Skip to Main Content
HBS Home
  • About
  • Academic Programs
  • Alumni
  • Faculty & Research
  • Baker Library
  • Giving
  • Harvard Business Review
  • Initiatives
  • News
  • Recruit
  • Map / Directions
Faculty & Research
  • Faculty
  • Research
  • Featured Topics
  • Academic Units
  • …→
  • Harvard Business School→
  • Faculty & Research→
Publications
Publications
  • Other Article
  • Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS)

Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities

By: Robert Lagerstrom, Carliss Y. Baldwin, Alan MacCormack, Daniel J. Sturtevant and Lee Doolan
  • Format:Print
ShareBar

Abstract

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. 68% of the files associated with a vulnerability are cyclically coupled, compared to 43% of the non-vulnerable files. Our best regression model is a combination of low commenting, high code churn, high direct fan-out within the main cyclic group, and high direct fan-in outside of the main cyclic group.

Keywords

Security Vulnerabilities; Software Architecture; Metrics; Software; Complexity; Measurement and Metrics

Citation

Lagerstrom, Robert, Carliss Y. Baldwin, Alan MacCormack, Daniel J. Sturtevant, and Lee Doolan. "Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities." Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS) 9th (2017): 53–69. (Part of Lecture Notes in Computer Science, ISSN 0302-9743.)
  • Find it at Harvard
  • Read Now

About The Authors

Carliss Y. Baldwin

→More Publications

Alan D. MacCormack

Technology and Operations Management
→More Publications

More from the Authors

    • February 2023 (Revised February 2023)
    • Faculty Research

    Doing Business in Athens, Greece

    By: Alan D. MacCormack, Carlota Moniz and Emilie Billaud
    • Industrial and Corporate Change

    Introduction

    By: Stefano Brusoni, Joachim Henkel, Michael G Jacobides, Samina Karim, Alan MacCormack, Phanish Puranam and Melissa Schilling
    • November–December 2022
    • Harvard Business Review

    Your Company Needs a Space Strategy. Now.

    By: Matthew Weinzierl, Prithwiraj (Raj) Choudhury, Tarun Khanna, Alan MacCormack and Brendan Rosseau
More from the Authors
  • Doing Business in Athens, Greece By: Alan D. MacCormack, Carlota Moniz and Emilie Billaud
  • Introduction By: Stefano Brusoni, Joachim Henkel, Michael G Jacobides, Samina Karim, Alan MacCormack, Phanish Puranam and Melissa Schilling
  • Your Company Needs a Space Strategy. Now. By: Matthew Weinzierl, Prithwiraj (Raj) Choudhury, Tarun Khanna, Alan MacCormack and Brendan Rosseau
ǁ
Campus Map
Harvard Business School
Soldiers Field
Boston, MA 02163
→Map & Directions
→More Contact Information
  • Make a Gift
  • Site Map
  • Jobs
  • Harvard University
  • Trademarks
  • Policies
  • Accessibility
  • Digital Accessibility
Copyright © President & Fellows of Harvard College