that will re3olutioniFe the 1ro2ucti3ity of the software in2ustry)
Teaching E(SE to uni3ersity stu2ents -ay .e an i-1ortant -eans to software engineering to
.eco-e a -ore -ature 2isci1line with -ore resistant towar2s hy1e) In 1articular, we .elie3e
that E(SE -ay lea2 to -ore critical assess-ent of 2e3elo1-ent -etho2s an2 -ar5eting
1loys)
It is not easy to stu2y the 2egree to which these assu-1tions are true an2 the 2egree to which
E(SE will ha3e a 1ositi3e i-1act on the software 1ractice) It is, for e0a-1le, not o.3ious
what to co-1are E(SE 1ractice without of all the other 2ecision--a5ing 1ractices) In so-e
colleges, the course is -a2e -an2atory for stu2ent following the syste-s 2e3elo1-ent
1rogra-) Many of the stu2ents who ha3e un2erta5en the E(SE course ha3e starte2 wor5ing
as software 1rofessionals) The E(SE course has .een organiFe2 an2 taught in 3arious
uni3ersities in 2ifferent -o2ules)
The course structure has two intensi3e teaching -o2ules an2 a su1er3ise2 1roject tas5) This
course is .asically an !!-wee5 course)
In the first wee5, the teaching -o2ule starts an2 stu2ents are e01ecte2 to 2o a su1er3ise2
in2i3i2ual 1roject wor5, which -ight e0ten2 to % wee5s) Another teaching -o2ule starts in
the $
th
wee5 followe2 .y su1er3ise2 in2i3i2ual 1roject wor5 an2 2eli3ery of the co-1lete
1roject re1ort)
The Project 2eli3ery *E(SE 1ractice wor5, is e3aluate2 as H1asse2I or H not 1asse2I) In
or2er to 1ass, a 1roject -ust fulfil the following criteriaD
O An answera.le software engineering 6uestion'1ro.le- -ust .e for-ulate2 1ro1erly) This
re6uires that ter-inology .e e01laine2 an2 that the 1ro.le- .e s1ecifie2 1recisely) The
6uestion shoul2 .e rele3ant for software 1rofessionals) An e0a-1le of a 1ro1er 1ro.le-
foun2ation is the followingI ?hat is the effect of Q, for organiFation'2e3elo1ers of ty1e P, in
situations of ty1e SNI
O An e0tensi3e search for rele3ant results an2 1ractice-relate2 e01erience -ust .e con2ucte2)
In 1ractise, we ha3e re6uire2 thatD
a, A3aila.le uni3ersity li.rary search facilities are use2 with a11ro1riate search
ter-inologies)
., At least one e01ert on the to1ic is contacte2 for infor-ation)
c, At least two co-1anies for rele3ant 1ractice are contacte2)
O The rele3ance an2 3ali2ity of the results, o1inions, 3iew1oints recei3e2 fro- the 2ifferent
sources -ust .e e3aluate2 1ro1erly)
2$
O A cogent argu-ent -ust .e constructe2 that -arshals the a3aila.le e3i2ence to su11ort a
conclusion)
+;APTER # +;APTER #
IMP/I+ATIONS 7OR E(SE
It is clear that a full-scale i-1le-entation of E(SE is an e0tre-ely a-.itious goal) It cannot
.e achie3e2 without e0tensi3e colla.oration an2 long-ter- co--it-ent a-ong in2i3i2ual
research grou1s worl2wi2e, an2 acti3e su11ort fro- other sta5ehol2ers such as 1ractitioners
in in2ustry, certification .o2ies etc) 7urther-ore it cannot .e achie3e2 without initial
financial su11ort fro- research fun2ing agencies to ena.le the .asic technological an2
-etho2ological infrastructure to .e esta.lishe2) It is clear that in2i3i2ual 1ractitioners an2
researchers can use so-e of the i2eas of E(SE without e0tensi3e technical su11ort)
29
+;APTER : +;APTER :
+ON+/<SION
E(SE is the .est -etho2 in the fiel2 of s'w engineering with certain 2raw.ac5s an2
hin2rances, .ut it surely has 1ro-ising 1ros1ects) Researchers nee2 to 1erfor- an2 re1ort
re1lication stu2ies in or2er to accu-ulate relia.le e3i2ence a.out SE to1ics) So, although
rigor is necessary con2ition for rele3ant SE research, it isn=t sufficient) SE shoul2 not solely
rely on la.oratory e01eri-ents an2 shoul2 atte-1t to gather e3i2ence fro- in2ustrial
e01eri-ents, using o.ser3ation stu2ies, sur3eys an2 fiel2 e01eri-ents) It is clear that the full
scale i-1le-entation of E(SE is an e0tre-ely a-.itious goal, which cannot .e achie3e2
without e0tensi3e colla.oration an2 long-ter- co--it-ent a-ong research grou1s an2 other
acti3e sta5ehol2ers such as 1ractitioners in the in2ustry, certification .o2ies etc) ;owe3er,
continuing e3olution in the SE 5nowle2ge will hel1 software organiFations to a2o1t goo2
1ractice -ore 6uic5ly with fewer ris5s, i-1ro3e the 6uality of 1ro2ucts, an2 hence re2uce the
ris5s of 1roject failures)
2&
APPENIQ A APPENIQ A


@/OSSARP
SE Software Engineering
EBSE E3i2ence (ase2 Software Engineering
9/A Post -orte- analysis
2#
APPENIQ ( APPENIQ (
/IST O7 7I@<RES
7igure ! TTTTTTTTT)))))))TTTTTTTTTT)TTTTTTTTT))
7igure 2 TTTTTT))TTTT)TTTTTTT))))))))TTTTTTTTTTT
7igure 4 TT))TTTTTTTTT)TTTTTT))))))))TTTTTTTTTTT
2:
APPENIQ + APPENIQ +
RE7EREN+ES
A!C (ar.ara A) Bitchenha-, Tore y.U, Magne VWrgensen- E3i2ence (ase2 Software
Engineering)
A2C Sunan2a +how2hary, Shil1i Voshi, Ta1asya Pat5i, 8i1in Shar-a, Anshu +how2hary,
A)() Pat5i, 8i-al @aur, +y.er +ri-e Manage-ent using E3i2ence .ase2 Software
Engineering- (an5ing an2 Insurance In2ustries, Procee2ings of the %th National
+onference, INIA+OM, 2"!", 7e3 2$-29, 2"!", New elhi)
A4C Shil1i Voshi- E(SE an2 APP/I+ATIONS,D Su--er Internshi1 Re1ort No)
IT'IR*R+M,'"!'Vune 2""&)
4"