CSC News

June 25, 2024

Six NFR Strategies to Improve Software Performance and Security

For Immediate Release


Wesley Klewerton Guez Assunção |


Matt Shipman |


News Releases


Non-functional requirements (NFRs) are important aspects of a software system, but are often overlooked by developers because they’re not the aspects of a program that users interact with directly. A new study delves into how developers approach the crafting of NFRs and outlines six best practices for addressing NFRs that can help to ensure a program’s security and performance in the near and long term.


NFRs play a meaningful role in how software operates. Examples of NFRs include: how secure a system is; performance, such as how long it takes a system to execute commands from a user; robustness, which refers to how well a system can recover after an error occurs; and maintainability, which is how easy it is for developers to update the system over time.


“NFRs are essential elements of any piece of software,” says Wesley K. G. Assunção, co-author of a paper on the topic and an associate professor of computer science at North Carolina State University. “For this study, we wanted to answer some fundamental questions about NFRs. Who are the experts in charge of these requirements? How do software engineers discuss and manage these types of requirements?”


To that end, the researchers looked at 1,533 pull requests on GitHub pertaining to NFRs, to see how developers discussed and addressed issues related to NFRs. The researchers also performed an in-depth analysis of 63 developers who were particularly active on issues pertaining to NFRs and conducted a survey with 44 developers to get a deeper understanding of their views regarding NFRs.


“Perhaps unsurprisingly, we found that developers discuss NFRs both proactively and reactively – before there’s a problem and after there’s a problem,” says Assunção. “And the developers who were most active in discussing NFRs largely had key roles in the software project. This suggests that NFRs are a primary concern during software maintenance and evolution. The study underscores the role that NFRs play in software quality and the success of software systems.”


Based on their analysis and discussions with developers, the researchers identified six key points that are critical to developing and maintaining NFRs that will help a system thrive:


  • Prioritization and planning: NFRs should be treated with as much priority as other requirements. They should be planned in advance and reviewed throughout a development project.
  • Identification and discussion: NFRs should be identified and discussed early in the development process, ideally in the design phase. During the evolution of the software, these NFRs should be revisited if necessary.
  • Use of technologies allied with testing: The adequacy of the NFR can be verified through technologies already approved by the market, where the NFRs associated with those projects satisfy the project’s complexity.
  • Benchmarks: Using benchmarks to simulate the behavior of a piece of code or algorithm under different conditions is recommended, since it allows developers to review and refactor code when it is not meeting the project-specified NFRs.
  • Documentation of best practices: By keeping the NFRs well-documented, developers will have a starting point to address any NFR problem when they appear.
  • Long-term mindset: Properly addressing NFRs makes it more likely that a piece of software will have a long lifespan. To guarantee this, a system should have a good user experience, should be designed to scale, and should be easy to maintain by future developers.


“The take-home message here is clear,” says Assunção. “We understand that features and functionalities of a software system – the parts of the software that are not NFRs – represent a system’s business capabilities and have strategic value for companies. However, our work highlights the fundamental role that NFRs play on the overall quality of a software system, making them key to a system’s success.”


The paper, “Understanding Developers’ Discussions and Perceptions on Non-Functional Requirements: The Case of the Spring Ecosystem,” will be presented July 19 at the 32nd International Conference on the Foundations of Software Engineering, being held in Porto de Galinhas, Brazil. First author of the paper is Anderson Oliveira of PUC-Rio, Brazil. The paper is co-authored by João Lucas Correia, Juliana Alves Pereira, Daniel Coutinho, Caio Barbosa, Paulo Vítor C. F. Libório and Alessandro Garcia of PUC-Rio; and by Rafael de Mello of the Federal University of Rio de Janeiro, Brazil.


The work was partially funded by Brazil’s National Council for Scientific and Technological Development (CNPq), under grants 140185/2020-8, 140770/2021-6, 141180/2021-8, 434969/2018-4, 140771/2021-2, and 312149/2016-6; the Brazilian Federal Agency for Support and Evaluation of Graduate Education (CAPES) under grants CAPES/Procad 175956, CAPES/Proex 88887.373933/2019-00, and CAPES 88887.904409/2023-00; FAPERJ, under grants 200773/2019 and 010002285/2019; FAPERJ/PDR-10 program, under grant 202073/2020; and by the Instituto Estadual de Engenharia e Arquitetura (IEEA), Secretaria Estadual de Infraestrutura do Estado do Rio de Janeiro (001/2021).




Note to Editors: The study abstract follows.


“Understanding Developers’ Discussions and Perceptions on Non-Functional Requirements: The Case of the Spring Ecosystem”


Authors: Anderson Oliveira, João Lucas Correia, Juliana Alves Pereira, Daniel Coutinho, Caio Barbosa, Paulo Vítor C. F. Libório and Alessandro Garcia, PUC-Rio; Wesley Klewerton Guez Assunção, North Carolina State University; and Rafael de Mello, Federal University of Rio de Janeiro, Brazil


Presented: July 19 at the 32nd International Conference on the Foundations of Software Engineering, Porto de Galinhas, Brazil


Abstract: Non-Functional Requirements (NFR) should be defined in the early stages of the software development process, driving developers to make important design decisions. Neglecting NFRs may lead developers to create systems that are difficult to maintain and do not meet user expectations. Despite its importance, the discussion of NFRs is often ad-hoc and scattered through multiple sources, limiting developers’ awareness of NFRs. In that scenario, Pull Request (PR) discussions can be used, thus providing a centralized platform for comprehensive NFR discussions. However, existing studies do not explore this important source of information in open-source software development, which developers widely use to discuss software requirements. In this study, we report an investigation of NFR discussions available in PR of repositories of the Spring ecosystem. We collected, manually curated, and analyzed PR discussions addressing four categories of NFR: maintainability, security, performance, and robustness. We found that more than 77% of the discussions related to NFRs are triggered in the PR title and/or description, indicating that developers are often provided with sufficient information straightway. We observed that discussions surrounding these PRs tend to address the introduction of a code change or explain some anomaly regarding a particular NFR. To gain more knowledge of NFR discussions, we investigated developers involved in discussions and fixing NFR issues. For that, we performed an in-depth analysis of \devsAnalyzed developers that stood out in collaborating with the mapped PRs. We discovered that the developers who discuss NFRs often open and review most PRs related to NFRs. To complement this analysis, we applied a survey with \devsSurvey to gather their perceptions on NFR discussions. By observing how developers approach NFRs and participate in discussions, we documented the best practices and strategies newcomers can use to address NFRs effectively. Through the characterization of NFR discussions, we aim to pave the way for developing automated tools to identify NFRs better. Finally, we provide a curated dataset of 1,533 PR discussions classified with NFR presence.

Return To News Homepage