Sökning: onr:"swepub:oai:DiVA.org:kth-211902" >
Exploring the Relat...
Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities
-
- Lagerström, Robert, 1981- (författare)
- KTH,Industriella informations- och styrsystem,Harvard Business School
-
- Baldwin, Carliss (författare)
- Harvard Business School
-
- MacCormack, Alan (författare)
- Harvard Business School
-
visa fler...
-
- Sturtevant, Dan (författare)
- Silverthread Inc.
-
- Doolan, Lee (författare)
- Silverthread Inc.
-
visa färre...
-
(creator_code:org_t)
- 2017-06-24
- 2017
- Engelska.
-
Ingår i: 9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017. - Cham : Springer. - 9783319621043 ; , s. 53-69
- Relaterad länk:
-
https://urn.kb.se/re...
-
visa fler...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. 68% of the files associated with a vulnerability are cyclically coupled, compared to 43% of the non-vulnerable files. Our best regression model is a combination of low commenting, high code churn, high direct fan-out within the main cyclic group, and high direct fan-in outside of the main cyclic group.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Programvaruteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Software Engineering (hsv//eng)
Nyckelord
- Metrics
- Security vulnerabilities
- Software architecture
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)
Hitta via bibliotek
Till lärosätets databas