List of Figures xvList of Tables xviiForeword xxiPreface xxiiiAcknowledgments xxviiAcronyms xxix1 ReMo: A Recommendation Development Model for Software Process Improvement 1Sujin Choi, Dae-Kyoo Kim, Sooyong Park1.1 Introduction 21.2 Motivation 31.3 Related Work 51.4 Recommendation Development Model: ReMo 71.4.1 Correlation Analysis 91.4.2 Refining Improvement Packages 141.4.3 Building Recommendations 211.5 Case Studies 251.5.1 Phase I 281.5.2 Phase II 281.5.3 Phase III 281.5.4 Phase IV 291.6 Evaluation 291.6.1 Process Evaluation 301.6.2 Outcome Evaluation 321.6.3 Threats to Validity 361.7 Discussion 371.8 Conclusion 38References 392 A Framework for a Sustainable Software Security Program 47Monica Iovan, Daniela S. Cruzes, Espen A. Johansen2.1 Introduction 482.2 Software Security Best Practices 492.2.1 Microsoft Security Development Lifecycle for Agile Development 492.2.2 Building Security in Maturity Model 502.2.3 OWASP Software Assurance Maturity Model 522.2.4 Software Security Services 532.3 Software Security in Visma 552.4 Top-Down and Bottom-Up Approach of a Sustainable Program 552.4.1 Ensuring the Adoption and Implementation of Security Practices 562.4.2 Enabling the Adoption and Implementation of Security Practices 572.4.3 Empowering the Teams 572.4.4 Embedding the Security Activities 582.5 Explorability of a Sustainable Software Security Program 582.5.1 Researching and Innovating Services 582.5.2 Creating New Services 602.5.3 Persuasion Focusing on the Types of Software Development Teams 612.5.4 Service Onboarding 632.6 Exploiting Existing Services 632.6.1 Collecting Continuous Feedback 642.6.2 Retrofitting the Services 652.6.3 Focus on Investment Costs and Benefits 662.6.4 Discontinuing a Service 662.7 Pitfalls of a Sustainable Software Security Program 672.8 Further Reading 682.9 Conclusion 68References 683 Linking Software Processes to IT Professionalism Frameworks 71Luis Fernández-Sanz, Inés López Baldominos, Vera Pospelova3.1 Introduction 723.2 Process Standards 743.3 IT Professionalism Standards 753.3.1 ESCO 763.3.2 European e-Competence Framework 763.3.3 Skills Match Framework 773.4 Linking Software Processes and IT Professionalism Frameworks 783.5 Analysis of Recommended Skills in Processes According to Participating Professional Roles 793.6 Conclusions 84References 844 Monitoring and Controlling Software Project Scope Using Agile EVM 89Avais Jan, Assad Abbas, Naveed Ahmad4.1 Introduction 904.2 Related Work 914.2.1 Tools and Techniques Used for Scope Definition 924.2.2 Traditional Project Scope Definition 934.2.3 Tools and Techniques for Agile Project Scope Definition 944.3 EVM Applications and Calculation 944.4 Research Methodology 964.4.1 Systematic Literature Review 974.4.2 Mapping of Factors with A-SPSRI Elements 984.5 Quantification of A-SPSRI Elements and Running Simulation 1014.5.1 Quantification of A-SPSRI Elements 1014.5.2 Running Simulations and Their Integration with Agile EVM 1014.5.3 Case Study 1 1034.5.4 Case Study 2 1104.6 Experimental Evaluation of Simulated Results 1124.6.1 Regression Model Interpretation 1124.6.2 Interpretation 1134.7 Conclusion 114References 1155 Modeling Multi-Release Open Source Software Reliability Growth Process with Generalized Modified Weibull Distribution 123Vishal Pradhan, Ajay Kumar, Joydip Dhar5.1 Introduction 1245.2 Background 1265.3 Proposed Models 1275.3.1 Model-1 (General Model) 1275.3.2 Model-2 (Multi-Release Model) 1285.4 Performance Evaluation with Data Analysis 1285.4.1 Dataset and Parameter Estimation 1285.4.2 Competing Models and Comparison Criteria 1295.4.3 Least Square Estimation (LSE) 1295.4.4 Goodness of Fit 1305.4.5 Comparison of Results 1305.5 Conclusion 131References 1326 Developing a Reference Model for Open Data Capability