CISQ Supplements ISO/IEC 25000 Series with Automated Quality Characteristic MEasures
The ISO/IEC 25000 series of standards, also known as SQuaRE (System and Software Quality Requirements and Evaluation), contains a framework to evaluate software product quality. ISO/IEC 25010 defines a set of eight software quality characteristics, or system “-ilities,” i.e. security, reliability, and maintainability. ISO/IEC 25023 describes how to apply the quality characteristics to measure product quality. However, the measures defined in 25023 largely measure quality at the behavioral level rather than at the level of specific quality problems in the source code. To supplement the level of measurement in 25023, CISQ has defined source code level measures of four quality characteristics—Reliability, Performance Efficiency, Security, and Maintainability.
ISO is Starting Point for CISQ'S Work
The ISO/IEC 25010 standard provides consistent terminology for specifying, measuring and evaluating system and software product quality. This figure illustrates the eight software quality characteristics defined by ISO. The four characteristics highlighted in blue were selected and prioritized by the CISQ executive board for automated measurement.
CISQ Automates Measurement of Software Quality Characteristics
The four CISQ measures are compliant with the ISO 25010 definitions of quality characteristics. Their sub-characteristics were used to determine the scope to be covered by each measure. The CISQ measures are defined as the sum of critical weaknesses in software that cause the undesirable behaviors underlying many of the measures defined in ISO 25023. These behaviors include such measures as downtime, performance degradation, and amount of data stolen. The weaknesses incorporated into the CISQ measures can be detected from analyzing source code. Collectively, the CISQ measures cover eighty-six critical code quality rules at the code unit and system level.
Quality Characteristics to Automate in the Future
CISQ plans to develop automated measures for the ISO quality characteristics of Compatibility and Portability due to the rise of mobile technology. CISQ also launched a working group to extend its existing quality metrics to cover embedded and real-time systems. The combined measurement of both business and embedded software is critical to IoT (Internet of Things).