Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity


Topic: Reducing Modernization Risk through Compliance to Software and Risk Management Standards


Hosted by: Consortium for IT Software Quality (CISQ) in cooperation with the Object Management Group (OMG) and IT Acquisition Advisory Council (IT-AAC)


Date: Tuesday, October 16, 2018 from 8:00am – 3:00pm


Venue: Army Navy Country Club, 1700 Army Navy Drive, Arlington, VA


RSVP: Tracie Berardi, CISQ Program Manager at or 781-444-1132 x149 or REGISTER NOW!


Knowledge Repository:



The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. Federal IT leaders will brief on policy, priorities and plans for modernizing and securing government IT – building momentum from the “forcing functions” of FITARA, Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda which for the first time in history sets IT and modernization as top tier objectives for Federal Government leadership.


This is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.


The program will cover:

  • Meeting IT modernization objectives – MGT Act proposals, buy vs. build, new operating models to enable technology transformation
  • Acquisition reform to usher in incremental procurement and software quality assurance requirements
  • Building trust in Agile/DevOps by applying software measurement standards and automation to achieve better outcomes
  • Innovative methods for producing cybersecure software
  • “Regulators Roundtable” sharing best practices for cyber policy in industry


Formal agenda to be posted this summer.


Government admission is complimentary; industry $250; includes lunch and refreshments. REGISTER NOW!






Thank You CISQ Sponsors





OWASP AppSec EU 2018


The OWASP Annual AppSec EU Security Conference is the premier application security conference for European developers and security experts. AppSec EU provides attendees with insight into leading speakers for application security and cyber security, training sessions on various applications, networking, connections and exposure to the best practices in cybersecurity.


The event begins with thirteen hands-on pre conference training programs from 2nd to 4th of July 2018. The main conference spans two days from 5th to 6th of July 2018, offering four full tracks of talks, for pen-testers and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs. This year’s conference program will focus on the bottom to the top and top to the bottom in application security.


The week is packed full of exciting opportunities and distractions such as the Women in Appsec gatherings, Capture The Flag, University Challenge and a great evening out at the AppSec EU 2018 Networking Event at the Imperial War Museums. There is so much to do at AppSec EU its a perfect blend of training, experiences, networking and fun.


CISQ members save $50 off the registration fee with the special code EU18-CISQ50. This code applies for the registration option of Conference and Networking Reception Event.  Register today!


New Texas State Laws for IT Project Performance and Cybersecurity


Join Agency CIOs and IT Professionals for a Strategic Breakfast Meeting in Austin


Recent legislation in Texas requires that state agency large IT projects measure and report on indicators for cost, schedule, scope and quality. When done properly, these measurements can be used to drive down costs, control risks, and improve project performance over time. Additionally, the Texas Cybersecurity Act establishes a framework for prioritizing security posture and reporting. The Texas Dept. of Information Resources (DIR), the Quality Assurance Team (QAT) and state agency CIOs and CISOs will be the primary actors to implement these new laws for optimum effect. These new measurement requirements will flow down to all IT vendors that support these projects.


We’re hosting a complimentary breakfast workshop on Tuesday, June 19 from 8:00 – 10:00 in Austin, TX to discuss these new laws and best practices for leveraging these new requirements. Specifically, the areas of quality and cybersecurity measurement will be highlighted at this forum.


Venue: Doubletree by Hilton, 303 W. 15th St., Austin, TX


RSVP: Registration is now closed.


Presentation topics

  • New measurement requirements and what they really mean
  • The policies, practices, standards and tools that can be used to support them
  • How to use this technology base to improve delivery performance for more effective IT systems






7:45 Check in at registration desk, pick up name badge, breakfast buffet
8:00 Welcome and introductions
8:05 New (?) Measurements for IT Projects: Leveraging Industry Best Practice
Herb Krasner, Texas IT Champion
Herb spent many years at UT Austin as Professor of Software Engineering, the Director of Outreach Services for the UT Center for Advanced Research in Software Engineering (ARiSE), and founder and CTO of the UT Software Quality Institute (SQI). Herb was instrumental in drafting this legislation and has been publishing a series of position papers to share guidance with state agencies across the U.S. Download presentation
8:40 An Introduction to Automatable Standards for Software Measurement
Dr. Bill Curtis, CISQ Executive Director
Dr. Bill Curtis is Executive Director of the Consortium for IT Software Quality (CISQ), an IT leadership group that develops standards for measuring software size, quality and technical debt. Dr. Curtis is the American lead on the ISO 25000 series of standards. Download presentation
9:15 Improving IT with Centralized Management of Code Quality Standards
Philip Crenshaw, Vice President and Global Business Engineering Leader for CGI’s U.S. Strategic Business Unit
Philip Crenshaw will explain how CGI derives better software quality, security and team performance utilizing software standards from CISQ. Leveraging an application intelligence platform managed by a single, centralized team, CGI applies CISQ quality metrics and CAST tools across every team around the world, no matter the client or location. Learn how CGI is turning the IT black box into a transparent, glass box, helping clients reduce costs for rework and outages – and shift capital from “run” to “change” initiatives. Download presentation
9:50 Open discussion and next steps
10:00 Close



