Exploring the Relationship between Architecture Coupling and Software Vulnerabilities

Robert  Lagerstrom; Carliss Y. Baldwin; Alan   MacCormack; Dan  Sturtevant; Lee  Doolan

Working Paper | HBS Working Paper Series | 2017

Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case

by Robert Lagerstrom, Carliss Y. Baldwin, Alan MacCormack, Dan Sturtevant and Lee Doolan

Abstract

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and has proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity) as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open-source project that has not yet been studied for this topic. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. Unfortunately, the effects of different types of coupling are somewhat hard to distinguish.

Keywords: software; architecture; complexity; coupling; vulnerabilities; Software; Complexity; Measurement and Metrics;

Language: English

Format: Print

12 pages

Read Now

Citation:

Lagerstrom, Robert, Carliss Y. Baldwin, Alan MacCormack, Dan Sturtevant, and Lee Doolan. "Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case." Harvard Business School Working Paper, No. 17-078, February 2017.

Working Paper | HBS Working Paper Series | 2019

Design Rules, Volume 2: How Technology Shapes Organizations: Chapter 8 Rationalizing Flow Processes

Carliss Y. Baldwin

The purpose of this chapter is to examine the value structure of flow production processes and to explain why it is necessary to rationalize flow processes using the tools of systematic management. I first explain the problems facing managers of multi-step flow production processes at the end of the 19th Century. I introduce a model of the value structure of a production process made up of interdependent steps and define the production bottleneck of the process. I use the mathematical definition of a bottleneck to derive two general properties of stochastic multi-step flow processes with bottlenecks. These properties imply a need for ongoing managerial oversight and intervention using a set of tools that went by the label systematic management. Without active systematic management to address production bottlenecks, large-scale flow processes can easily collapse into chaos. I then argue that that the use of automated machinery, larger (or growing) markets, and systematic management are supermodular complements: each attribute makes the other two more valuable. The next chapter will explore how the technological requirements of multi-step flow production processes affect the optimal design of organizations implementing these technologies.

Keywords: flow processes; bottleneck; systematic management; Production; Management; Problems and Challenges;

Citation:

Baldwin, Carliss Y. "Design Rules, Volume 2: How Technology Shapes Organizations: Chapter 8 Rationalizing Flow Processes." Harvard Business School Working Paper, No. 20-032, September 2019. View Details

Cite View Details Read Now

The purpose of this chapter is to explain what the technologies of flow production with stochastic bottlenecks require and reward in organizations. I argue that organizations successfully implementing these technologies are likely to have unified governance and exercise direct authority over process design, job definitions, and task assignments. As they come to employ more people, they will create hierarchical management structures as a means of managing information flows and delegating decision rights. Finally from the early 20th Century through the present, most of these organizations saw advantage in being legally organized as corporations, which could own assets, enter into contracts, and employ individuals in their own right. The result was a “paradigm” of mass production—a cluster of concepts that came to define both “big business” and “high technology” in the United States and elsewhere. Throughout the middle years of the 20th Century, many members of society took for granted the fact that successful businesses using advanced technology would be organized as large, vertically integrated corporations, exercise direct authority, and use managerial hierarchies to channel information and delegate responsibility.

The purpose of this chapter is to explore how technologies and organizations engaged in flow production evolve over time. To allow for an apples-to-apples comparison, I examine organizations using essentially the same physical technologies, making similar products, and competing in the same markets. Specifically, I look at the organizational differences among the largest automakers in the United States and Japan. I focus first on Ford between 1910 and 1930, then on General Motors from the 1920s through the 1960s, then Toyota (and other Japanese automakers) from the 1960s through 2000. The differences among these organizations show that while technology shapes organizations within broad limits, it does not determine an organization’s complete design nor its long-term competitive success.

Faculty & Research

Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case

Abstract

Citation:

About the Authors

More from these Authors