Coding Rules for Maintainable Software

There are 29 critical coding and architecture weaknesses to avoid in source code because of their impact on the maintainability of an application. For those familiar with the Common Weakness Enumeration (CWE), a repository of known software weaknesses managed by The MITRE Corporation, and a reference point for developers and tools, the Maintainability standard includes 29 weaknesses that map back to the CWE and have CWE identifiers.

Maintainability represents the degree of effectiveness and efficiency with which a product or system can be modified by the intended maintainers. Maintainability incorporates such concepts as changeability, modularity, understandability, testability, and reusability. Maintainability is responding rapidly to market conditions and keeping IT costs under control. The Maintainability of an application is a combination of compliance with good coding practices, the homogeneity with which coding rules are applied across an application, and compliance with architectural rules.

To follow the standard guidelines, your source code should NOT contain these 29 critical weaknesses known to severely impact maintainability. Detection of these weaknesses can be automated on source code through static analysis.

Who Developed the Software Maintainability Standard?

The project team was led by Dr. Bill Curtis, CISQ Founding Executive Director and Chief Scientist at CAST Research Labs. The team consisted of delegates from CISQ sponsor organizations Accenture, Atos, Booz Allen Hamilton, CAST, CGI, Cognizant, ISHPI, Northrop Grumman, Synopsys, Tech Mahindra, and Wipro in addition to experts from the Software Engineering Institute at Carnegie Mellon University and the Common Weakness Enumeration project at The MITRE Corporation.

Who is Using the Software Maintainability Standard?

The standard is used by government and industry organizations including the U.S. Department of State, U.S. General Services Administration, U.S. Army, U.S. Air Force, Northrop Grumman, CGI, Cognizant, Tech Mahindra, Manulife, Telefonica, BNY Mellon, and others. The standard is freely available to use, reference, and download.

Which Tools Support the Code Quality Standards?

The code quality standards from CISQ are comprised of software weaknesses (CWEs) that can be detected in source code through static code analysis. CAST and Synopsys (tool vendors) contributed to development of the standards and support the standards in their tools. Most static analysis tools identify some, if not all, critical CWEs. Ask tool vendors about support for measuring CWEs and the CISQ standards for Reliability, Security, Performance Efficiency, and Maintainability.

Are you a tool vendor that supports CWEs and code quality standards? To be listed for reference, contact us.