CISQ outreach events are supported by program sponsors.


Thank you CGI, CAST, Cognizant, ISHPI, Northrop Grumman, Synopsys and Tech Mahindra for supporting the event!



Realizing Effective End-to-End Quality Management within the Health Domain: Case Studies Using OMG Standards


This special event is part of the OMG® Technical Meeting from June 18-22, 2018 in Boston, MA. Registration is complimentary.


From OMG’s website:


Boston is the “Hub of Healthcare,” a thriving ecosystem of thought leaders in technology, medicine and research and the epicenter of 300 digital healthcare companies pioneering the latest advances in big data analytics, patient personalization, smart technologies, and connected care. On June 18th join your peers from the Healthcare IT community for an introduction to standards and testbeds that are improving the quality and security of healthcare. This event is hosted by the OMG®, an IT standards development organization headquartered in Boston and led Dr. Richard Soley, an MIT alumnus.


The featured case study is the Connected Care Testbed showcasing the work from the Industrial Internet Consortium in developing an open IoT ecosystem for clinical and remote medical devices that can bring together patient monitoring data into a single data management and analytics platform.


The Consortium for IT Software Quality (CISQ) will present Cybersecurity and Resilience of Healthcare IT and Medical Devices, an introduction to code quality standards that can be used to guide software development projects or put into requirements definition for new systems or enhancements.


The OMG is organizing this meeting to demonstrate what’s possible and to discuss the application of cross-industry technologies, such as IoT, Blockchain, and AI, to improve patient outcomes and advance the practice of medicine. Attendance is beneficial to companies in healthcare, pharmaceuticals, life sciences and related sectors.


View the agenda


Register now for complimentary admission


View all OMG special events the week of June 18-22 in Boston



Gartner Program & Portfolio Management Summit 2018

Date: June 12 – 14, 2018
Venue: Gaylord National Resort & Convention Center in National Harbor, MD
Special rate: CISQ members save $350 off the registration fee! Apply the code GARTCISQ at registration


Scaling PPM for Digital Business: Pioneer. Partner. Build.


Digital business requires speed, continuous change and the embracing of uncertainty. The digital environment is constantly morphing, requiring leaders to adapt. In order to progress toward digital success, PPM leaders must re-evaluate and re-invent their disciplines, metrics, and tools – failure to adapt will be fatal. As a PPM leader you must:

  • Pioneer new approaches
  • Partner with teams to create a culture of change
  • Build bridges to get from strategy to effective execution.


Join Gartner to learn how to scale your PPM processes, tools and functions to position your organization for success in the digital era.


The agenda features four comprehensive tracks that will give you the insights and strategies you need to evaluate and re-invent your disciplines, metrics, and tools to enable enterprise transformation in the digital era.


Gartner Security & Risk Management Summit 2018

Date: June 4 – 7, 2018
Venue: Gaylord National Resort & Convention Center in National Harbor, MD
Special rate: CISQ members save $325 off the registration fee! Apply the code GARTCISQ at registration



Transform your data security, cyber-security, risk management and compliance strategies


Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Build resilience through leading-edge research and thinking on key topics such as BCM, cloud security, privacy and securing the Internet of Things (IoT).


The summit will provide the latest information on new threats and emerging technologies such as AI, machine learning, analytics and blockchain—while helping you address the ongoing shortage of skilled staff. Join the world’s CISOs and top security and risk management professionals to hone your leadership capabilities and gather the information you need to enable digital business in a world of escalating risk.







