CISQ AUTOMATED SOURCE CODE QUALITY MEASURES NOW ISO STANDARD
ENSURING THE TRUSTWORTHINESS, DEPENDABILITY, AND RESILIENCE OF SOFTWARE SYSTEMS
BOSTON, MA – APRIL 7, 2021 – The Consortium for Information & Software Quality™ (CISQ™) today announced that the Automated Source Code Quality Measures are now an International Standards Organization (ISO) standard – ISO/IEC 5055:2021. CISQ sponsors developed the measures, which are also available as international standards through the Object Management Group® (OMG®).
The standard measures the structural quality of software based on detecting and counting weaknesses in security, reliability, performance efficiency, and maintainability. The ISO/IEC 25010 standard defines each of these four quality characteristics. ISO/IEC 5055 is the first ISO standard to measure software qualities such as security and reliability with measures taken directly from internal, structural aspects of software rather than from its operational behavior. This allows developers to detect and remove critical weaknesses before they cause operational problems. The measures also provide management an indicator of the risk to which business is exposed by software applications.
“The Automated Source Code Quality Measures identify critical issues that software developers should eliminate to ensure trustworthy systems,” said Dr. Bill Curtis, Executive Director of CISQ. “ISO adoption of these measures as a standard brings increased credibility and visibility in the global software development community.”
To implement the standard, software developers use static analysis tools to flag and remove critical weaknesses at both the architectural and component levels to avoid damaging business operations or high IT costs. They can use the measures to ensure the trustworthiness, dependability, and resilience of software systems for new development projects, maintenance of existing systems, contracts, and service level agreements.
IT organizations should select a static analysis tool from a vendor that CISQ endorses as conformant to the standard.
The Consortium for Information and Software Quality™ (CISQ™) is an industry leadership group that develops international standards for automating the measurement of software size and structural quality from the source code. The standards, written by CISQ, enable organizations developing or acquiring software-intensive systems to measure the operational risk software poses to the business, as well as estimate the cost of corrective maintenance. CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. For more information, visit https://www.it-cisq.org/