ICSE-SEIS '18- Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Society

In the last years, a number of Open-Source Systems (OSS) have created parallel foundations, as legal instruments to better articulate the structure, collaboration and financial model for the project. Some examples are Apache, Linux, Mozilia, Eclipse or Django foundations. Nevertheless, foundations largely differ in the kind of mission they have and the support they provide to their project/s. In this paper we study the role of foundations in open source software development. We analyze the nature of 89 software foundations and then focus on the 18 most relevant ones to study their openness and influence in the development practices taking place in the endorsed projects. Our results reveal the existence of a significant number of foundations with the sole purpose of promoting the importance of the free software movement and/or that limit them selves to core legal aspects but do not play any role in the day-to-day operations of the project (e.g., a few of them are just umbrelia organizations for a large variety of projects). Therefore, while useful, foundations do not remove the need for specific projects to develop their own governance, contribution and development policies.

App stores allow globally distributed users to submit user feedback, in the form of user reviews, about the apps they download. Previous research has found that many of these reviews contain valuable information for software evolution, such as bug reports or feature requests, and has designed approaches for automatically extracting this information. However, the diversity of the feedback submitted by users from diverse cultural backgrounds and the consequences this diversity might imply have not been studied so far.

In this paper, we report on a cross-cultural study where we investigated cultural differences in app store reviews and identified correlations to cultural dimensions taken from a well-established cultural model. We analyzed 2,560 app reviews written by users from eight countries with diverse national culture. We contribute evidence about the influence of cultural factors on characteristics of app reviews. Our results also help developers of automated feedback analysis tools to avoid cultural bias when choosing their algorithms and the data for training and validating them.

The growing population of cognitively impaired individuals calls for the emergence of a research area dedicated to developing computing systems that address their needs. The nature of this research area requires to bridge the many disciplines needed to develop human-centered, assistive computing systems. Such bridging may seem unattainable considering the conceptual and practical gaps between the related disciplines and the challenges of propagating human-related concerns throughout the many stages of the development process of assistive technologies. As a consequence, existing assistive technologies lack a proper needs analysis; their development is often driven by technology concerns, resulting in ill-designed and stereotype-biased systems; and, most of them are not tested for their effectiveness in assisting users.

In this paper, we propose a systematic exploration of this vast challenge. First, we define Assistive Computing as a research area and propose key principles to drive its study. Then, we introduce a tool-based methodology dedicated to developing assistive computing support, integrating a range of disciplines from human-related sciences to computer science. This methodology is purposefully pragmatic in that it leverages, aggregates and revisits numerous research results, concretizing it with a range of examples.

More generally, our goal is i) to provide a framework to conduct research in the area of Assistive Computing and ii) to identify the necessary bridges between disciplines to account for all the dimensions of such systems.

In this paper we draw attention to the challenges of managing software projects for vulnerable populations, i.e., people potentially exposed to harm or not capable of protecting their own interests. The focus on human aspects, and particularly, the inclusion of human-centered approaches, has been a popular topic in the software engineering community. We argue, however, that current literature provides little understanding and guidance on how to approach these type of scenarios. Here, we shed some light on the topic by reporting on our experiences in developing innovative solutions for the residential care scenario, outlining potential issues and recommendations.

Software engineering is at the core of the digitalization of society. Ill-informed decisions can have major consequences, as made evident in the 2017 government crisis in Sweden, originating in a data breach caused by an outsourcing deal made by the Swedish Transport Agency. Many Government Agencies (GovAgs) in Sweden are rapidly undergoing a digital transition, thus it is important to overview how widespread, and mature, software development is in this part of the public sector. We present a software development census of Swedish GovAgs, complemented by document analysis and a survey. We show that 39.2% of the GovAgs develop software internally, some matching the number of developers in large companies. Our findings suggest that the development largely resembles private sector counterparts, and that established best practices are implemented. Still, we identify improvement potential in the areas of strategic sourcing, openness, collaboration across GovAgs, and quality requirements. The Swedish Government has announced the establishment of a new digitalization agency next year, and our hope is that the software engineering community will contribute its expertise with a clear voice.

