QA Financial Forum: Milan 2018

Technology and Quality Assurance for Continuous App Delivery

The first ever QA Financial Forum Milan takes place on January 24th, 2018.


There is an impressive lineup of speakers, featuring experts from leading Italian financial firms and regulatory bodies.


CISQ is speaking on the panel, “Vendor Risk Management: New Models for Benchmarking Code Quality and Pricing.”


Reflecting on QA Financial’s track record of producing the leading industry events on quality assurance for financial software in London, Singapore and New York, this promises to be the ideal opportunity for professionals to learn and network.










Join TechWell at STAREAST software testing conference from April 29–May 4 at the Hyatt Regency Orlando in Orlando, FL. The conference helps you learn both classical testing practices and new methodologies to grow your skills, supercharge your knowledge, and re-energize your view of your profession.


Register using CISQ’s exclusive promo code — SECM — and save up to $200 off your registration! Additionally, if you register by March 30, you will save up to an additional $200 off with super early bird pricing — a combined savings of up to $400.*


Not ready to register yet? Explore the full program and discover what the conference has in store. Build your full week of learning and benefit from comprehensive tutorials, exceptional concurrent sessions, inspiring keynotes, networking activities, pre-conference training classes, the Expo, and much more.


*valid on packages over $400.






AFCEA DC Cybersecurity Technology Summit


Beyond the Breach

The Future of Federal Cyber


The 8th Annual Cybersecurity Technology Summit reflects the AFCEA DC chapter’s longstanding commitment to supporting the armed forces’ on-going development of cybersecurity strategies and tactics. The summit will provide attendees with insights into emerging innovations from the government and private sectors, education about acquisition policies and regulations, and the latest updates from government leaders about current and emerging cyber efforts.


The 2018 summit will open with a session including cyber talks and fireside chats with leading scientists, government officials, and private industry experts discussing the future of federal cybersecurity and information resilience. Other highlights include:

  • The final round and judging of the AFCEA Cybersecurity Shark Tank
  • Breakout sessions that include panel discussions, featuring subject matter experts from the military, industry and government, addressing such topics as artificial intelligence, federal cyber budgets, cyber threats to Infrastructure, the known and unknowns of emerging threats, and more.

CISQ is a proud partner of the AFCEA Washington, DC chapter.







Outsourcing World Summit (OWS) 18



The Reincarnation of Outsourcing: From Disruption to Domination (When Disruption is Everywhere)


The Outsourcing World Summit (OWS) series is hosted by the International Association of Outsourcing Professionals (IAOP).


*CISQ members receive a special discount on registration!* Apply the code OWS18CISQ to save $300 off the registration fee. Anyone who uses this code is eligible for a free room night (two night minimum) for a stay at the host hotel during the dates of the event, February 18-21.


It is happening fast. Old ways give to new business models, processes and philosophies; collaboration is imperative; innovation is not optional; the workplace is modernized. Technology, like RPA, cognitive, AI and blockchain, are at the forefront of this disruption, but it’s not just tech. Geopolitics have stormed to center stage, turning globalization on its head. The ‘gig economy’ is changing the labor force.


The race to deliver the most affordable and efficient services is on, how do you make sense of the opportunities and then maximize them?


Join IAOP and hundreds of customers, service providers, advisors and academics, on February 18-21, at the Renaissance Orlando, in Orlando, Florida, as we examine these and other topics critical to your success.







Cyber Resilience Summit: Strategies to Modernize & Secure Government IT

Cyber Resilience Summit March 2018


Topic: Reducing Modernization Risk through Compliance to Software and Risk Management Standards


Hosted by: Consortium for IT Software Quality (CISQ) in cooperation with the Object Management Group (OMG) and IT Acquisition Advisory Council (IT-AAC)


Date: Tuesday, March 20, 2018 from 8:00am – 3:00pm


Venue: Hyatt Regency Reston, 1800 Presidents Street, Reston, VA


Knowledge Repository:


**Speakers and attendees, to submit content for the knowledge repository, please send to**





The 5th semiannual Cyber Resilience Summit: Strategies to Modernize & Secure Government IT returns to Reston, Virginia in March. Invited to speak are National Cybersecurity Leaders from the White House, Department of Defense, and Congress to discuss action plans outlined Executive Order 13800 for Cybersecurity, the American Technology Council’s IT Modernization Report, and the Modernizing Government Technology (MGT) Act – just signed into law to accelerate the modernization and security of our nation’s critical IT infrastructure.


The government’s plan is to maximize the use of commercial innovation, commercial standards and commercial best practices to modernize and secure legacy systems that right now are the #1 cyber threat.


The Cyber Resilience Summit will discuss standards and best practices for risk-managed digital transformation and the practical application of systems engineering to support agile acquisition, cloud readiness, big data, technical debt control, and cyber risk management of complex mission, C2, weapon and citizen-facing systems.






