Perspectives on Compliance Requirements in Software Engineering
Compliance reviews within a software organization are internal attempts to verify regulatory and security requirements during product development before its release. However, these reviews are not enough to adequately assess and address regulatory and security requirements throughout a software’s development lifecycle. We believe requirements engineers can benefit from an improved understanding of how software practitioners treat and perceive compliance requirements. This paper describes an interview study seeking to understand how regulatory and security standard requirements are addressed, how burdensome they may be for businesses, and how our participants perceived them in the software development lifecycle. We interviewed 15 software practitioners from 13 organizations with different roles in the software development process and working in various industry domains, including big tech, healthcare, data analysis, finance, and small businesses. Our findings suggest that, for our participants, the software release process is the ultimate focus for regulatory and security compliance reviews. Also, most participants suggested that having a defined process for addressing compliance requirements was freeing rather than burdensome. Finally, participants generally saw compliance requirements as an investment for both employees and customers. These findings may be unintuitive, and we discuss seven lessons this work may hold for requirements engineering.
Wed 22 SepDisplayed time zone: Eastern Time (US & Canada) change
09:30 - 10:30
|The practical role of context modeling in the elicitation of context-aware functionalities: a surveyResearch Paper|
Rodrigo Falcão Fraunhofer IESE, Karina Villela Fraunhofer IESE, Vaninha Vieira Federal University of Bahia (UFBA), Marcus Trapp Fraunhofer IESE, Igor Lopes de Faria Federal University of Bahia (UFBA)Pre-print
|Perspectives on Compliance Requirements in Software EngineeringResearch Paper|
Evelyn Kempe University of Maryland, Baltimore County, Aaron Massey University of Maryland Baltimore CountyDOI Media Attached