More Like this

1. Perspectives on Regulatory Compliance in Software Engineering

   https://doi.org/10.1109/RE51729.2021.00012  

   Kempe, Evelyn; Massey, Aaron (September 2021, 2021 IEEE 29th International Requirements Engineering Conference (RE))

   Compliance reviews within a software organization are internal attempts to verify regulatory and security requirements during product development before its release. However, these reviews are not enough to adequately assess and address regulatory and security requirements throughout a software’s development lifecycle. We believe requirements engineers can benefit from an improved understanding of how software practitioners treat and perceive compliance requirements. This paper describes an interview study seeking to understand how regulatory and security standard requirements are addressed, how burdensome they may be for businesses, and how our participants perceived them in the software development lifecycle. We interviewed 15 software practitioners from 13 organizations with different roles in the software development process and working in various industry domains, including big tech, healthcare, data analysis, finance, and small businesses. Our findings suggest that, for our participants, the software release process is the ultimate focus for regulatory and security compliance reviews. Also, most participants suggested that having a defined process for addressing compliance requirements was freeing rather than burdensome. Finally, participants generally saw compliance requirements as an investment for both employees and customers. These findings may be unintuitive, and we discuss seven lessons this work may hold for requirements engineering. 

   more » « less
2. Regulatory and Security Standard Compliance Throughout the Software Development Lifecycle

   Kempe, Evelyn; Massey, Aaron K. (January 2021, Proceedings of the 54th Hawaii International Conference on System Sciences)

   null (Ed.)

   Our systematic literature review aims to survey research on regulatory and security standard requirements as addressed throughout the Software Development Lifecycle. Also, to characterize current research concerns and identify specific remaining challenges to address regulatory and security standard requirements throughout the SDLC. To this end, we conducted a systematic literature review (SLR) of conference proceedings and academic journals motivated by five areas of concern: 1. SDLC & Regulatory Requirement 2. Risk Assessment and Compliance requirements 3. Technical Debt 4. Decision Making Process throughout the SDLC 5. Metric and Measurements of found Software Vulnerability. The initial search produced 100 papers, and our review process narrowed this total to 20 articles to address our three research questions. Our findings suggest that academic software engineering research directly connecting regulatory and security standard requirements to later stages of the SDLC is rare despite the importance of compliance for ensuring societally acceptable engineering. 

   more » « less
3. Regulatory and Security Standard Compliance Throughout the Software Development Lifecycle

   Kempe, Evelyn; Massey, Aaron K. (January 2021, Proceedings of the 54th Hawaii International Conference on System Sciences)

   null (Ed.)

   Our systematic literature review aims to survey research on regulatory and security standard requirements as addressed throughout the Software Development Lifecycle. Also, to characterize current research concerns and identify specific remaining challenges to address regulatory and security standard requirements throughout the SDLC. To this end, we conducted a systematic literature review (SLR) of conference proceedings and academic journals motivated by five areas of concern: 1. SDLC & Regulatory Requirement 2. Risk Assessment and Compliance requirements 3. Technical Debt 4. Decision Making Process throughout the SDLC 5. Metric and Measurements of found Software Vulnerability. The initial search produced 100 papers, and our review process narrowed this total to 20 articles to address our three research questions. Our findings suggest that academic software engineering research directly connecting regulatory and security standard requirements to later stages of the SDLC is rare despite the importance of compliance for ensuring societally acceptable engineering. 

   more » « less
4. Regulatory information transformation ruleset expansion to support automated building code compliance checking

   https://doi.org/10.1016/j.autcon.2022.104230  

   Xue, Xiaorui; Zhang, Jiansong (June 2022, Automation in Construction)
5. Toward Regulatory Compliance: A few-shot Learning Approach to Extract Processing Activities

   https://doi.org/10.1109/REW61692.2024.00038  

   C, Pragyan K; Ghandiparsi, Rambod; Slavin, Rocky; Ghanavati, Sepideh; Breaux, Travis; Hosseini, Mitra Bokaei (June 2024, IEEE)