Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Exploring the relationship between architecture coupling and software vulnerabilities
KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems. Harvard Business School, United States.ORCID iD: 0000-0003-3089-3885
Show others and affiliations
2017 (English)In: 9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017, Springer, 2017, Vol. 10379, p. 53-69Conference paper (Refereed)
Abstract [en]

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. 68% of the files associated with a vulnerability are cyclically coupled, compared to 43% of the non-vulnerable files. Our best regression model is a combination of low commenting, high code churn, high direct fan-out within the main cyclic group, and high direct fan-in outside of the main cyclic group.

Place, publisher, year, edition, pages
Springer, 2017. Vol. 10379, p. 53-69
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), ISSN 0302-9743 ; 10379
Keyword [en]
Metrics, Security vulnerabilities, Software architecture
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:kth:diva-211902DOI: 10.1007/978-3-319-62105-0_4Scopus ID: 2-s2.0-85022333173ISBN: 9783319621043 (print)OAI: oai:DiVA.org:kth-211902DiVA, id: diva2:1131599
Conference
9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017, Bonn, Germany, 3 July 2017 through 5 July 2017
Note

QC 20170815

Available from: 2017-08-15 Created: 2017-08-15 Last updated: 2018-01-13Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Lagerström, Robert
By organisation
Electric Power and Energy Systems
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 11 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf