Keynote Speakers

Carlo Ghezzi
Politecnico di Milano, Italy

Wednesday, 24th of June 2020 (13.00-14.00 Italian time)

Cyber-physical spaces: challenges for requirements engineering

Computing and communication capabilities are increasingly embedded into physical spaces, blurring the boundary between computational and physical worlds. Typically, this is the case of modern cyber-physical, or internet-of-things (IoT) systems implementing smart spaces, ranging from smart homes and offices to smart cities. Collectively, these systems may be called cyber-physical spaces (CPSp's). Like most modern software-intensive system, CPSp's are highly dynamic and typically undergo continuous change –- they are evolving. The design and implementation of CSPp's offers new challenges to software engineers, who need to interact with domain experts, like architects and civil engineers, and also urban planners, traffic engineers, energy engineers, etc. in defining requirements and designing spatial systems that satisfy them.

The talk focuses on the challenges arising in specifying requirements, where the notion of space plays a primary role. It also focuses on how requirements can be validated against high-level system models in the initial design phases. Understanding and modeling space and its dynamics, as well as supporting formal reasoning about various properties of an evolving space, are crucial prerequisites for engineering dependable space-intensive systems. Domain experts normally use specific high-level domain models to describe their designs. These models, however, must be transformed into well-funded semantic models upon which different kinds of analyses can be performed. to support early requirements validation. The talk discusses more broadly how software engineering concepts -- abstraction, modeling, and verification -- can contribute to the design and operation of CPSp's and suggests exciting open areas for future research.


Carlo Ghezzi is an Emeritus Professor at Politecnico di Milano, Italy. He is ACM Fellow, IEEE Fellow, Member of Academia Europaea, Member of the Italian Academy of Sciences (Istituto Lombardo). He has been awarded the ACM SIGSOFT Outstanding Research Award (2015) and the Distinguished Service Award (2006). He has been on the evaluation board of several international research projects and institutions in Europe, Japan, and the USA.

He has been a Program Chair and General Chair of several conferences, including ICSE and ESEC/FSE. He gave keynotes at many conferences, including ESEC/FSE and ICSE. He has been the Editor in Chief of the ACM Trans. on Software Engineering and Methodology, Associate Editor of Communications of the ACM, IEEE Transactions on Software Engineering, Science of Computer Programming.

His research has been focusing on software engineering and programming languages. He has been especially interested in methods and tools to improve dependability of adaptable and evolvable distributed applications, such as service-oriented architectures and ubiquitous/pervasive computer applications. He co-authored over 200 papers and 8 books. He coordinated several national and international (EU funded) research projects and has been awarded an Advanced Grant from the European Research Council.

Alistair Mavin
Independent Requirements Specialist

Thursday, 25th of June 2020 (13.00-14.00 Italian Time - Industry Day Keynote)

S is for System

I have always been slightly concerned by the name of this conference series: “Requirements Engineering: Foundation for Software Quality”. Most attendees would probably agree that requirements engineering is indeed a foundation of software quality. However, I am uncomfortable that the S in REFSQ stands for software. I would argue that requirements engineering is a foundation of system quality. In my view, requirements are always for a system. Of course, that system will often include software. However, even the most software-intensive system is still a system and includes some non-software elements. So-called “software systems” must have some affect in the real physical world. Since they must impact non-software elements in some way, they are part of a wider system. It follows that these non-software system requirements must also be considered as part of a requirements engineering effort.

I have heard members of the requirements community suggest that requirements are for software because software is inherently more complex than non-software system elements. I can only assume that these individuals have not worked on safety-critical systems. Next time you are on an aeroplane, look out of the window at the engines. How would you feel if you were told that the engine control software had been developed against a set of requirements, whilst the physical components had not? Personally, I would prefer to know that the whole engine control system had been developed against a robust set of requirements.

This talk will expand on this viewpoint and discuss the issue of requirements engineering for systems.


Alistair Mavin (Mav) is an independent requirements specialist based in the UK. Mav worked as a requirements specialist at Rolls-Royce PLC for 14 years. He has carried out requirements engineering projects in a range of industries including defence, aerospace, rail, automotive, industrial plant design and software systems. He is the lead author of EARS and EARS+ and has experience in the development and delivery of requirements engineering training and in innovation and creativity support. Mav has published many papers on requirements and systems engineering. He was Industry Chair for RE13 and Industry Laboratory Chair for RE14 and is a member of the IEEE “RE” conference series Industry Committee. Mav is a member of IEEE, INCOSE, the British Computer Society (BSC) and the BCS Requirements Engineering Specialist Group committee and is a chartered engineer.

