Person:

Maccormack, Alan

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. Unfortunately, the effects of different types of coupling are somewhat hard to distinguish.

In this paper, we test a Design Structure Matrix (DSM) based method for visualizing and measuring software portfolio architectures. Our data is drawn from a power utility company, comprising 192 software applications with 614 dependencies between them. We show that the architecture of this system can be classified as a “core-periphery” system, meaning it contains a single large dominant cluster of interconnected components (the “Core”) representing 40% of the system. The system has a propagation cost of 44% and architecture flow through of 93%. This case and these findings add another piece of the puzzle suggesting that the method could be effective in uncovering the hidden structure in software portfolio architectures.