Browsing by Author "Santamaria, Izaskun"
Now showing 1 - 4 of 4
Results Per Page
Sort Options
Item Integrating privacy debt and VSE's software developments(2023-08) Santamaria, Izaskun; Larrucea, Xabier; Fernandez-Gauna, Borja; Fernandez‐Gauna, Borja; SWTWith the advent of regulations protecting users such as the General Data Protection Regulation, security and privacy concerns are playing a new role in small settings such as in very small entities. Their relevance is increasing, and privacy is being considered a Troy horse in software developments. In fact, privacy is a part of software architectural decisions, and they must be considered as a technical debt. The contributions of this paper are the following: a privacy debt definition with a principal and an interest, privacy-related activities to be considered within the ISO/IEC 29110 basic profile, and the use of the net present value within this context. All these contributions help us to integrate privacy debt and VSE's software developments.Item A method for defining a regional software ecosystem strategy: Colombia as a case study: Colombia as a case study(2016-03-01) Larrucea, Xabier; Nanclares, Felix; Santamaria, Izaskun; Tecnalia Research & Innovation; SWTSoftware ecosystems (SECO) have been related to products or to a community of developers around a product. The SECO concept can also be applied to describe regional software ecosystems in which different software companies collaborate in a specific market based on a set of concrete technologies and using a set of capabilities. This paper details a regional SECO concept and a method based on regional endogenous capabilities and country needs to define a SECO strategy. Traditional strategy definition approaches are top-down, whereas this approach is a blended approach that merges bottom-up based on current regional capabilities and top-down based on market and technology trends. This paper presents a large case study performed in 6 regions of Colombia. We conducted 49 interviews and 16 workshops in which 654 attendees participated, and we developed the Colombian ICT national strategic plan based on this approach.Item Security Debt: Characteristics, Product Life-Cycle Integration and Items(Institute of Electrical and Electronics Engineers Inc., 2021) Martinez, Jabier; Quintano, Nuria; Ruiz, Alejandra; Santamaria, Izaskun; de Soria, Iker Martinez; Arias, JoseIndustries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.Item Survival studies based on ISO/IEC29110: Industrial experiences: Industrial experiences(2018-11) Larrucea, Xabier; Santamaria, Izaskun; Tecnalia Research & Innovation; SWTVery small organizations are suffering when they embark on software process improvement initiatives such as CMMI-DEV or ISO/IEC 15504-5. The ISO/IEC29110 basic profile has been defined as solution for these small companies, and literature related to this standard provides some insights on the potential results and benefits for VSEs. In this sense, two of the topics which have not been deeply studied yet are the survival analysis of VSEs, and an analysis of ISO/IEC29110 basic profile areas. In fact, this paper provides a survival analysis of 90 improvement initiatives, and an analysis of the ISO/IEC29110 basic profile areas. Non-parametric and semi parametric models are used in order to analyse survivability and we analyse project management and software implementation practices defined by ISO/IEC29110 basic profile