Architecture with Number of Horizontal Layers Outside of Expected Range
This occurs when a software system is built with either too many or too few distinct architectural layers, falling outside a recommended range that supports maintainability and security.
An architecture with an excessive number of layers becomes overly complex and difficult to navigate, while too few layers can lead to poor separation of concerns. Both extremes slow down maintenance and make it harder to locate and fix security flaws, often introducing vulnerabilities during future changes. While the ideal number of layers depends on the specific application, the CISQ guidelines suggest a practical default range of 4 to 8 horizontal layers. Staying within this expected range helps keep your codebase manageable, secure, and easier to audit over time.
Impact: Reduce Maintainability
- OMG ASCMM