Mar 21, 2011

The 5 Complexity Dimensions of Software

I've used this image on countless occasions in my talks on software and on application security. I got it from an academic research presentation back in 2004 or so.

The 5 Complexity Dimensions of Software
Complexity in this regard means complex for humans to understand and contribute to.
  1. Scale. The larger the system, the more complex.
  2. Diversity. The more frameworks, languages, integration techniques, tools, platforms, and design patterns used, the more complex.
  3. Connectivity. The more connections, the more complex. This relates to coupling.
  4. Dynamics. The more number of states or the larger state space, the more complex.
  5. Refinement. Over time every living piece of software is refined, optimized, and polished. Corner cases are found and handled, and regression test suites grow. Refinement drives complexity.
In the context of application security there's always a relation between security and complexity. The more complex a system gets, the higher the risk of security vulnerabilities. Therefore managing application security is partly about managing the five dimensions above.

Sadly, computer science undergraduates rarely meet or learn about this kind of software complexity. That's why industry is reluctant to hire them. Solving 100 coding assignments comprising 200 lines of code each, just doesn't equal developing a system of 20,000 lines of code.

Tomorrow I will give a talk on why and how CS undergrads at Linköping University should learn about software complexity.

1 comment:

  1. Interesting diagram. It might be implicit to the dimensions already there, but from a security point of view, I think the 'system of systems' dimension might deserve to be included, as many flaws/gaps are introduced in the system integration phase.