Publications
Publications
- 2017
- HBS Working Paper Series
Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case
By: Robert Lagerstrom, Carliss Y. Baldwin, Alan MacCormack, Dan Sturtevant and Lee Doolan
Abstract
Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and has proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity) as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open-source project that has not yet been studied for this topic. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. Unfortunately, the effects of different types of coupling are somewhat hard to distinguish.
Keywords
Software; Architecture; Coupling; Vulnerabilities; Applications and Software; Complexity; Measurement and Metrics
Citation
Lagerstrom, Robert, Carliss Y. Baldwin, Alan MacCormack, Dan Sturtevant, and Lee Doolan. "Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case." Harvard Business School Working Paper, No. 17-078, February 2017.