Systems, Software and Services Process Improvement: 31st European Conference, EuroSPI 2024, Munich, Germany, September 4–6, 2024, Proceedings, Part I ... in Computer and Information Science, 2179)

Preface
Recommended Further Reading
Acknowledgements
Organization
Contents – Part I
Contents – Part II
SPI and Emerging and Multidisciplinary Approaches to Software Engineering
Empowering Software Project Success: Guidelines to Enhance the Impact of Human Critical Success Factors
	1 Introduction
	2 Factors Contributing to the Success of Software Projects
		2.1 Factors Identified in the Literature
		2.2 Factors Identified from Interviews
		2.3 Analysis, Comparison, and Integration of the Human CSFs
	3 Guidelines to Enhance the Positive Impact of Human Factors on the Success of Software Projects
		3.1 Action 1. Offering Recognition and Rewards
		3.2 Action 2. Offering Training Courses
		3.3 Action 3. Promoting Professional Development
		3.4 Action 4. Facilitating Work-Life Balance
		3.5 Action 5. Delegating Tasks and Granting Autonomy to Team Members
		3.6 Action 6. Establishing Communication Channels and Norms
		3.7 Action 7. Conducting Team Building Activities
		3.8 Action 8. Breaking Down Linguistic and Cultural Barriers
		3.9 Action 9. Selecting and Forming Competent Teams
		3.10 Action 10. Having an Onboarding Process
		3.11 Action 11. Defining and Applying Standards
	4 Conclusions and Future Work
	References
Data-Driven Software Engineering: A Systematic Literature Review
	1 Introduction
	2 Related Work
	3 Methodology
		3.1 Inclusion and Exclusion Criteria
		3.2 Search Engines
		3.3 Search Terms and Search String
		3.4 Search Process
	4 Discussion
		4.1 What is the Focus of the Study? (RQ1)
		4.2 Which Stage of the SE Process is the Primary Study Related to? (RQ2)
		4.3 What Data-Driven Approaches Are Used? (RQ3)
		4.4 Has a Specific Software Development Life Cycle Model Been Targeted? if so, Which Software Development Life Cycle Model Has Been Targeted? (RQ4)
	5 Conclusion
	References
Sleepless in the Code: Exploring the Relationship Between Occupational Anxiety and Sleep Patterns in the Software Industry
