Faculty and Staff News NANCY MEAD Dr. Nancy Mead, Principal Researcher at CERT Secure Software and Systems and Adjunct Professor of Software Engineering at Carnegie Mellon, was invited to give a talk titled, Master of Software Assurance Curriculum: A Path to Professional Competency, at the Polytechnic University of Madrid in February. In addition, she was co-chair of the Evolving Security and Privacy Requirements Engineering Workshop, co-located with the 22nd International IEEE Requirements Engineering Conference held in Karlskrona, Sweden, and a presenter at the conference. Dr. Mead, along with Mike Konrad delivered a tutorial, “Eliciting Unstated Requirements”, in which they discussed “the traditional KJ method for eliciting unstated user needs, as well as the extensions made to allow KJ to be used in a virtual environment.”
CHRIS KEMERER MSE associate faculty member, Dr. Chris Kemerer, was named a Distinguished Fellow of the NFORMS Information Systems Society. The primary aim of the ISS Distinguished Fellow Award is to recognize individuals who have made intellectual contributions to the information systems discipline. Additionally, Dr. Kemerer was awarded the Executive MBA Program Distinguished Professor of the Year Award. An honor bestowed upon him by students at the University of Pittsburgh. Dr. Kemerer wrote an article with Dr. Narayan Ramasubbu, Managing Technical Debt in Enterprise Software Packages, for the August 2014 issue of IEEE Transactions on Software Engineering outlining the evolutionary model and theory of software technical debt they developed to “facilitate a rigorous and balanced analysis of it’s benefits and costs in the context of a large commercial enterprise software package.”
TRAVIS BREAUX Dr. Travis D. Breaux, Hanan Hibshi, and Ashwini Rao recently published their article Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements in the September 2014 issue of Requirements Engineering. In the article, they “report results from multiple analysts in a literal replication study, which includes a refined methodology and set of heuristics that we used to extract privacy requirements from policy texts.” Dr. Breaux had three papers accepted to the 22nd International IEEE Requirements Engineering Conference held in Karlskrona, Sweden. The first, Scaling Requirements Extraction to the Crowd: Experiments on Privacy Policies, co-authored with Florian Schaub, reports on three experiments they conducted to “evaluate crowdsourcing a manual requirements extraction task to a larger number of untrained workers.” The second, Managing Security Requirements Patterns Using Feature Diagram Hierarchies, a collaboration with Rocky Slavin, Jean-Michel Lehker, and Jianwei Niu, proposes “a new method that combines an inquiry-based approach with the feature diagram to review only relevant patterns and quickly select the most appropriate patterns for the situation.” The third, The Role of Legal Expertise in Interpretation of Legal Requirements and Definitions, written with former student David G. Gordon, reports on a study they conducted to “assess the ability of laypersons, technical professionals, and legal experts to judge the similarity between legal coverage conditions and requirements.” In addition, Dr. Breaux wrote a column, Privacy Requirements in an Age of Increased Sharing, for the journal IEEE Software in which he “examines the increasing importance of privacy in emerging software ecosystems, legal and standards compliance, and software design practice.” A podcast of the column is available on the IEEE website. 23 | Spring 2014