Benjamin Collar
Siemens Energy, Head of Industrial Cyber and Digital Security, Germany

Thursday, 25th of June 2020 (CANCELLED)

The system is bigger than the system: the impact of cybersecurity requirements throughout OT enterprises

This talk will examine recent changes in cybersecurity regulatory requirements and customer policies, with an emphasis on understanding how the IT/OT convergence is driving changes that impact across and through systems. These systems include the enterprise functions—like procurement and planning—as well as customer solutions and product development. Seemingly simple external requirements have resulted in significant change throughout the supply chain. System and solution design continue to be haunted by nebulous, ill-specified needs like “agility”; likewise, existing solutions must face the specter of needing to change from a monolithic installation, with associated assumptions, to an always-connected world. The importance of cybersecurity, relative to other “regular” risks, continues to rise significantly. Methods for understanding, handling and adapting to cybersecurity requirements must be described and lived in order to satisfy customer demands. All these factors indicate an increasing need for addressing cybersecurity in a comprehensive, consequent manner. We will select numerous examples from real-life experiences in cyber-physical systems, including critical infrastructure. Recent changes in national regulatory regimes, like NERC-CIP and country-level implementation of the European Union NIS Directive will be examined. Behavior of stakeholders have changed, creatively responding to the new requirements—examples of these will solidify our understanding. We will dive deeply into a specific domain of cybersecurity, patch management and vulnerability management, and explore the conflict between best practices and reality. Examining amalgams of requirements and good practices found in customer RFP’s, we will recognize many challenges, from basic ordering and description of needs to managing conflicts. In fact, we will identify more challenges than solutions to these problems; it is hoped that through example and interaction, avenues for further research will be exposed.


Benjamin Collar is the head of industrial cybersecurity in Europe and Africa for Siemens Energy. He leads the business in the region, collaborating with internal and external stakeholders to ensure the security of the customers’ critical infrastructure. Benjamin has been with different Siemens companies throughout his career. He started as a software developer in the corporate research function in Germany, moved to China to lead a team of software architects, then spent 10 years in the USA leading fire safety system and intelligent traffic system development teams. Benjamin then rejoined the corporate research function to lead the cybersecurity research and consulting team. He’s developed numerous patents across these domains and has articles in major publications. Benjamin lives in Berlin, Germany with his family; he plays violin and loves doing yoga.

Karel Vredenburg
IBM Canada Ltd, Design Director, Educator, Podcaster, Canada

Friday, 26th of June 2020 (13.00-14.00 Italian Time)

Opening the Requirements Aperture of Design

This talk will provide a brief historical overview of the field of design, focusing on the form and nature of information gathering, processing, and use. It will illustrate the gradual opening of the aperture on the problem space and the increasing focus on more and more of the human experience. The essential ingredients of human factors engineering and usability methods will be explored followed by the evolution to user-centered design, and finally arriving at current modern methods. A deep dive into the key elements of Enterprise Design Thinking (EDT) will be followed by a summary of the conditions necessary to embed EDT in an organization including the requisite skills, spaces, and processes. An illustrative case study will be provided as a best practice example and advice will be provided regarding closing gaps in university education as well. The specific methods of strategic foresight and speculative futures will be highlighted and discussed especially as they relate to designing within the uncertainties of our COVID-19 world. The talk will conclude with a call to researchers to focus on a set of additional challenges in the field still needing to be addressed systematically.


Karel Vredenburg is the director of design at IBM and currently has responsibility for global academic programs. He has led design worldwide at IBM for most of his three decades with the company. He introduced IBM’s new design system to the executive and staff of each of the company’s business units over the past seven years as well as to numerous clients around the world. In addition to his global role, Karel also serves as the head of IBM Studios Canada. In his academic work, Karel is an industry professor at McMaster University and teaches in the Executive MBA and Directors College programs at the DeGroote School of Business, in the Emerging Health Leaders program in the DeGroote Leadership Academy and in a pan-university Innovation by Design program across multiple Faculties at McMaster. After undergraduate, master's, and doctoral training in Psychology, Cognitive Science, and Human Computer Interaction, Karel joined IBM in 1988 and introduced user-centred design in 1993 and assumed a company-wide role in 1995. He has written more than 60 conference and journal publications, authored the book User-Centered Design: An Integrated Approach and contributed chapters to other edited books. He served as special issue editor for the International Journal of Human-Computer Interaction special issue titled "Designing the Total User Experience at IBM" and the "Ease of Use" issue of the IBM Systems Journal. He blogs at, hosts the "Life Habits" podcast and is based in Toronto.