Details
| Original language | English |
|---|---|
| Article number | 112551 |
| Journal | Journal of Systems and Software |
| Volume | 230 |
| Early online date | 22 Jul 2025 |
| Publication status | Published - Dec 2025 |
Abstract
Ensuring traceability of safety- and security-related artifacts is vital in software development to comply with standards and mitigate risks. Despite its importance, the practical implementation of defining and tracing safety- and security-relevant artifacts remains ambiguous. Based on eight semi-structured interviews with industry experts, this work explores the definitions, methods, processes, and challenges of tracing safety- and security-related artifacts. The interviews revealed that definitions of safety- and security-relevant artifacts are highly context-dependent, shaped by regulatory standards, internal processes, technical characteristics, and practitioner judgment. Rather than signaling a deficiency, this variability reflects the inherently multifaceted nature of safety and security work, where artifact classification emerges from practical reasoning rather than strict or universal criteria. Tools play a key role in supporting traceability, and cross-team alignment remains a concern in practice. Our findings provide actionable insights for organizations seeking to strengthen traceability. The recommendations encourage the development of internal classification criteria, support effective collaboration with external partners, support guidance, onboarding, and training, and help align practices across teams, fostering more reliable and transparent management of safety- and security-relevant artifacts.
Keywords
- Artifacts, Expert, Industry, Interview, Practice, Requirements engineering, Safety, Secure software engineering, Security, Traceability, Tracing
ASJC Scopus subject areas
- Computer Science(all)
- Software
- Computer Science(all)
- Information Systems
- Computer Science(all)
- Hardware and Architecture
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
In: Journal of Systems and Software, Vol. 230, 112551, 12.2025.
Research output: Contribution to journal › Article › Research › peer review
}
TY - JOUR
T1 - From missile warhead to smart fridge
T2 - Interviews with industry experts on tracing safety- and security-relevant artifacts
AU - Herrmann, Marc
AU - Specht, Alexander
AU - Sekerci, Abdurrahman
AU - Obaidi, Martin
AU - Ehl, Marco
AU - Elsofi, Duaa Adel Ali
AU - Großer, Katharina
AU - Klünder, Jil
AU - Jürjens, Jan
AU - Schneider, Kurt
N1 - Publisher Copyright: © 2025 The Authors
PY - 2025/12
Y1 - 2025/12
N2 - Ensuring traceability of safety- and security-related artifacts is vital in software development to comply with standards and mitigate risks. Despite its importance, the practical implementation of defining and tracing safety- and security-relevant artifacts remains ambiguous. Based on eight semi-structured interviews with industry experts, this work explores the definitions, methods, processes, and challenges of tracing safety- and security-related artifacts. The interviews revealed that definitions of safety- and security-relevant artifacts are highly context-dependent, shaped by regulatory standards, internal processes, technical characteristics, and practitioner judgment. Rather than signaling a deficiency, this variability reflects the inherently multifaceted nature of safety and security work, where artifact classification emerges from practical reasoning rather than strict or universal criteria. Tools play a key role in supporting traceability, and cross-team alignment remains a concern in practice. Our findings provide actionable insights for organizations seeking to strengthen traceability. The recommendations encourage the development of internal classification criteria, support effective collaboration with external partners, support guidance, onboarding, and training, and help align practices across teams, fostering more reliable and transparent management of safety- and security-relevant artifacts.
AB - Ensuring traceability of safety- and security-related artifacts is vital in software development to comply with standards and mitigate risks. Despite its importance, the practical implementation of defining and tracing safety- and security-relevant artifacts remains ambiguous. Based on eight semi-structured interviews with industry experts, this work explores the definitions, methods, processes, and challenges of tracing safety- and security-related artifacts. The interviews revealed that definitions of safety- and security-relevant artifacts are highly context-dependent, shaped by regulatory standards, internal processes, technical characteristics, and practitioner judgment. Rather than signaling a deficiency, this variability reflects the inherently multifaceted nature of safety and security work, where artifact classification emerges from practical reasoning rather than strict or universal criteria. Tools play a key role in supporting traceability, and cross-team alignment remains a concern in practice. Our findings provide actionable insights for organizations seeking to strengthen traceability. The recommendations encourage the development of internal classification criteria, support effective collaboration with external partners, support guidance, onboarding, and training, and help align practices across teams, fostering more reliable and transparent management of safety- and security-relevant artifacts.
KW - Artifacts
KW - Expert
KW - Industry
KW - Interview
KW - Practice
KW - Requirements engineering
KW - Safety
KW - Secure software engineering
KW - Security
KW - Traceability
KW - Tracing
UR - http://www.scopus.com/inward/record.url?scp=105011387117&partnerID=8YFLogxK
U2 - 10.1016/j.jss.2025.112551
DO - 10.1016/j.jss.2025.112551
M3 - Article
AN - SCOPUS:105011387117
VL - 230
JO - Journal of Systems and Software
JF - Journal of Systems and Software
SN - 0164-1212
M1 - 112551
ER -