CISQ Webinar: Using Software Quality Standards at Scale in Agile and DevOps Environments

Speaker: Barry Snyder, DevOps Product Manager, Enterprise Architecture, Fannie Mae

Presented live on May 30, 2018


Over the past two years Fannie Mae IT has transformed from a waterfall organization to a lean culture enabled by Agile and DevOps. This webinar will discuss how Fannie Mae uses software measurement standards from CISQ to demonstrate significant improvements in code quality and development productivity. Executive management monitors the organization’s Agile-DevOps transformation by reviewing quality, productivity, and delivery-to-speed. Barry Snyder will discuss how his team aligned analytics across the organization to justify investment in Agile-DevOps practices.


Watch the webinar on CISQ YouTube









Tech Mahindra Collaborates with CISQ to Help Accelerate Code Quality Standards

Leading digital transformation services provider collaborates with CISQ to improve IT application quality, reduce cost and cyber-risk to meet future customer demands


Needham, MA; New Delhi – April 20, 2018 – The Consortium for IT Software Quality™ (CISQ™) announced today that Tech Mahindra has joined its roster of supporters in order to accelerate the creation and adoption of software quality standards in the IT industry. Tech Mahindra is a leading provider of digital transformation, consulting and business re-engineering services and solutions with headquarters in Mumbai.


This year, CISQ launched a working group to develop automatable standards for measuring the quality of embedded and real-time software. This new body of work is critically important to securing the Internet of Things (IoT) and related technologies and builds upon a set of standards developed by CISQ for measuring risk, security and technical debt in enterprise and business systems. In addition to its technical expertise, Tech Mahindra will help expand the presence of CISQ in India. The two organizations are teaming up to share best practices and methods for delivering quality software products that meet the highest industry standards.


“Tech Mahindra’s partnership with us is a testimony to its commitment to software quality. We are excited about incorporating its knowledge and experience into our software standards work, given the critical importance of software quality in technologies like IoT, medical devices, and mobile,” said Dr. Bill Curtis, Executive Director, CISQ.


“The new age customer, today, demands defect-free high-quality solutions, lightning fast delivery with no downtime, and the best-of-the-breed competency from their technology partners to address business challenges, deliver a seamless customer experience and create a distinct market position for themselves. It is imperative, therefore, that the quality of the product/solutions, match world-class standards”, said Mr. Abhijit Lahiri, Chief of Transformation, Tech Mahindra.TechM has ventured into building a #NewAgeDELIVERY Platform to bring these world-class solutions to the customer. The collaboration with CISQ complements this objective by using automated measures for evaluating structural quality of the software from the source code and establishing global quality standards.”


CISQ sponsors are committed to the development of high quality software and are prominently recognized as thought leaders in software quality measurement and analysis. CISQ sponsorship is available to companies of all sizes as well as government, academic and non-profit organizations. The collaboration reinforces Tech Mahindra’s efforts to comply with optimum software quality standards from a global perspective. It is also in line with the company’s efforts to continuously deliver the best in class solutions and offerings to its customers.


About Tech Mahindra

Tech Mahindra represents the connected world, offering innovative and customer-centric information technology experiences, enabling Enterprises, Associates and the Society to Rise™. We are a USD 4.7 billion company with 115,200+ professionals across 90 countries, helping over 903 global customers including Fortune 500 companies. Our convergent, digital, design experiences, innovation platforms and reusable assets connect across a number of technologies to deliver tangible business value and experiences to our stakeholders. Tech Mahindra is amongst the Fab 50 companies in Asia (Forbes 2016 list).


We are part of the USD 19 billion Mahindra Group that employs more than 200,000 people in over 100 countries. The Group operates in the key industries that drive economic growth, enjoying a leadership position in tractors, utility vehicles, after-market, information technology and vacation ownership.


About CISQ


The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon University, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by CAST, CGI, Cognizant, ISPHI, Northrop Grumman, Synopsys and Tech Mahindra. For more information, visit


For more information on Tech Mahindra, please contact:

Tuhina Pandey, Global Corporate Communications



For more information on CISQ, please contact:

Ann McDonough, Marketing Communications Specialist




Note to editors: Object Management Group and OMG are registered trademarks of the Object Management Group.  For a listing of all OMG trademarks, visit All other trademarks are the property of their respective owners.

Dr. Bill Curtis, Executive Director of Consortium for IT Software Quality, to Keynote at QUEST 2018 Conference, May 23

CISQ thought leaders share software quality insights


Needham, MA – April 17, 2018 – Dr. Bill Curtis, the Executive Director of the Consortium for IT Software Quality™ (CISQ™), a recognized authority in software quality and sizing, will serve as a keynote speaker at the QUEST conference in San Antonio, Texas. The conference attracts managers and practitioners, quality professionals, and software development professionals interested in new technologies and proven methods for quality engineered software and testing. His keynote titled, “Software Intelligence: Structural Quality Analysis and Machine Learning,” is scheduled from 8:30 a.m. – 9:30 a.m. on Wednesday, May 23.


