09 Mar 2017Working Paper Summaries

Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case

by Robert Lagerström, Carliss Y. Baldwin, Alan MacCormack, Dan Sturtevant, and Lee Doolan
Managing software vulnerabilities is a top issue in today’s society. By studying the Google Chrome codebase, the authors explore software metrics including architecture coupling measures in relation to software vulnerabilities. This paper adds new findings to research on software metrics and vulnerabilities, bringing the field closer to generalizable and conclusive results.

Author Abstract

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and has proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity) as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open-source project that has not yet been studied for this topic. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. Unfortunately, the effects of different types of coupling are somewhat hard to distinguish.

Paper Information

Carliss Y. Baldwin
Carliss Y. Baldwin
William L. White Professor of Business Administration, Emerita
Contact
Send an email
More Articles
Alan D. MacCormack
Alan D. MacCormack
MBA Class of 1949 Adjunct Professor of Business Administration
Contact
Send an email
More Articles
Find Related Articles

Sign up for our weekly newsletter

Interested in improving your business? Learn about fresh research and ideas from Harvard Business School faculty.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.