search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Identifying the Architectural Roots of Vulnerabilities

Podcast
By
In this podcast, Rick Kazman and Carol Woody discuss an approach for identifying architecture debt in a large-scale industrial software project by modeling software architecture as design rule spaces.
Publisher

Software Engineering Institute

Subjects

Listen

Watch

Abstract

In our studies of many large-scale software systems, we have observed that defective files seldom exist alone. They are usually architecturally connected, and their architectural structures exhibit significant design flaws that propagate bugginess among files. We call these flawed structures the architecture roots, a type of technical debt that incurs high maintenance penalties. Removing the architecture roots of bugginess requires refactoring, but the benefits of refactoring have historically been difficult for architects to quantify or justify. In this podcast, Rick Kazman and Carol Woody discuss an approach to model and analyze software architecture as a set of design rule spaces). Using data extracted from the project’s development artifacts, this approach identifies the files implicated in architecture flaws and suggest refactorings based on removing these flaws. 
 

About the Speaker

Rick Kazman

Rick Kazman

Headshot of Carol Woody.

Carol Woody

Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the challenges of cyber security in acquisition, system and software engineering.  CSE is building capabilities in defining, acquiring, …

Read more
SHARE

Supplemental Materials

Download Transcript
Download Audio
Ask a question about this Podcast