	1 Introduction
	2 Background
		2.1 Insomnia
		2.2 Anxiety and Sleep Relation in Software Practitioners
	3 Research Methods
	4 Results and Discussion
		4.1 Results
		4.2 Discussion
	5 Limitations
	6 Conclusion
	References
How to Explain Artificial Intelligence to Humans
	1 Introduction
	2 Literature Review
		2.1 Artificial Intelligence
		2.2 Quality Function Deployment
	3 Methodology and Methods
		3.1 Solving the World Formula
		3.2 How Does an Artificial Neural Network Learn?
		3.3 The Graph Model of Combinatory Logic
		3.4 The Power of Neural Networks
		3.5 Intelligent Systems
	4 Results
	5 Conclusions
	Appendix
	References
Large Language Models for Software Engineering: A Systematic Mapping Study
	1 Introduction
	2 Preliminaries
		2.1 Large Language Models
		2.2 Large Language Models for Software Engineering
	3 Research Methodology
		3.1 Research Questions
		3.2 Inclusion and Exclusion Criteria
		3.3 Study Selection Process
	4 Result and Discussion
		4.1 RQ1: Which LLMs Can Be Used for SE?
		4.2 RQ2: What Problems Are Associated with Using LLMs in SE?
	5 Conclusions
	References
REFIoT: A Framework to Combat Requirements Engineering in IoT Applications and Systems
	1 Introduction
	2 Challenges in RE
		2.1 Stakeholder Identification
		2.2 Communication
		2.3 Domain Knowledge
		2.4 Requirements Volatility
		2.5 Classification of Requirements Challenges
	3 The Requirements Engineering Framework for IoT Applications
	4 How the SPI Manifesto Could Address the IoT Requirements Challenges
	5 Conclusions and Further Research Directions
	References
Using Data Augmentation to Support AI-Based Requirements Evaluation in Large-Scale Projects
	1 Introduction
	2 Background and Related Work
	3 Research Design
		3.1 Research Questions
		3.2 Data Collection and Extraction
		3.3 Data Analysis Procedures
	4 Results
		4.1 RQ1: Data Augmentation Feasibility
		4.2 RQ2: Semantics and Optimizations
		4.3 RQ3: Using Augmented Data for Training Classifier Models
		4.4 Discussion
	5 Conclusion
	References
Artificial Intelligence-Enabled Medical Device Standards: A Multidisciplinary Literature Review
	1 Introduction
		1.1 AIeMD Devices on the Market
		1.2 AIeMDs Reviewed Under Existing Regulatory Framework
	2 Method
		2.1 Research Methodology
	3 Results
		3.1 Current AIeMD Standards
		3.2 Current AI Standards (Non-Industry Specific)
		3.3 Standards Under Development
		3.4 Literature Review Summary
	4 Discussion
		4.1 Regulatory Driver for AI Standards
		4.2 Conclusion
	References
Toward the Development of a Method for Identifying Problems and Providing Strategies to Reduce Them in Software Development Teams
	1 Introduction
	2 Background
		2.1 Systematic Mapping of Software Development Team Formation
		2.2 Characteristics of Highly Effective Software Development Teams
		2.3 Problems in the Formation of Software Development Teams
	3 Proposal
		3.1 People CMM
		3.2 Classifying the Characteristics of Highly Effective Software Development Teams Based on the People CMM Process Areas
		3.3 Classifying the Problems in Software Development Team Formation Based on the People CMM Process Areas
	4 Analysis of the Proposed Method Related to the SPI Manifesto
	5 Discussion, Conclusion, and Future Work
	References
Investigating Systems Modernisation: Approaches, Challenges and Risks
	1 Introduction
	2 Research Methodology
		2.1 Methodology
		2.2 Search Strings
		2.3 Inclusion/ Exclusion Criteria
	3 Analysis
		3.1 RQ1: Why is System Modernisation Necessary?
		3.2 RQ2: What Approaches Are Used in Legacy System Modernisation?
		3.3 RQ3: What Are the Risks and Costs of System Modernisation?
		3.4 RQ4: What Are the Challenges Associated with System Modernisation?
	4 Research Limitations and Future Work
	5 Conclusion
	References
Analysing the Role of Generative AI in Software Engineering - Results from an MLR
	1 Introduction
	2 Research Methodology
		2.1 Methodology
		2.2 Search Strings
		2.3 Inclusion/ Exclusion Criteria
	3 Analysis
		3.1 RQ1: What is Generative AI?
		3.2 RQ2: How is Generative AI Used in Software Engineering?
		3.3 RQ3: What Are the Benefits Associated with Using Generative AI in Software Engineering?
		3.4 RQ4: What Are Some of the Notable Risks that Come with Using Generative AI in Software Engineering?
	4 Research Limitations
	5 Directions for Future Research
	6 Conclusion
	References
Virtual Emergency Warnings via C-ITS – An Interdisciplinary Approach
	1 Introduction
	2 Framework Conditions and Challenges
	3 Interdisciplinary Lifecycle Model
	4 Approach
	5 The Emergency Drivers’ Perspective
	6 Findings
