After requests from numerous commercial enterprises, the Consortium for IT Software Quality (CISQ) was formed in 2010 by the Software Engineering Institute at Carnegie Mellon University and the Object Management Group (OMG), an international IT standards organization. CISQ was chartered to create international standards for automating the measurement of size and structural quality from software source code. During early executive forums held in Washington DC, Frankfurt, and Bangalore, five measures were selected for initial specification, among which was a request to automate the counting of Function Points from source code based as closely as possible on counting guidelines from the International Function Points User Group (IFPUG)... Read more →
12/03/2018
CISQ’s Automated Function Points: History and Calculation
Posted at 11:10 am in Uncategorized, | Permalink
11/26/2018
Applying Coding Standards to the NIST Cybersecurity Framework
The NIST Cybersecurity Framework was first published in 2014 for operators of U.S. critical infrastructure and is now the de facto cybersecurity framework for a wide range of businesses and organizations across industries. Organizations link their cyber approaches to the Framework’s core functions of Identify, Protect, Detect, Respond and Recover... Read more →
Posted at 11:09 am in Uncategorized, | Permalink
10/02/2018
CISQ announces new study: The Cost of Poor Software Quality in the US: A 2018 Report
This report was written by Herb Krasner, a member of CISQ’s Advisory Board. Herb spent many years at the University of Texas at Austin as Professor of Software Engineering, the Director of Outreach Services for the UT Center for Advanced Research in Software Engineering (ARiSE), and founder and CTO of... Read more →
Posted at 11:07 am in Uncategorized, | Permalink
08/21/2018
College Degrees Now Available for Secure Software Development
Cybersecurity training and workforce development is a common theme and solution that’s proposed at conferences that discuss the challenges of cybersecurity and the future as we know it – developing, architecting and living within digital IT ecosystems. Who’s steering the ship? Do leaders understand the security threats and do their... Read more →
Posted at 11:06 am in Uncategorized, | Permalink
07/10/2018
Coverity now features integrated on-demand developer training
News item submitted by Elizabeth Samet, Public Relations Manager, Synopsys Read the full post on Synopsys blog here The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance. On-demand developer... Read more →
Posted at 11:04 am in Uncategorized, | Permalink
05/10/2018
8 takeaways from NIST’s application container security guide
By Tim Mackey, Senior Technical Evangelist for Black Duck Software by Synopsys Link to original article on Synopsys blog, published May 1, 2018 Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and... Read more →
Posted at 11:00 am in Uncategorized, | Permalink
02/13/2018
Scope Measurement on Large IT Projects in Texas: A Position Paper
Herb Krasner, University of Texas at Austin (ret.), CISQ Advisory Board member A new Texas state law adds specific monitoring requirements for large IT projects in Texas state agencies. It requires regular monitoring and reporting on IT project performance indicators of: schedule, cost, scope, and quality. IT scope measurement is... Read more →
Posted at 11:00 am in Uncategorized, | Permalink
01/24/2018
Preventing the Next Equifax – All CVEs Have Root Causes in CWEs
by Tracie Berardi, Program Manager, CISQ The Equifax data breach in 2017 was the result of attackers exploiting an unpatched vulnerability in Equifax software. The vulnerability – Apache Struts: CVE-2017-9805: Possible Remote Code Execution as titled in the NIST National Vulnerability Database– was a flaw discovered in Apache Struts web... Read more →
Posted at 10:59 am in Uncategorized, | Permalink