Non-functional requirements (NFR), which include performance, availability, and maintainability, are vitally important to overall software quality. Research has shown NFRs are, in practice, poorly defined and difficult to verify. Continuous software engineering (CSE) practices, which extend agile practices, emphasize fast-paced, automated, and rapid release of software that poses additional challenges to handling NFRs. Thus we are left at a crossroad where NFRs are vital to the success of quality, but NFRs are often deprioritized over functional aspects; the result is that an organization is unable to build and maintain a shared understanding of important NFRs, which ultimately hinder an organization’s ability to achieve continued success. In remote CSE organizations, managing NFRs becomes more challenging due to the limitations of team communication.
A specific NFR of note is privacy, as consumer data privacy has increasingly become a crucial aspect that software organizations must consider when developing software. In particular, in recent times, governments around the world are actively enacting new legislation that govern the legal boundaries for how software organizations handle privacy. Specifically, the General Data Protection Regulation (GDPR) passed in the European Union introduced guidelines regarding processing and collection of personal data from European Union citizens. Therefore, how an software organization can adequately comply with the GDPR became a new profound challenge for any software organization that handles European Union private data.
The goal of this project is to explore how industrial organizations practising CSE are handling NFRs. The following research questions are guiding out research:
1) What is the interplay between shared understanding of non-functional requirements and continuous software engineering?
2) How does one effectively build, manage, and maintain a shared understanding of non-functional requirements in continuous software engineering?
3) How does a small software organization practicing CSE move towards GDPR (privacy) compliance
4) How does a remote software organization that adopts CSE practices reach a shared understanding of NFRs?
5) What are the limitations to the shared understanding of NFRs in a remote software organization that adopts CSE practices?
Laura Okpara, Colin Werner, Adam Murray, and Daniela Damian “A Case Study of Building Shared Understanding of Non-Functional Requirements in a Remote Software Organization” In 2022 IEEE 30th International Requirements Engineering Conference (RE’ 2022), Melbourne, Victoria, Australia, 2022 (preprint).
Colin Werner, Ze Shi Li, Derek Lowlind, Omar Elazhary, Neil Ernst, and Daniela Damian, Continuously Managing NFRs: Opportunities and Challenges in Practice, in IEEE Transactions on Software Engineering, doi: 10.1109/TSE.2021.3066330, to appear 2021. (preprint)
Omar Elazhary, Colin Werner, Ze Shi Li, Derek Lowlind, Neil Ernst, and Margaret-Anne Storey, Uncovering the Benefits and Challenges of Continuous Integration Practices, in IEEE Transactions on Software Engineering, doi: 10.1109/TSE.2021.3064953, to appear 2021. (preprint)
Colin Werner, Ze Shi Li, Neil Ernst, and Daniela Damian, The Lack of Shared Understanding of Non-Functional Requirements in Continuous Software Engineering: Accidental or Essential?, 2020 IEEE 28th International Requirements Engineering Conference (RE), Zurich, Switzerland, 2020, pp. 90-101, doi: 10.1109/RE48521.2020.00021. (preprint)
Ze Shi Li, Colin Werner, and Neil Ernst, Continuous Requirements: An Example Using GDPR, 2019 IEEE 27th International Requirements Engineering Conference Workshops (REW), Jeju, Korea (South), 2019, pp. 144-149, doi: 10.1109/REW.2019.00031. (preprint)