Sylvain Hallé

Bianca Minetto Napoleão, Fabio Petrillo, Sylvain Hallé

Open Source Software (OSS) has been recognized by the software development community as an effective way to deliver software. Unlike traditional software development, OSS development is driven by collaboration among developers spread geographically and motivated by common goals and interests. Besides this fact, it is recognized by OSS community the need of understand OSS development process and its activities. Our goal is to investigate the state-of-art about OSS process through conducting a systematic literature review providing an overview of how the OSS community has been investigating OSS process over past years identifying and summarizing OSS process activities and their characteristics as well as translating OSS process in a macro process through BPMN notation. As a result, we systematically analysed 33 studies presenting an overview of the state-of-art of researches regarding OSS process, a generalized OSS development macro process represented by BPMN notation with a detailed description of each OSS process activity and roles in OSS environment. We conclude that OSS process can be in practice further investigated by researchers. In addition, the presented OSS process can be used as a guide for OSS projects and being adapted according to each OSS project reality. It provides insights to managers and developers who want to improve their development process even in OSS and traditional environments. Finally, recommendations for OSS community regarding OSS process activities are provided.

Bianca Minetto Napoleão, Fabio Petrillo, Sylvain Hallé

Systematic Literature Reviews (SLRs) play an important role in the Evidence-Based Software Engineering scenario. With the advance of the computer science field and the growth of research publications, new evidence continuously arises. This fact impacts directly on the purpose of keeping SLRs up-to-date which could lead researchers to obsolete conclusions or decisions about a research problem or investigation. Creating and maintaining SLRs up-to-date demand a significant effort due to several reasons such as the rapid increase in the amount of evidence, limitation of available databases and lack of detailed protocol documentation and data availability. Conventionally, in software engineering SLRs are not updated or updated intermittently leaving gaps between updates during which time the SLR may be missing important new research. In order to address these issues, we propose the concept, process and tooling support of Continuous Systematic Literature Review (CSLR) in SE aiming to keep SLRs constantly updated with the promotion of open science practices. This positional paper summarizes our proposal and approach under development.

Bianca Minetto Napoleão, Fabio Petrillo, Sylvain Hallé

Over the past years, more secondary (Systematic Literature Reviews and Systematic Mappings) and tertiary studies have been conducted. Their conduction is considered a quite large task and labor-intensive since it involves a detailed process including a protocol development, which is one of the most challenging phase reported by the software engineering research community. In this scenario, we propose a Secondary and Tertiary Study Canvas aiming to simplify and clarify the understanding of the steps that need to be performed during the secondary and tertiary process conduction, including the protocol development. For this, we synthesized and organized the existing secondary studies' protocols in a Canvas format as well as suggesting a step-based approach to assist the secondary and tertiary studies' conduction.

Raphaël Khoury, Sylvain Hallé

This study carries forward the line of enquiry that seeks to characterize precisely which security policies are enforceable by runtime monitors. In this regard, Basin et al.\ recently refined the structure that helps distinguish between those actions that the monitor can potentially suppress or insert in the execution, from those that the monitor can only observe. In this paper, we generalize this model by organizing the universe of possible actions in a lattice that naturally corresponds to the levels of monitor control. We then delineate the set of properties that are enforceable under this paradigm and relate our results to previous work in the field. Finally, we explore the set of security policies that are enforceable if the monitor is given greater latitude to alter the execution of its target, which allows us to reflect on the capabilities of different types of monitors.