Privacy-compliant software reuse: A framework for considering privacy compliance in software reuse scenarios

Research output: Contribution to journalConference articlepeer-review

Abstract

In recent years, privacy-compliant software development has become an important topic, especially with the emergence of the EU General Data Protection Regulation (GDPR). Existing practices of software development challenge privacy compliance by increasingly promoting reuse, adaptation and integration of existing software artifacts from organizational or open-source repositories. Methods and approaches have been introduced to accelerate and improve development through reuse on the one hand and to mitigate threats related to data privacy on the other hand. However, the operationalization of this body of knowledge for developing systems that intensively reuse software artifacts is understudied. Moreover, ontologies, taxonomies and frameworks developed to conceptualize, organize and model privacy requirements focus on forward engineering activities (software design and development), and are less oriented for application in existing software projects and artifacts that are considered for reuse and integration. The aim of this research is to create a framework aimed to investigate, explore and guide privacy-compliant software reuse, especially in open-source environments. To this end, we will follow a design science approach whose main artifact will be a privacy compliance assessment method. The method will be developed in three steps: (1) systematically reviewing and analyzing the state-of-the-art in privacy-compliant software reuse; (2) empirically studying open-source repositories (in particular, GitHub) for privacy discussions, including ontology-based machine learning method for privacy discussions identification; and (3) developing and evaluating a privacy assessment method, for supporting reuse decisions, utilizing the existing models and frameworks.

Bibliographical note

Publisher Copyright:
© 2023 CEUR-WS. All rights reserved.

Keywords

  • Compliance
  • GDPR
  • Open-Source
  • Privacy
  • Software Development
  • Software Reuse

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Privacy-compliant software reuse: A framework for considering privacy compliance in software reuse scenarios'. Together they form a unique fingerprint.

Cite this