	7 Conclusions
	8 Outlook
	References
SPI and Functional Safety and Cybersecurity
AI-Driven Test Flow Generation from Semi-formal Functional Safety Requirements
	1 Introduction
	2 Semi-formal Notation of Safety Requirements
	3 Architecture of AI-Driven Test Flow Generation
		3.1 Reference Test Flow Creation
		3.2 Similarity Check and Test Flow Generation
	4 Conclusion
		4.1 Results
		4.2 Future Work
	References
Understanding the Implications: Critical Path Analysis vs Dependent Failure Analysis in ISO 26262 Safety Methodology
	1 Introduction
		1.1 Scope
		1.2 Relationship with the EUROSPI Manifesto
		1.3 Motive: Understanding the Advantages and Disadvantages of Both Techniques
	2 Case Study Methodology
	3 Critical Path Analysis Methodology
		3.1 Introduction
		3.2 Inputs/Outputs
		3.3 CPA Approach
	4 Dependent Failure Analysis Methodology
		4.1 Introduction
		4.2 Inputs/Outputs
		4.3 DFA Approach
	5 Exploring Diverse Safety Analysis Scenarios
		5.1 Comparing CPA and DFA in Terms of Technical Independence Property
		5.2 Comparing DFA from the Input’s Viewpoint: FTA/FMEA vs CPA
	6 Conclusion
	References
Towards the Development of a Data Security Risk Management Framework for Medical Device Software AI Models
	1 Introduction
	2 Literature Review
		2.1 Data Security Challenges in MDS AI Model Development
		2.2 Challenges for Adopting a Security Risk Management Standard or Framework
	3 Gaps and Implementation Challenges of the Existing Risk Management Standards and Frameworks
	4 Data Security Requirements for MDS AI Model Development
	5 The Proposed Risk Management Framework
	6 Future Work
	7 Conclusion
	References
Towards an Integrated Cybersecurity Framework for Small and Medium Enterprises
	1 Introduction
	2 Related Work
	3 The Framework
		3.1 Aims
		3.2 Activities
		3.3 Limitations
		3.4 The Prototype
	4 Conclusion and Future Work
	References
Situation Analysis for Railway Safety: Adapting SOTIF for Passive Crossings
	1 Introduction
	2 Background
		2.1 Hazards at Railway Crossings
		2.2 Situation Analysis Method
	3 Related Work
	4 Domain-Specific Adaptations
		4.1 Adaptation of the Situation Analysis Method for Railway
		4.2 Key Adaptations for Railway Context
	5 Situation Analysis Application
		5.1 Specification of ODD
		5.2 System Context
		5.3 Use Case Definition
		5.4 Scenario and Scene Selection
		5.5 Critical Situations Derived from Situation Analysis
		5.6 Required Goals for a Safe Traffic in Crossing Area
	6 Conclusion and Future Prospect
	References
Leveraging Digital Twins for Smart Hydropower: A Pathway to Industry 4.0
	1 Introduction
		1.1 Motivation
	2 Survey
	3 Results
	4 Discussion
	5 Conclusion
		5.1 Future Work
	6 Relation to SPI Manifesto
	References
A Proposal for ISO24089 Audit Methodology Before Type Approvals: Interface with Automotive SPICE® PAM4.0
	1 Introduction
		1.1 Scope
		1.2 Background and Related Work Approaches
		1.3 Relationship with the EUROSPI Manifesto
		1.4 Motive: Understanding the Structure of ISO24089 and Audit Requirements
	2 Case Study Methodology
	3 Case Study Analysis, Proposal and Results Consolidation
		3.1 Deep Analysis of ISO24089 Objectives and Audit Requirements
		3.2 Case Study Solution Proposal
		3.3 Recommendations of A-SPICE Assessment Setup with SUMS
	4 Study Results and Final Conclusion
	5 Recommendations for Future Work
	Appendix-A: List of Figures
	References
A Proposal for Enhancing IEC 61508 Methodology for the β-Factor Estimation
	1 Introduction
	2 Background
		2.1 β-factor Estimation
		2.2 Defense Measures
		2.3 A β-factor Methodology Focusing Industry’s Safety Culture
	3 Proposed Methodology
		3.1 Research Problem
		3.2 Research Artifact
	4 Illustrative Example
		4.1 Identify Redundancy
		4.2 Study of Safety Culture
		4.3 Fill Checklist
		4.4 Assigning Scores to Checklist Answers
		4.5 Assign Susceptibility Scores
		4.6 Estimate β-factor
	5 Discussion
		5.1 Methodology Insights
		5.2 Correspondence to SPI Manifesto
	6 Conclusion & Future Work
	References
Consistency for More Than One TARA and Security Element Out of Context Experiences
	1 Introduction and Items at Different Level
	2 Vehicle TARA Discussion and Difference to Tier 1 TARA
	3 Tier 1 TARA and Example
		3.1 Results on System Level – Top Down
		3.2 Results on Software Level – Bottom-Up
		3.3 Consistency Check
	4 Example: Design-TARA as Confirmation Analysis
	5 Security Element out of Context Element and Example
	6 Experiences with ASPICE for Cybersecurity
	7 Relationship with the SPI Manifesto
	References
SPI and Standards and Safety and Security Norms
