After requests from numerous commercial enterprises, the Consortium for IT Software Quality (CISQ) was formed in 2010 by the Software Engineering Institute at Carnegie Mellon University and the Object Management Group (OMG), an international IT standards organization. CISQ was chartered to create international standards for automating the measurement of size and structural quality from software source code. During early executive forums held in Washington DC, Frankfurt, and Bangalore, five measures were selected for initial specification, among which was a request to automate the counting of Function Points from source code based as closely as possible on counting guidelines from the International Function Points User Group (IFPUG)... Read more →

The NIST Cybersecurity Framework was first published in 2014 for operators of U.S. critical infrastructure and is now the de facto cybersecurity framework for a wide range of businesses and organizations across industries. Organizations link their cyber approaches to the Framework’s core functions of Identify, Protect, Detect, Respond and Recover... Read more →

This report was written by Herb Krasner, a member of CISQ’s Advisory Board. Herb spent many years at the University of Texas at Austin as Professor of Software Engineering, the Director of Outreach Services for the UT Center for Advanced Research in Software Engineering (ARiSE), and founder and CTO of... Read more →

Cybersecurity training and workforce development is a common theme and solution that’s proposed at conferences that discuss the challenges of cybersecurity and the future as we know it – developing, architecting and living within digital IT ecosystems. Who’s steering the ship? Do leaders understand the security threats and do their... Read more →

News item submitted by Elizabeth Samet, Public Relations Manager, Synopsys Read the full post on Synopsys blog here The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance. On-demand developer... Read more →

By Tim Mackey, Senior Technical Evangelist for Black Duck Software by Synopsys Link to original article on Synopsys blog, published May 1, 2018 Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and... Read more →

Herb Krasner, University of Texas at Austin (ret.), CISQ Advisory Board member A new Texas state law adds specific monitoring requirements for large IT projects in Texas state agencies. It requires regular monitoring and reporting on IT project performance indicators of: schedule, cost, scope, and quality. IT scope measurement is... Read more →

by Tracie Berardi, Program Manager, CISQ The Equifax data breach in 2017 was the result of attackers exploiting an unpatched vulnerability in Equifax software. The vulnerability – Apache Struts: CVE-2017-9805: Possible Remote Code Execution as titled in the NIST National Vulnerability Database– was a flaw discovered in Apache Struts web... Read more →