Skip to Main Content
HBS Home
  • About
  • Academic Programs
  • Alumni
  • Faculty & Research
  • Baker Library
  • Giving
  • Harvard Business Review
  • Initiatives
  • News
  • Recruit
  • Map / Directions
Faculty & Research
  • Faculty
  • Research
  • Featured Topics
  • Academic Units
  • …→
  • Harvard Business School→
  • Faculty & Research→
Publications
Publications
  • Other Article
  • Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS)

Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities

By: Robert Lagerstrom, Carliss Y. Baldwin, Alan MacCormack, Daniel J. Sturtevant and Lee Doolan
  • Format:Print
ShareBar

Abstract

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. 68% of the files associated with a vulnerability are cyclically coupled, compared to 43% of the non-vulnerable files. Our best regression model is a combination of low commenting, high code churn, high direct fan-out within the main cyclic group, and high direct fan-in outside of the main cyclic group.

Keywords

Security Vulnerabilities; Software Architecture; Metrics; Software; Complexity; Measurement and Metrics

Citation

Lagerstrom, Robert, Carliss Y. Baldwin, Alan MacCormack, Daniel J. Sturtevant, and Lee Doolan. "Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities." Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS) 9th (2017): 53–69. (Part of Lecture Notes in Computer Science, ISSN 0302-9743.)
  • Find it at Harvard
  • Read Now

About The Authors

Carliss Y. Baldwin

→More Publications

Alan D. MacCormack

Technology and Operations Management
→More Publications

More from the Authors

    • 2021
    • Faculty Research

    Computer-Implemented Methods and Systems for Measuring, Estimating, and Managing Economic Outcomes and Technical Debt in Software Systems and Projects: US Patent 11,126,427 B2

    By: Daniel J. Sturtevant, Carliss Baldwin, Alan MacCormack, Sunny Ahn and Sean Gilliland
    • August 2021
    • Faculty Research

    A Note on Design Thinking

    By: Alan MacCormack, Caroline M. Elkins, Allison H. Mnookin, Leonard A. Schlesinger and Joyce J. Kim
    • November 2020
    • Journal of Product Innovation Management

    Disrupting the Disruptors or Enhancing Them? How Blockchain Re‐Shapes Two‐Sided Platforms

    By: Daniel Trabucchi, Antonella Moretto, Tommaso Buganza and Alan MacCormack
More from the Authors
  • Computer-Implemented Methods and Systems for Measuring, Estimating, and Managing Economic Outcomes and Technical Debt in Software Systems and Projects: US Patent 11,126,427 B2 By: Daniel J. Sturtevant, Carliss Baldwin, Alan MacCormack, Sunny Ahn and Sean Gilliland
  • A Note on Design Thinking By: Alan MacCormack, Caroline M. Elkins, Allison H. Mnookin, Leonard A. Schlesinger and Joyce J. Kim
  • Disrupting the Disruptors or Enhancing Them? How Blockchain Re‐Shapes Two‐Sided Platforms By: Daniel Trabucchi, Antonella Moretto, Tommaso Buganza and Alan MacCormack
ǁ
Campus Map
Harvard Business School
Soldiers Field
Boston, MA 02163
→Map & Directions
→More Contact Information
  • Make a Gift
  • Site Map
  • Jobs
  • Harvard University
  • Trademarks
  • Policies
  • Digital Accessibility
Copyright © President & Fellows of Harvard College