An empirical investigation of software engineers' ability to classify legal cross-references

Requirements engineers often have to develop software for regulated domains. These regulations often contain cross-references to other laws. Cross-references can introduce exceptions or definitions, constrain existing requirements, or even conflict with other compliance requirements. To develop compliant software, requirements engineers must understand the impact these cross-references have on their software. In this paper, we present an empirical study in which we measure the ability of software practitioners to classify cross-references using our previously developed cross-reference taxonomy. We discover that software practitioners are not well equipped to understand the impact of cross-references on their software.

[1]  Annie I. Antón,et al.  A legal cross-references taxonomy for identifying conflicting software requirements , 2011, 2011 IEEE 19th International Requirements Engineering Conference.

[2]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[3]  Annie I. Antón,et al.  Assessing identification of compliance requirements from privacy policies , 2012, 2012 Fifth IEEE International Workshop on Requirements Engineering and Law (RELAW).

[4]  Daniel Amyot,et al.  Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[5]  Travis D. Breaux,et al.  Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).

[6]  Annie I. Antón,et al.  Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[7]  Jessica Young Schmidt Specifying Requirements Using Commitment, Privilege, and Right (CPR) Analysis , 2012 .

[8]  Annie I. Antón,et al.  A legal cross-references taxonomy for reasoning about compliance requirements , 2012, Requirements Engineering.

[9]  Annie I. Antón,et al.  Addressing Legal Requirements in Requirements Engineering , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[10]  Annie I. Antón,et al.  Assessing the accuracy of legal implementation readiness decisions , 2011, 2011 IEEE 19th International Requirements Engineering Conference.

[11]  Travis D. Breaux Exercising Due Diligence in Legal Requirements Acquisition: A Tool-supported, Frame-Based Approach , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[12]  Ana I. Anton,et al.  Legal requirements metrics for compliance analysis , 2012 .

[13]  Annie I. Antón,et al.  Managing changing compliance requirements by predicting regulatory evolution , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).

[14]  Jane Cleland-Huang,et al.  A machine learning approach for tracing regulatory codes to product specific requirements , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[15]  Annie I. Antón,et al.  Legal requirements acquisition for the specification of legally compliant information systems , 2009 .

[16]  Robert Feldt,et al.  Validity Threats in Empirical Software Engineering Research - An Initial Survey , 2010, SEKE.

[17]  Jeremy C. Maxwell Reasoning About Legal Text Evolution for Regulatory Compliance in Software Systems , 2013 .

[18]  Andrew Meneely,et al.  Challenges for protecting the privacy of health information: required certification can leave common vulnerabilities undetected , 2010, SPIMACS '10.