Although Agile is a well established software development paradigm, major concerns arise when it comes to contracting issues between a software consumer and a software producer. How to contractualize the Agile production of software, especially for security & mission critical organizations, which typically outsource software projects, has been a major concern since the beginning of the "Agile Era." In literature, little has been done, from a foundational point of view regarding the formalization of such contracts. Indeed, when the development is outsourced, the management of the contractual life is non-trivial. This happens because the interests of the two parties are typically not aligned. In these situations, software houses strive for the minimization of the effort, while the customer commonly expects high quality artifacts. This structural asymmetry can hardly be overcome with traditional "Waterfall" contracts. In this work, we propose a foundational approach to the Law & Economics of Agile contracts. Moreover, we explore the key elements of the Italian procurement law and outline a suitable solution to merge some basic legal constraints with Agile requirements. Finally, a case study is presented, describing how Agile contracting has been concretely implemented in the Italian Defense Acquisition Process. This work is intended to be a framework for Agile contracts for the Italian public sector of critical systems, according to the new contractual law (Codice degli Appalti).

According to Kohlberg, the final stage of morality is characterized by viewing laws as a means to an end by upholding values such as human dignity and fairness as guiding principles for complying with the essence of the law. Given that purpose of compliance is indeed wellbeing of citizens, software systems should, by design, incorporate these values so that laws are followed in spirit. How can we build software systems that incorporate these values? We present our work on disambiguating Health Insurance Portability and Accountability Act (HIPAA) so as to reduce the potential incidents of breach, thereby upholding of the aforesaid guiding principles of morality. We have employed deep learning based approaches to emulate the human process of disambiguation by integrating information from multiple sources, summarizing it, and augmenting the regulatory text with the additional information. This augmented regulatory text can be used by policy makers and software engineers to achieve compliance in spirit.

New and emergent computing architectures and software engineering practices provide an opportunity for environmental models to be deployed more efficiently and democratically. In this paper we aim to capture the software engineering practices of environmental scientists, highlight opportunities for software engineering and work towards developing a domain specific language for the configuration and deployment of environmental models. We hold a series of interviews with environmental scientists involved in developing and deploying computer based environmental models about the approach taken in engineering models, and describe a case study in deploying an environmental model (WRF: Weather Research Forecasting) on a cloud architecture. From these studies we find a number of opportunities for A) software engineering methods and tools such as Domain Specific Languages to play a role in abstracting from underlying computing complexity, and for B) new architectures to increase efficiency and availability of deployment. Together, we propose they will allow scientists to concentrate on fundamental science rather than specifics of the underlying computing.

The erosion of values such as privacy can be a critical factor in preventing the acceptance of new innovative technology especially in challenging environments such as the criminal justice system. Erosion of privacy happens through either deliberate or inadvertent surveillance. Since Bentham's original liberal project in the 1900s, a literature and a whole study area around theories of surveillance has developed. Increasingly this general body of work has focussed on the role of information technology as a vehicle for surveillance activity. Despite an abundance of knowledge, a unified view of key surveillance concepts that is useful to designers of information systems in preventing or reducing unintended surveillance remains elusive. This paper contributes a conceptual model that synthesises the gamut of surveillance theories as a first step to a theory building effort for use by Information Systems professionals. The model is evaluated using a design science research paradigm using data from both examples of surveillance and a recently completed research project that developed technology for the UK youth justice system.

On GitHub, contributing to a new project is crucial for a developer to gain personal growth and maximize impact in the community. It is known that female developers are often hesitant to explore the opportunities to contribute to new projects even when they possess the competence to make valuable contributions. Drawing from the literature of the competence-confidence gap, we develop a fresh explanation for this phenomenon. We validate the theoretical explanation through an empirical study using GitHub's historical data. In this study, we identify all female developers ranking in top 5,000 GitHub users. Using the Granger Causality Test, we find that, for the majority of identified female developers, initiating a pull request to a new repository is "Granger" caused by the quick increase of followers in the preceding couple of weeks. For most male developers, our observations show that their new pull requests have no relationship with the dynamics of follower numbers. The results indicate that the competence-confidence gap is a threat to female developers' contribution on GitHub. The research suggests that helping female developers to overcome the competence-confidence gap is critical for encouraging female's contribution open source development, as well as growing their reputations and impacts in the community.

Citizens envision the transition from the representative democracy to the online direct democracy. Inspired by the ancient Athenians' direct democracy, we propose an initial version of the framework Digital Ecclesia. We model the Digital Ecclesia as a social network that offers dynamic and large-scale reachability of citizens. Citizens are dynamically notified to participate and vote on discussion topics of new working groups. To address scalability and privacy challenges, the architecture of the Digital Ecclesia is distributed, i.e. each node runs a local program with its own storage that executes the voting procedure in parallel with other nodes. Nodes communicate to each other via exchanging encrypted messages in a scalable manner. We model the voting procedure as a non-cooperative game and we specify an algorithm for employing the voting game in a distributed fashion. Finally, we conduct the preliminary evaluation of the algorithm on a corpus of real-world votes.