Technical Guidance

Whitepapers

Download

How to Deliver Resilient, Secure, Efficient, and Easily Changed IT Systems in Line with CISQ Recommendations
In complex software applications, the same piece of code can be of excellent quality or highly dangerous - so, excellent code quality within an independent program does not guaranty a resilient, safe and efficient IT system. Correlations between architectural programming mistakes and production defects unveil something counter-intuitive. Studies show that basic coding errors within a program account for 92% of the total errors in source code but only account for 10% of production defects. Yet, software flaws at the Technology and System Level account for 8% of total errors, but consume over half the effort spent on fixing problems and lead to 90% of the most serious production issues. Engineering quality maturity grows exponentially with adherence to CISQ best practices.


Download

How Do You Measure Software Resilience?
A resilient software-intensive system can experience failure in one or more of its constituent components, encounter unexpected inputs or external conditions, or come under malicious attack and yet continue to provide a useful level of functionality to the user and recover disrupted functions quickly after an incident. This whitepaper provides a definition of software resilience and discusses how to measure software resilience. Learn how software resilience relates to software quality standards and review the architectural attributes that affect resilience.


Download

IEEE: Using Analytics to Guide Improvement During an Agile-DevOps Transformation
Fannie Mae IT has transformed from a waterfall organization to a lean culture enabled by Agile methods and DevOps. The article discusses how analytics were used, along with challenges in selecting measures and implementing analytics in an Agile–DevOps transformation. Authors: Dr. Bill Curtis, CISQ and Barry Snyder, Fannie Mae.


Download

The Cost of Poor Software Quality in the US: A 2018 Report
This research report concludes that poor software quality cost the U.S. upwards of $2.84 trillion dollars in 2018 taking into account losses from software failures, legacy system problems, technical debt, finding and fixing defects, and troubled or cancelled projects. The report examined how much the world is spending on IT software today and the fundamental issues causing problems. Looking backwards, legacy IT systems are holding us captive, looking forwards, technology innovations are coming faster and faster, and looking at present day, we're facing highly vulnerable and deficient systems-of-systems. The report was written by Herb Krasner, a member of CISQ’s Advisory Board and retired Professor of Software Engineering at the University of Texas at Austin. The report was commissioned by CA.


Download

CISQ Recommendation Guide: Effective Software Quality Metrics for Use in ADM Service Level Agreements
Service Level Agreements (SLAs) are common for Application Development and Maintenance contracts. SLAs have been used to define the relationship between a service provider and customer since the early days of IT outsourcing, yet many of the contracts written, even in the last five years, use fundamentally the same time-based SLAs for software development. SLAs for responding to a high severity ticket or the turnaround on a work request are common. SLAs that contract around the quality of the code produced are rare in contrast. While many of the SLAs are appropriate for infrastructure, the SLAs for application software focus on relatively indirect measurements. Given the tight link between support cost, code quality, and subsequent risk to business, this must change. This paper discusses how to use software quality metrics in SLAs to manage software development and maintenance.


Download
Using Software Measurement in SLAs: Integrating CISQ Size and Structural Quality Measures into Contractual Relationships
As more critical business functions within an organization are automated, IT is under increasing pressure to govern the quality of software received from suppliers, whether they are vendors, outsourcers, or system integrators while at the same time reducing cost. Better governance requires better measurement of application size, stability and quality in all of its manifestations—functional, non-functional or structural, and behavioral. These measures are being incorporated into contracts as the equivalent of Service Level Agreements (SLAs), targets that suppliers must achieve to avoid penalties. In some cases, these SLAs involve productivity targets measured by the amount of business functionality delivered compared to the effort expended. In other cases, they involve targets for the structural attributes of an application such as security or maintainability. This paper talks about how to integrate size and software quality measures into SLAs.
Download

Sample Acceptance Criteria with CISQ Standardized Metrics
This document contains sample contract language that you can use with software suppliers to establish acceptance criteria for software delivery. Use this language to ensure that the source code delivered is free from critical weaknesses as defined in industry standards for software structural quality. You as the buyer will evaluate the quality of the software prior to accepting delivery.


Download

Contracting Best Practice - Improve Supplier Productivity Using the Automated Function Point Standard
This whitepaper contains sample contract language for software development outsourcing and specifically addresses how to measure development productivity using the Automated Function Point (AFP) standard. AFP is a measure of software size used in cost estimation, progress tracking, productivity measurement, and other software project management activities. The standard is used in contracts to specify a base level of productivity, set a rate invoiced per function point when software is delivered to the customer, ensure the quality of function points delivered, and set incentives for higher productivity.


Download

Contracting Best Practice - Lower Risk and Improve Outcomes with Suppliers by Using Software Structural Quality Standards
This whitepaper contains sample contract language for software development outsourcing and specifically addresses how to lower risk and improve development outcomes by using software structural quality standards in contracts. The software structural quality standards developed by CISQ for Security, Reliability, Performance Efficiency and Maintainability are used to measure a system’s code quality and technical debt. The structual quality standards are used in outsourcing to check standards compliance, conduct systems assessment, measure the quality of delivered code, set acceptable levels of quality for delivered code, and measure software quality over time.