8:00 Welcome and Introductions
Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality
John Weiler, Vice Chair, IT Acquisition Advisory Council
8:15 Keynote: Jeanette Manfra, National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications (CS&C), U.S. Department of Homeland Security
Assistant Secretary Jeanette Manfra is the chief cybersecurity official for DHS and supports its mission of strengthening the security and resilience of the nation’s critical infrastructure.
8:45 Action Plans for Executive Order 13800 and Modernizing Government Technology Act
Moderator: John Weiler, Vice Chair, IT Acquisition Advisory Council
Grant Schneider, Acting Federal Chief Information Security Officer; Senior Director for Cybersecurity Policy, National Security Council
Major General Burke E. “Ed” Wilson, Deputy Assistant Secretary of Defense for Cyber Policy
10:00 Refreshment break & networking
10:20 Standards for Managing Cyber Security, Risk and Technical Debt (Download presentation PDF)
Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality
10:45 Using Software Quality Standards with Outsourced IT Vendors – a Fortune 100 Case Study (Download presentation PDF)
Marc Cohen, Vendor Management practitioner at Fortune 100 institution
11:15 Lessons Learned from Major IT Outages and Security Breaches
Moderator: Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality
Dr. Ron Ross, Computer Scientist and Fellow, NIST
Adam Isles, Principal, Chertoff Group (Download presentation PDF)
Michael Chung, Head of Solutions, Government, Bugcrowd (Download presentation PDF)
12:00 Lunch – sponsored by Bugcrowd
1:00 Risk Management Standards in Practice
Moderator: Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality
Dr. Ron Ross, Computer Scientist and Fellow, NIST
Robert Martin, Senior Principal Engineer, MITRE (Download presentation PDF)
Herb Krasner, University of Texas at Austin (ret.), Texas IT Champion (Download presentation PDF)
Brian E. Finch, Partner, Pillsbury Winthrop Shaw Pittman LLP
Jeff Barksdale, Principal Security Advisor, Underwriters Laboratories (UL) (Download presentation PDF)
2:00 Success Factors for Effective IT Modernization – FITARA and CISO Perspectives
Moderator: John Weiler, Vice Chair, IT Acquisition Advisory Council
Jose Arrieta, Deputy Assistant Secretary for Acquisition and Senior Procurement, U.S. Department of Health and Human Services
Sanjeev “Sonny” Bhagowalia, Senior Advisor on Technology and Cybersecurity, Commissioner’s Office, Bureau of the Fiscal Service, U.S. Department of the Treasury
– Vice Admiral Kevin P. Green, USN (Ret.), General Manager, Robertson Blodgett Consulting, LLC; Vice Chair, IT Acquisition Advisory Council (IT-AAC)
3:00 Close



Thank You Sponsors




Thank you Partners















CISQ Produces Standard for Measuring Technical Debt

For the first time, Technical Debt measurement becomes common currency for developers and tech managers


Needham, MA – January 2, 2018 – The Consortium for IT Software Quality™ (CISQ™) today announced that its Automated Technical Debt Measure has been approved as a software measurement standard by the Object Management Group® (OMG®), a not-for-profit technology standards consortium with nearly 30 years of history developing IT-related standards. CISQ, a consortium initiated by OMG and the Software Engineering Institute at Carnegie Mellon University, is chartered to create specifications for automating the measurement of software size and structural quality. Today’s announcement is the first standard for estimating future corrective maintenance efforts to remedy structural defects in code.


The Automated Technical Debt Measure estimates the effort required to fix critical weaknesses in software code and architecture that are included in the four OMG standards for measuring the security, reliability, performance efficiency, and maintainability of source code. Criticality is determined by the risk and cost to the business. The weaknesses are detected through static analysis, and an algorithm determines the repair effort based on estimates collected from professional developers and an assessment of the complexity of the surrounding code. Corrective maintenance costs can then be estimated by converting the repair effort into the preferred currency.


Technical Debt is a metaphor referring to the cost to repair structural quality problems remaining in production code. The cost to fix structural quality problems constitutes the principal of the debt, while the inefficiencies they cause until fixed, such as greater maintenance effort or excessive computing resources, represent compounding interest on the debt. Technical Debt can occur for many reasons: compromises made by technical teams to deliver applications faster; under-scoped initial requirements; inadequate time to refactor code; or inexperience with the architecture or application domain.


According to CISQ Executive Director, Dr. Bill Curtis, “Technical Debt saps IT budgets, hinders innovation, and leaves organizations vulnerable to digital disasters. Today’s announcement presents a standardized method for measuring the financial impact of structural weaknesses remaining in code at release. It expresses the cost of software quality in terms the business can understand, including the liabilities incurred if a weakness triggers a disastrous incident or the opportunity cost of having to fix weaknesses rather than develop innovative functionality.”


OMG Chairman and CEO, Dr. Richard Soley said, “CISQ is leading the way to establish a common standard to help businesses manage the risk posture of their software systems in financial terms, which is a major reason why OMG sponsored the CISQ measures. The Automated Technical Debt Measure standard is the first of its kind to help businesses estimate corrective maintenance costs, allocate repair effort, address potential trouble areas, and/or decide to replace an application due to excessive Technical Debt.”


Dr. Curtis will present a webinar on January 16, 2018 from 11:00 am – 11:30 am ET to introduce the standard and show businesses how they can calculate their Technical Debt.



