Pervasive and distributed computing decreases development time by allowing engineers to reuse software in third-party components, platforms and cloud-based services. Consequently, this software is subject to multiple policies and regulations that impose legal requirements on the behavior of these complex systems. Legal requirements create evolutionary pressure on system design as developers roll out new product features, enter new markets that cross geo-political boundaries, or when existing laws change or new laws are created. In response, software engineers must reconcile legal requirements with their system design to ensure their software complies with policy and law; a problem even more challenging when innovation occurs in the absence of existing law. This research aims to address this problem by analyzing corpora of regulations that govern software: (1) to develop a set of heuristics and semi-formal, domain-specific languages needed to express and reason about legal requirements for the purpose of determining requirements coverage; (2) to empirically measure gaps among policies and regulations from different jurisdictions that indicate requirements trade-offs, trends and potential disruptions due to changing requirements; and (3) to enable developers to rationalize and select alternate requirements evolutions based on models of changing coverage. The outcomes include new theory to explain and predict requirements evolution across jurisdictions, and tools and techniques that regulators, legal professionals and software engineers can use to reduce the burden of responding to a globally evolving regulatory landscape. These outcomes will be evaluated using mixed-methods research that combines formal methods, information retrieval and human subject experiments aimed at furthering our understanding of how professionals express and interpret requirements and how they reconcile conflicting requirements in the presence of ambiguity and conflicting business and regulatory goals. In addition to training and education, the broader impact of this research aims to harmonize regulatory goals with software systems, to engage the professions of software engineering and law that have historically worked separately, and to inform policy and lawmakers about the impact of regulations on software design and development.
CAREER:Software Requirements Evolution in a Multi-Jurisdictional Socio-Technical Ecosystem