Skip to Main Content
HBS Home
  • About
  • Academic Programs
  • Alumni
  • Faculty & Research
  • Baker Library
  • Giving
  • Harvard Business Review
  • Initiatives
  • News
  • Recruit
  • Map / Directions
Faculty & Research
  • Faculty
  • Research
  • Featured Topics
  • Academic Units
  • …→
  • Harvard Business School→
  • Faculty & Research→
Publications
Publications
  • Other Article
  • Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS)

Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities

By: Robert Lagerstrom, Carliss Y. Baldwin, Alan MacCormack, Daniel J. Sturtevant and Lee Doolan
  • Format:Print
ShareBar

Abstract

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. 68% of the files associated with a vulnerability are cyclically coupled, compared to 43% of the non-vulnerable files. Our best regression model is a combination of low commenting, high code churn, high direct fan-out within the main cyclic group, and high direct fan-in outside of the main cyclic group.

Keywords

Security Vulnerabilities; Software Architecture; Metrics; Software; Complexity; Measurement and Metrics

Citation

Lagerstrom, Robert, Carliss Y. Baldwin, Alan MacCormack, Daniel J. Sturtevant, and Lee Doolan. "Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities." Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS) 9th (2017): 53–69. (Part of Lecture Notes in Computer Science, ISSN 0302-9743.)
  • Find it at Harvard
  • Read Now

About The Authors

Carliss Y. Baldwin

→More Publications

Alan D. MacCormack

Technology and Operations Management
→More Publications

More from the Authors

    • November–December 2022
    • Harvard Business Review

    Your Company Needs a Space Strategy. Now.

    By: Matthew Weinzierl, Prithwiraj (Raj) Choudhury, Tarun Khanna, Alan MacCormack and Brendan Rosseau
    • June 2022
    • Faculty Research

    FIELD Immersion 2022: Salt Lake City, Utah

    By: Alan MacCormack and Kerry Herman
    • 2021
    • Faculty Research

    Computer-Implemented Methods and Systems for Measuring, Estimating, and Managing Economic Outcomes and Technical Debt in Software Systems and Projects: US Patent 11,126,427 B2

    By: Daniel J. Sturtevant, Carliss Baldwin, Alan MacCormack, Sunny Ahn and Sean Gilliland
More from the Authors
  • Your Company Needs a Space Strategy. Now. By: Matthew Weinzierl, Prithwiraj (Raj) Choudhury, Tarun Khanna, Alan MacCormack and Brendan Rosseau
  • FIELD Immersion 2022: Salt Lake City, Utah By: Alan MacCormack and Kerry Herman
  • Computer-Implemented Methods and Systems for Measuring, Estimating, and Managing Economic Outcomes and Technical Debt in Software Systems and Projects: US Patent 11,126,427 B2 By: Daniel J. Sturtevant, Carliss Baldwin, Alan MacCormack, Sunny Ahn and Sean Gilliland
ǁ
Campus Map
Harvard Business School
Soldiers Field
Boston, MA 02163
→Map & Directions
→More Contact Information
  • Make a Gift
  • Site Map
  • Jobs
  • Harvard University
  • Trademarks
  • Policies
  • Accessibility
  • Digital Accessibility
Copyright © President & Fellows of Harvard College