Abstract
Software Quality Control (SQC) techniques are widely used throughout the software development process with the objective of assessing and detecting anomalies that affect the quality of an information system. Privacy is one quality attribute of software systems for which several SQC techniques have been proposed in recent years. However, research has been carried out from different perspectives and, consequently, it has led to a growing body of knowledge scattered across different domains. To bridge this gap, we have carried out a systematic mapping study to provide practitioners and researchers with an overview of the state-of-the-art techniques to carry out software quality control of information systems focusing on aspects of privacy. Our results show a steady growth in the research efforts in this field. The European General Data Protection Regulation seems to have a significant influence on this growth, since 37% of techniques that focus on assessing compliance derive their assessment criteria from this legal framework. The maturity of the techniques varies between the type of technique: Formal verification techniques exhibit the lowest level of maturity while the combination of techniques has demonstrated its successful application in real-world scenarios. The latter seems a promising avenue of research as it provides better results in terms of coverage, precision and effectiveness than the application of individual, isolated techniques. In this paper, we describe the existing SQC techniques focusing on privacy and provide a suitable basis for identifying future research directions.
Highlights
Software Quality Control (SQC) [1] includes a set of activities that evaluates information systems (IS) throughout the entire development process to detect anomalies that may negatively affect software quality
In the following subsections we respond to the research questions: Section A presents the results regarding the SQC techniques for detecting privacy-related anomalies, reported in the literature (RQ1), findings on the level of maturity of reported SQC techniques (RQ2) are presented in Section B, and Section C shows the institutions and venues for publishing in the domain (RQ3)
Having found the first work published in 2000, we have identified a growing interest especially in the last five years in which we found more than two thirds (72%) of papers published
Summary
Software Quality Control (SQC) [1] includes a set of activities that evaluates information systems (IS) throughout the entire development process to detect anomalies that may negatively affect software quality. The term anomaly, which can adversely affect software quality, is a broad term which, in this study, implies that an IS (1) does not comply with its requirements or specifications, which may be derived from users’ expectations, policies or regulations; or, (2) contains vulnerabilities or deficiencies due to design issues, incorrect steps, process or data definition in the source code, or an improper system configuration [1], [15] This domain encompasses techniques for detecting anomalies rather than mitigating them, and the target of the evaluation is a software product rather than the development process
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
