Coding Rules for Performance

There are 18 critical coding and architecture weaknesses to avoid in source code because of their impact on the performance of an application. For those familiar with the Common Weakness Enumeration (CWE), a repository of known software weaknesses managed by The MITRE Corporation, and a reference point for developers and tools, the Performance standard includes 15 parent weaknesses and 3 child weaknesses ("children") that map back to the CWE and have CWE identifiers.

Performance Efficiency assesses characteristics that affect an application’s response behavior and use of resources under stated conditions. Performance Efficiency affects customer satisfaction, workforce productivity, application scalability, response-time degradation, and inefficient use of processing or storage resources. The Performance Efficiency of an application lies in each individual component‘s performance, as well as in the effect of each component on the behavior of the chain of components comprising a transaction in which it participates.

To follow the standard guidelines, your source code should NOT contain these 18 critical weaknesses known to severely impact performance. Detection of these weaknesses can be automated on source code through static analysis.

Who Developed the Software Performance Efficiency Standard?

The project team was led by Dr. Bill Curtis, CISQ Founding Executive Director and Chief Scientist at CAST Research Labs. The team consisted of delegates from CISQ sponsor organizations Accenture, Atos, Booz Allen Hamilton, CAST, CGI, Cognizant, ISHPI, Northrop Grumman, Synopsys, Tech Mahindra, and Wipro in addition to experts from the Software Engineering Institute at Carnegie Mellon University and the Common Weakness Enumeration project at The MITRE Corporation.

Who is Using the Software Performance Efficiency Standard?

The standard is used by government and industry organizations including the U.S. Department of State, U.S. General Services Administration, U.S. Army, U.S. Air Force, Northrop Grumman, CGI, Cognizant, Tech Mahindra, Manulife, Telefonica, BNY Mellon, and others. The standard is freely available to use, reference, and download.

Which Tools Support the Code Quality Standards?

The code quality standards from CISQ are comprised of software weaknesses (CWEs) that can be detected in source code through static code analysis. CAST and Synopsys (tool vendors) contributed to development of the standards and support the standards in their tools. Most static analysis tools identify some, if not all, critical CWEs. Ask tool vendors about support for measuring CWEs and the CISQ standards for Reliability, Security, Performance Efficiency, and Maintainability.

Are you a tool vendor that supports CWEs and code quality standards? To be listed for reference, contact us.