Analysis of Automotive SPICE V4.0 Changes
	1 Introduction
	2 Concept Changes
		2.1 New Processes and Process Groups
		2.2 Changes to the Guidelines
		2.3 Weakness Statements
		2.4 Work Products vs Information Item Characteristics
		2.5 Traceability and Consistency
	3 Changes to Processes
		3.1 Verification Instead of Testing
		3.2 Analysis of the System and Software Architecture
		3.3 No Explicit Notion of Strategy on Level 1
		3.4 Software Architectural Design Process
		3.5 Software Integration Verification
	4 Changes in the Capability Levels
		4.1 Changes on Level 2
		4.2 Changes on Level 3
	5 Conclusion
	References
Paving the Road Towards Cybersecurity Compliance: Navigating ISO 21434 and ASPICE from Organizational- to Project-Level Compliance
	1 Introduction
	2 ISO/SAE 21434 Compliance Matrix
		2.1 Key Findings and Gap Analysis
		2.2 Action Plan and Implementation
	3 Project-Level Compliance with ASPICE for Cybersecurity
		3.1 Processes and Process Groups Mapping
		3.2 Work Product Mapping
	4 Further Analysis Improvements
	5 Conclusions
	References
A Study on Automotive SPICE® Assessment Indicators Correlation with Product Quality
	1 Introduction
		1.1 Background
		1.2 Scope
	2 Motive and Related Work
	3 Relationship with the EuroSPI Manifesto
	4 Case Study Methodology
		4.1 Define Product Quality Criteria and Selecting Indicators
		4.2 Sample Selection
		4.3 Consolidation and Statistical Analysis
	5 Case Study Analysis
		5.1 “Test Pass Rate” Indicator Analysis
		5.2 “Requirements Pass Rate” Indicator Analysis
		5.3 “Release Audit Percent (%)” Indicator Analysis
		5.4 “Number of Customer Claims” Indicator Analysis
	6 Case Study Conclusion
	7 Recommendations for Future Work
	References
A Software Test Maturity Model Customized for Aerospace Industries: A Systematic Literature Review
	1 Introduction
	2 Related Works
	3 Research Method
		3.1 Quality Assessment Strategy
	4 Discussions and Analysis of the Results
	5 Conclusion
	Appendix Table
	References
Fostering Cyber Resilience in Europe: An In-Depth Exploration of the Cyber Resilience Act
	1 Introduction
	2 State of the Art in International Cybersecurity Regulation
		2.1 Overview of US Cybersecurity Framework
		2.2 Overview of Chinese Cybersecurity Framework
		2.3 Overview of Singapore’s Cybersecurity Framework
		2.4 Australia’s Cyber Security Strategy
		2.5 Japan’s Cybersecurity Approach and IoT Security Framework
		2.6 Cybersecurity Policy and IoT Security in India
		2.7 South Korea’s Cybersecurity and IoT Framework
	3 Unpacking the Cyber Resilience Act
		3.1 Products with Digital Elements
		3.2 Scope of Application
		3.3 Core Cybersecurity Obligations
		3.4 Classification of Products with Digital Elements
	4 The European Regulatory Context
		4.1 Integration with CE Marking
		4.2 Conformity Assessment Methods
		4.3 Available Conformity Assessment Based on Product Classification
	5 Practical Implications and Examples
	6 Potential Hindrance to Innovation
	7 Conclusion
	8 Relation to SPI Manifesto
	References
Implementing Process Increments in Sprints: A Way of Working for Improved ASPICE Compliance
	1 Introduction
	2 Proposed Process Increments Strategy
		2.1 Key Principles
		2.2 Building Quality One Step at a Time: Process Increments Explained
		2.3 Generic Process Increment Task Template
		2.4 Benefits
	3 Results
	4 Conclusion
	5 Future Directions
	References
Platform Assessment – Challenges and Recommendations Regarding Automotive SPICE©
	1 Today’s Situation
	2 Tomorrow’s Situation
	3 How to Make the Future Happen?
		3.1 General
		3.2 Conventions
		3.3 MAN.3 Project Management
		3.4 SUP.9 Problem Resolution Management
		3.5 SYS.2 System Requirements Analysis
		3.6 SYS.4 System Integration and Integration Verification
	4 REU.2 Management of Products for Reuse
		4.1 Context
		4.2 Platform Assessment
		4.3 Customer Project Assessment
	5 Conclusion
	References
Automotive Cybersecurity Engineering Standardization and Regulation: An Integrated Model
	1 Introduction
		1.1 Motive
		1.2 Background and Approaches
		1.3 Scope
		1.4 Relationship with the EUROSPI Manifesto
	2 Case Study Methodology
	3 Case Study Observations and Results Consolidation
		3.1 ASPICE for Cybersecurity – ISO/SAE 21434 Integrated Implementation Model for Cybersecurity Product Engineering Phase
		3.2 ISO/SAE 21434 and Automotive SPICE for Cybersecurity Compliance Strategy
		3.3 ISO/SAE 21434 Audit and ASPICE for Cybersecurity Assessments Projects Observations, Findings and Recommendations
	4 Study Results and Final Conclusion
	5 Recommendations for Future Work
	References
Author Index