Maturity Assessment 135Murat Tahir Çalda, Ebru Gökalp6.1 Introduction 1366.2 Literature Review 1376.2.1 Theoretical Background 1376.2.2 Related Works 1376.3 Model Development 1396.3.1 Scope 1396.3.2 Design 1396.3.3 Populate 1406.3.4 Test 1406.3.5 Deploy and Maintain 1406.4 Open Data Capability Maturity Model 1406.4.1 Process Dimension 1406.4.2 Capability Dimension 1436.5 Conclusion 144References 1457 AHP-Based Prioritization Framework for Software Outsourcing Human Resource Success Factors in Global Software Development 151Abdul Wahid Khan, Ghulam Yaseen, Muhammad Imran Khan, Faheem Khan7.1 Introduction 1527.2 Literature Review 1537.3 Research Methodology 1537.3.1 Systematic Literature Review 1547.3.2 Search String Process 1547.3.3 Search String Development 1557.3.4 Selection of Publications 1557.3.5 Commencement of Data Extraction 1577.3.6 Result Generated for Research Questions through SLR by Applying Final Search String 1587.3.7 Categorization of Identified Success Factors 1597.3.8 Analytical Hierarchical Process (AHP) 1607.4 Proposed Methodology 1627.4.1 Questionnaire Development 1637.4.2 Data Sources 1637.4.3 Validation of Identified Success Factors 1637.4.4 Application of AHP to Prioritize Success Factors 1647.4.5 Comparison of Proposed Framework 1697.5 Limitations 1697.6 Implications of the Study 1697.7 Conclusions and Future Work 170References 1708 A Process Framework for the Classification of Security Bug Reports 175Shahid Hussain8.1 Introduction 1768.2 Related Work 1778.2.1 Text Mining for Security Bug Report Prediction 1778.2.2 Machine Learning Algorithms-Based Prediction 1788.2.3 Bi-Normal Separation for Feature Selection 1788.3 Proposed Methodology 1788.3.1 Data Gathering and Preprocessing 1798.3.2 Identifying Security-Related Keywords 1798.3.3 Scoring Keywords 1808.3.4 Scoring Bug Reports 1818.4 Experimental Setup 1818.4.1 Machine Learning Algorithm 1818.4.2 Dataset 1818.4.3 Performance Evaluation 1818.5 Results and Discussion 1828.5.1 Response to RQ1 1828.5.2 Response to RQ2 1828.6 Conclusion 183References 1839 A Systematic Literature Review of Challenges Factors for Implementing DevOps Practices in Software Development Organizations: A Development and Operation Teams Perspective 187Mohammad Shameem9.1 Introduction 1889.2 Research Methodology 1899.2.1 Stage-1: Planning the Review 1899.2.2 Stage-2: Conducting the Review 1919.2.3 Stage-3: Reporting the Review Process 1919.3 Results 1929.3.1 RQ1 (Challenges Identified in the Literature) 1929.3.2 RQ2 (Most Critical Challenges) 1929.3.3 RQ3 (Development and Operation Analysis) 1939.4 Discussion and Summary 1949.5 Threats to Validity 1949.6 Conclusions and Future Study 195References 19510 DevOps' Culture Challenges Model (DC2M): A Systematic Literature Review Protocol 201Muhammad Shoaib Khan, Abdul Wahid Khan, Javed Khan10.1 Introduction 20210.2 Background 20310.3 Systematic Literature Review Protocol 20410.4 Creating the Search String 20510.5 Search Strategies 20510.5.1 Trial Search 20510.5.2 Recognizing Search Terms Attributes 20610.5.3 Results for a 20610.5.4 Results for b 20610.5.5 Results for c 20710.5.6 Results for d 20710.6 Final Search String Construction 20810.7 Selection Criteria and Search Process 20910.7.1 Inclusion Criteria 20910.7.2 Exclusion Criteria 20910.7.3 Selection of Primary Sources 21010.8 Assessment of Publication Quality 21010.9 Data Extraction Stage 21010.9.1 Initiation of Data Extraction Phase 21010.9.2 Presentation of Data Extraction 21110.9.3 Data Extraction Process 21110.9.4 Data Storage 21110.10 Data Synthesis 21210.11 Discussion 21210.12 Validation of Review Protocol 21310.13 Limitation 214References 21411 Critical Challenges of Designing Software Architecture for Internet of Things (IoT) Software System 