Standards to Automate Software Measurement
The Consortium for Information & Software Quality develops international standards to automate the measurement of software from source code. Industry needs standard, low-cost, automated measures for evaluating software size and structural quality that can be used in controlling the quality, cost, and risk of software that is produced internally or by third parties.
Automation is critical because manual review is infeasible for large multi‐layer, multi‐language, multi‐platform systems. Additionally, DevOps greatly speeds up the deployment of applications, some changing on a daily or even hourly basis, which may result in unintended vulnerabilities without review.
Click on a standard below to learn more about the measure and how to use it in practice.
- Security: Measures weaknesses in source code representing the most exploited security weaknesses in software including the CWE/Sans Institute Top 25 Most Dangerous Security Errors and OWASP Top 10
- Reliability: Measures weaknesses in source code impacting the availability, fault tolerance, and recoverability of software
- Performance Efficiency: Measures weaknesses in source code impacting response time and utilization of processor, memory, and other resources
- Maintainability: Measures weaknesses in source code impacting the comprehensibility, changeability, testability, and scalability of software