> Since you can't really quantify these properties (as opposed to: the problem is either solved or not)

I think we could quantify these properties, just not entirely.

One could take a long-term project and analyze how often or which approaches resulted in a refactor. In the same way, we could also quantify designs that resulted in vulnerabilities (that we know of) the most often.

It even wouldn't be impossible to create artificial scenarios. Projects that have an increasing number of requirements, see how many code changes are required, how many bugs result from that. Again, quantifiable to some extent. Probably better than datasets totally lacking something like that.

There probably isn't a public dataset on this, but it wouldn't be impossible.