Dr. Curtis heads CISQ, which is chartered to produce international standards for automating the measurement of structural quality from source code. A SVP and Chief Scientist at CAST, he leads CAST Research Labs in applying visualization and machine learning to structural quality analysis. With 40 years of experience in software, Dr. Curtis is best known for leading development of the Capability Maturity Model (CMM) and People CMM at the Software Engineering Institute. He is also a Fellow of the IEEE for his contributions to software process improvement and measurement.


Dr. Curtis’ keynote will examine the C-Suite’s demand for more accountability and improvements in software processes. He will also discuss recent results from machine learning research in software quality and review international standards for measuring the structural quality of software developed by CISQ, along with results of empirical research on how some of the most severe flaws are distributed in business applications.


According to Dr. Curtis, “The software stack is increasingly complex and exceeds the ability of developers to fully understand all the interactions. Consequently, human-based quality practices must be augmented by advanced technology. I will describe the CISQ standards that are available now to automate the analysis and measurement of software quality, and the role that machine learning plays in providing deeper intelligence into structural quality pathologies.”


In addition to Dr. Curtis’ keynote, Joe Jarzombek, from CISQ sponsor Synopsys, will present “Software Integrity: Integrated Focus for Software Quality and Security” from 10 a.m. – 11 a.m. on May 23. A retired Lt. Col. in the U.S. Air Force and a Certified Secure Software Lifecycle Professional, Jarzombek is Director for Government, Aerospace & Defense Programs for the Synopsys Software Integrity Group. Prior to joining Synopsys, Jarzombek served as the Director for Software & Supply Chain Assurance in the U.S. Department of Homeland Security Office of Cybersecurity and Communications.


During his presentation, Jarzombek will provide details on the types of test tools and services used to determine resilience of products and residual risk exposures attributable to software, and the value proposition for software integrity as an integrating focus for software quality and security. He will also explain how software integrity is an enabler for IoT cybersecurity and how using standards-based automation enables the exchange of information internally and externally with vendors for IoT/ICT products.


Also speaking is Bill Dickenson, Director of Solution Delivery at CAST, a CISQ sponsor. He has worked with C-level executives on business case development, services strategy, program and vendor management, business process re-engineering, outsourcing engagements and implementation approaches. Prior to CAST, Dickenson was an independent consultant with Strategy On The Web and former VP of Application Management Services for IBM, bringing decades of experience in application development, maintenance and integrated operations.


He will co-present “Leverage Software Intelligence to Improve Risk-Based Testing” from 11:15 a.m. –12:15 p.m. on May 24 when he will examine risk-based testing models and discuss overlooked factors that impact their test effectiveness and production stability.


For more information on the keynotes and the QUEST conference 2018, visit


About CISQ

The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by CAST, CGI, Cognizant, ISPHI, Northrop Grumman, Synopsys and Tech Mahindra. For more information, visit



Ann McDonough
+1 781-444-0404



Note to editors: Object Management Group and OMG are registered trademarks of the Object Management Group.  For a listing of all OMG trademarks, visit All other trademarks are the property of their respective owners.



Navigating the Uncharted Territory of Disruption: A Whole New World of Opportunity


EOS18 is hosted by the International Association of Outsourcing Professionals (IAOP).


At EOS18 you will learn how to:
  • Optimize your strategic partnerships and outsourcing relationships
  • Leverage the new technology that is disrupting your workplace and business from blockchain to AI
  • Understand the new GDPR
  • Create an action plan and immediately improve your outsourcing outcomes
  • Discover the new generation tools that make it simpler
  • and more!

Download the early bird program.


Special registration details for CISQ members:


Buy Side Companies attend for free, provided that they become members of IAOP at the rate of $395.  Buy Side companies can become a member by clicking here and then registering for the event at


CISQ members that are providers/advisors receive a special rate of €1300, a 50% savings for non-members. The link to register is:


We look forward to seeing you at EOS18! Paul Bentz, CISQ Director of Government and Industry Programs in Europe, will be participating on behalf of CISQ. You can reach him at


Click here to visit the IAOP website and learn more about EOS18