Publication:

Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case

Thumbnail Image

Open/View Files

17-078.pdf (974.25 KB)

Date

2017-03-21

Authors

Published Version

Published Version

Journal Title

Journal ISSN

Volume Title

Publisher

The Harvard community has made this article openly available. Please share how this access benefits you.

Research Projects

Organizational Units

Journal Issue

Citation

Lagerstrom, Robert, Carliss Y. Baldwin, Alan MacCormack, Dan Sturtevant, and Lee Doolan. "Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case." Harvard Business School Working Paper, No. 17-078, February 2017.

Abstract

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. Unfortunately, the effects of different types of coupling are somewhat hard to distinguish.

Description

Other Available Sources

Research Data

Keywords

Terms of Use

This article is made available under the terms and conditions applicable to Open Access Policy Articles (OAP), as set forth at Terms of Service

URI

http://nrs.harvard.edu/urn-3:HUL.InstRepos:30838136

Collections

HBS Scholarly Articles

Endorsement

Review

Supplemented By

Related Stories