Integrated Software Ecosystem Evaluation
Modern software systems are among the most complex artifacts ever created, and their growing scale brings mounting challenges in both quality assurance and security. Poor software quality costs trillions annually, while data breaches impose multi-million-euro damages on individual organizations. Despite strong empirical evidence that quality degradation patterns frequently precede security vulnerabilities, existing assessment approaches treat quality and security as separate domains, leaving this predictive overlap largely unexploited.
This project introduces a novel, formation-aware framework by adapting Assembly Theory, originally developed to explain how complex structures emerge through stepwise assembly in chemistry and biology. Code modules, dependencies, and development contributions are modeled as building blocks whose assembly pathways (commits, merges, dependency updates) determine the structural and security properties of the resulting system. The project defines computable metrics, including assembly indices, pathway diversity, and formation probabilities, that capture how software evolves and where fragility accumulates.
The methodology proceeds in three phases:
- formalizing the theoretical mapping of Assembly Theory to software repositories
- implementing scalable metric extraction integrated with established quality and process indicators
- evaluating predictive performance for defect and vulnerability detection using interpretable machine learning models.
Validation spans open-source benchmarks and proprietary, security-critical codebases provided by the industrial partner Condignum.
Official Project Lead: SBA Research