Automated Source Code Security Measure
Security assesses the degree to which an application protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization (ISO 25010). Security measures the risk of potential security breaches due to poor coding and architectural practices. Security problems have been studied extensively by the Software Assurance community and have been codified in the MITRE Common Weakness Enumeration (CWE) at cwe.mitre.org.
The CISQ Automated Source Code Security Measure draws from the CWE/SANS Institute Top 25 Most Dangerous Software Errors and identifies the most widespread and frequently exploited security weaknesses in software. The standard is a good predictor of how easily an application can suffer unauthorized penetration that results in stolen information, altered records, or other forms of malicious behavior. The standard contains 36 parent weaknesses and 38 contributing weaknesses (children in the CWE) that you can review in this document.