About CISQ

The Consortium for IT Software Quality™ (CISQ™) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size from source code. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon University, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by CAST, CGI, Cognizant, and Synopsys. For more information, visit



Ann McDonough
+1 781-444-0404



Note to editors: Object Management Group and OMG are registered trademarks of the Object Management Group.  For a listing of all OMG trademarks, visit All other trademarks are the property of their respective owners.

NASCIO 2018 Midyear Conference

Save the Date!


NASCIO Midyear Conference is April 22-24, 2018 in Baltimore, MD.





CISQ submitted a presentation proposal:


Over the past couple of years, State and Federal IT leaders have drastically improved practices to secure and modernize IT systems to improve services and reduce risk. Procurement teams are refining software quality requirements in contracts for new applications and code entered into production. New State laws such as Texas HB 3275 and Mississippi HB 999 mandate IT quality reporting rolling up to various levels of government starting in early 2018.


Until now, the software quality characteristics  of security, maintainability, reliability, performance efficiency, and resiliency, as measured by IT teams with mature software engineering practices, have been defined subjectively in IT reporting, contracts and SLAs. There was no standard definition of each measure.


The Consortium for IT Software Quality (CISQ) would like brief NASCIO members on new standards for reporting software quality and risk. A new standard has just been announced for automating the measurement of Technical Debt.





ISMA 15 Conference

Save the date!



ISMA 15 will be held in Rome, Italy on May 9-11, 2018.


ISMA 15, the next GUFPI / IFPUG collaborative International Software Measurement & Analysis (ISMA) Conference, will be held in Rome on May 9-11, 2018. There will be a one day main conference (May 11), preceded by two days of workshops (May 9-10), and CFPS and CSP onsite exams. In addition, there will also be networking opportunities to meet international measurement experts.


GUFPI = Gruppo Utenti Function Point Italia – Italian Software Metrics Association

IFPUG = International Function Point Users Group


CISQ is delivering a presentation to discuss:

  • Ex-post measurement of software sizing and development activity sizing, including non-functional (technical) elements in the source code through Automated Enhancement Points (AEP) calculation from CISQ
  • Ex-post measurement of software quality (security, reliability, performance efficiency, maintainability) and estimation of related remediation effort through Automated Technical Debt from CISQ
  • Usage of sizing and quality metrics to support the development of quality-adjusted productivity indicators



Centro Congressi Frentani
Via dei Frentani, 4
00185 Rome (RM), Italy






34th International Workshop on Global Security

CISQ is a proud sponsor of the 34th International Workshop on Global Security. Speaking from CISQ is Paul Bentz, Director of Government and Industry Programs in Europe. Visit the Center for Strategic Decision Research website at





Venue: Hôtel National des Invalides in Paris, France


Theme: Global Security in the Age of Hacking and Information Warfare: Is Democracy at Stake?


Workshop Chairman & Founder: Dr. Roger Weissinger-Baylon, Co-Director, Center for Strategic Decision Research


Honorary Chairman: Lieutenant General Bernard de Courrèges d’Ustou, Director, Institut des hautes études de défense nationale


Presented by: Center for Strategic Decision Research (CSDR) and Institut des hautes études de defense nationale (IHEDN), within the French Prime Minister’s organization


Principal Sponsors: French Ministry of Defense, North Atlantic Treaty Organization – Public Diplomacy, United States Department of Defense – Office of the Director of Net Assessment, Cisco Systems


Major Sponsors: Fujitsu, McAfee, MITRE, CISQ, Area SpA


Associate Sponsors: AXA



Mr. Paul Bentz

Director of Government and Industry Programs

Consortium for IT Software Quality



Code Quality Standards Highlighted in U.S. State Department CSM (Consular Systems Modernization) Project

The U.S. State Department Office of Acquisitions referenced code quality requirements in the Consular Systems Modernization (CSM) statement of work.


From the State Dept. CSM acquisition document on page 23, section C.4.2:


“The contractor shall adhere to CST application coding standards intended to assist in creating code that is free of critical quality defects and is highly maintainable.”


CST = Consular Systems and Technology


“CST will employ a Software Code Review process by which it will analyze all source code by measuring application level code quality and code assurance across the portfolio of COTS configurations and custom developed software. CST will also employ Software Code Quality (SCQ), an analysis that will evaluate application risk around robustness (stability, resiliency), performance, architectural security, transferability, system maintainability (sustainment) and changeability of applications as they evolve. These measurements are based upon industry best practices and standards related to complexity, programming practices, architecture, database access and documentation. They are derived from standards bodies such as the International Organization for Standardization (ISO), Software Engineering Institute (SEI), Object Management Group (OMG) and the National Institute of Standards and Technology among others.”


Link to State Dept doc


About CISQ


The Consortium for IT Software Quality (CISQ) was founded by the Object Management Group, a technology standards organization, and the Software Engineering Institute (SEI) at Carnegie Mellon University, a Federally Funded Research and Development Center,  to develop standards for automating the measurement of software. CISQ has delivered code quality standards that are now “acquisition-ready” for managing the security, reliability, performance efficiency, and maintainability of software.