Entry-level position in open source compliance at Software AG

Software AG, one of our industry partners, informs us about an entry-level position in the domain of open source governance and compliance, including commercial licensing and technology alliances. As always, feel free to apply directly or request an introduction and recommendation through Prof. Riehle.

Final Thesis: A Method to Determine the Return on Investement of Inner Source

Abstract: Inner source is the use of open source software developing practices in proprietary software development across organizational borders. A significant amount of
companies are adopting inner source. Some companies already utilize inner source practices without a coordinated effort to adopt inner source. It is unclear if the gains of inner source outweight the costs of running and adopting it because there is no quantitative method to determine the return on investment for inner source yet. In this paper, we develop a quantitative method to determine the return on investment of inner source. We followed a four phase research approach: First, we conducted a methodological literature review to collect methods and best practices on how to create a return on investment model. Second, we performed a exploratory literature review to identify typical inner source costs and gains. Third, we hypothesized formulas to quantify the costs and gains. Fourth, we prepared but not fully conducted an industry case study to evaluate the method. We provide a methode on how to determine the gains and costs induced by inner source and on how to aggregate them to the return on investment value. We evaluated our method at an organization already adopting inner source. As the results were inconclusive, we suggest further research on evaluating the method. This paper contains the first method to determine the return on investment for inner source.

Keywords: Software engineering, open source, inner source, return on investement

PDFs: Master Thesis, Thesis Description

Reference: Sebastian Duda. A Method to Determine the Return on Investement of Inner Source. Bachelor Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.

Final Thesis: Sweble Security Programming Plugin – Security Rules Engine

Abstract: Within the scope of industry 4.0 and digitalization, there is a growing danger of cyber crime and security attacks, causing huge harm for digital business. Therefore, in nowadays software development, IT-security is regarded as a quality criterion, determining the success of a product or project. Nevertheless, the complexity of security attacks, vulnerabilities and software development as a whole, complicates the reliable protection against and mitigation of security attacks.

To support software engineers to develop more secure software, this thesis shows the concept and presents a prototype of a software security rules methodology called Serum. Serum is designed to help software developers and all other project members in creating a more secure software. A domain-specific language was designed and integrated into a global knowledge management system (Sweble), to allow modeling and describing software assets, associated security attacks as well as known countermeasures. A second component, using the gathered security knowledge, was implemented, focusing on the support of software architects during the creation of a threat- and risk analysis. To facilitate the consideration of security even more a custom test- and dashboard system allows developers and test architects to monitor their contribution towards a more secure system.

The thesis should provide a basis for a holistic security support during all phases of the software development life cycle.

Keywords: IT-Security, threat analysis, DSL, Sweble, structured data

PDFs: Master Thesis

Reference: Florian Gerdes. Sweble Security Programming Plugin – Security Rules Engine. Master Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.

AVL DiTest such Werkstudenten/innen für die Automotive-Softwareentwicklung

AVL DiTest schreibt uns resp. unseren Studenten und Studentinnen:

Im Rahmen des AMOS Projekts sind in unserem Unternehmen einige interessante Projekte entstanden. Wir suchen nun engagierte Studenten, welche uns bei der Weiterentwicklung unterstützen und diese vorantreiben. Daneben gibt es natürlich noch genug andere spannende Themen bei uns.

Einen kleinen Einblick gibt es auf unserer GitHub Seite unter https://github.com/AVL-DiTEST-DiagDev

Continue reading AVL DiTest such Werkstudenten/innen für die Automotive-Softwareentwicklung

New Grading Scheme for Final Theses

We designed a new and simplified grading scheme for final theses, replacing the old one. A thesis still has to pass some basic [OK|NOK] checks like completeness of declaration of materials built on, relevant topic, no plagiarism, etc. However, this is a binary decision and does not affect the grade directly (except for failing if these criteria are not met).

The grade then is derived using only four main measures. These are:

  • Results quality
  • Method competence
  • Effort expended
  • Presentation quality

Each measure is taken on scale of [0..10], where 0 means not present at all and 10 means perfect, with a linear distribution around the mean. The four measures are combined using the geometric mean, from which a grade in the German 1,00 – 5,00 grading system is derived.

This new grading scheme has been put into effect starting the academic year of 2017/18.

Second week of winter semester busier than ever

FAU students are a happy bunch, always social and eager to learn. As a passerby on the stairs remarked:

These students must by lining up to register for our classes.

GI AK workshop on microservices finished well

Yesterday and today we hosted the 2nd GI AK workshop on microservices and DevOps at SUSE, in Nuremberg. We had 37 registrations, 26 people showed up, and about half of them were from industry. Thank you SUSE, for having us!

Winter semester elective teaching off to a good start!

We kicked off our teaching of elective courses this week. Winter semester teaching comprises ADAP, NYT, PROD, and AMSE. Below please find a photo impression from PROD, our course on software product management.

Sivantos student job with Raspberry Pi as user agent (AMOS SS17 project follow-up)

Sivantos (former Siemens audiology) is looking for a Werkstudent to continue the AMOS SS17 project, in which it developed software for a Raspberry Pi as a user agent for testing hearing aids. Please see Sivantos career opportunities at Werkstudent (m/w) im Bereich Softwareentwicklung / Single Board Computer / Raspberry Pi (486).

Final Thesis: Implementierung und Performance-Optimierung von SCM-Adaptern

Abstract: Inner source (IS) is the use of open source software development practices and the establishment of an open source-like culture within organizations. To create metrics about the usage of IS within a specific corporation, data about the software development need to be extracted from source code management (SCM) systems. A developed crawl process retrieves the data over specially implemented adapters. To date adapters for git and manually exported CSV files from Microsoft Team Foundation Server (TFS) are in use. To automate data extraction from TFS a new adapter must be developed. Furthermore, the poor performance of the existing git adapter along with the crawl process needs to be improved. To validate the performance increase execution time and resource metrics are measured and compared. The result of this work is a newly developed TFS adapter and a performance-optimized git adapter and crawl process.

Keywords: Engineering thesis, inner source metrics, performance optimization

PDFs: Master Thesis, Thesis Description

Reference: Constantin Hasler. Implementierung und Performance-Optimierung von SCM-Adaptern. Master Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.