219Noor Rehman, Abdul Wahid Khan11.1 Introduction 22011.2 Background 22111.2.1 Layered Architecture Pattern 22211.2.2 Microservices Software Architecture 22211.2.3 Event-Driven Software Architecture Pattern 22311.2.4 Blackboard Software Architecture Pattern 22411.2.5 Systematic Literature Review for SADM 22411.3 Research Questions 22411.4 Research Methodology 22511.4.1 Constructing Search Term Formulation 22511.4.2 Publication Selection Process 22911.4.3 Quality Assessment of the Publication 23011.4.4 Data Extraction 23011.4.5 Data Extraction Demonstration 23011.4.6 Findings 23211.5 Continent-Wise Comparison of the Challenges Found 23511.6 Limitations 23511.7 Conclusion and Future Work 236References 23712 Challenges to Project Management in Distributed Software Development: A Systematic Literature Review 241Sher Badshah12.1 Introduction 24212.2 Related Work 24212.3 Methodology 24312.3.1 Planning the Review 24412.3.2 Conducting the Review 24512.3.3 Reporting the Review 24612.4 Results and Discussion 24612.5 Conclusion and Future Work 248References 24913 Cyber Security Challenges Model: SLR-Based Protocol and Initial Findings 253Shah Zaib, Abdul Wahid Khan, Iqbal Qasim13.1 Introduction 25413.2 Related Work 25413.3 Systematic Literature Review (SLR) Protocol 25613.4 Research Questions 25613.5 Search Term Construction 25613.6 Strategies for Searching 25713.6.1 Trial Searching 25713.6.2 Characteristics of Search Terms 25713.7 Process of Search String 25813.7.1 Development of Search String 25813.7.2 Resources to be Searched 25913.8 Selection of Publication 25913.8.1 Inclusion Criteria 25913.8.2 Exclusion Criteria 26013.8.3 Support of Secondary Reviewer 26013.9 Assessment of Publication Quality 26013.10 Data Extraction Phase 26113.10.1 Commencement of Data Extraction Phase 26113.10.2 Presentation of Extracted Data 26113.10.3 Data Extraction Process 26113.10.4 Data Storage 26213.11 Literature Search and Selection 26213.12 Results 26313.12.1 Challenges in CSCM Based on Database/Digital Libraries 26313.12.2 Challenges in CSCM Based on Methodology 26513.13 Discussion 26613.14 Limitations 26613.15 Conclusion and Future Work 266References 26714 A Process Assessment Model for Human Resource Skill Development Enabling Digital Transformation 271Ebru Gökalp14.1 Introduction 27214.2 Literature Review 27314.2.1 Human Resource Skill Development 27314.2.2 Theoretical Background 27314.3 Process Assessment Model for Human Resource Skill Development 27414.3.1 Process Dimension 27414.3.2 Capability Dimension 27414.4 Application of the Process Assessment Model for DX-HRSD 27614.5 Findings and Discussions 27714.6 Conclusion 279References 279

Arif Ali Khan is at the University of Jyvskyl, Finland. He obtained his PhD degree in software engineering from the Department of Computer Science, City University of Hong Kong. He has participated in and managed several empirical software engineering related research projects. He has expertise in software outsourcing, process improvement, 3C's (communication, coordination, control), requirements change management, agile software development and evidence-based software engineering. Khan has published over 40 articles in peer reviewed conferences and journals.Dac-Nhuong Le obtained his PhD in computer science from Vietnam National University, Vietnam in 2015. He is Deputy-Head of Faculty of Information Technology, Haiphong University, Vietnam. His area of research includes: evaluation computing and approximate algorithms, network communication, security and vulnerability, network performance analysis and simulation, cloud computing, IoT and image processing in biomedicine. He has more than 50 publications and edited/authored 15 computer science books, many with the Wiley-Scrivener imprint.