1. What is CISQ?
The Consortium for IT Software Quality™ (CISQ™) is an IT leadership group that develops international standards for automating the measurement of software size and structural quality from the source code. The standards written by CISQ enable IT and business leaders to measure the risk IT applications pose to the business, as well as estimate the cost of ownership. CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. CISQ develops measurement specifications that are submitted to the OMG for approval as standards.
2. Why do we need CISQ?
Industry needs standard, automated measures for evaluating software size and the structural quality of software from the source code. Establishing a global standard for software structural quality is an important step for enabling these measures to be used in acquiring IT applications from suppliers or for apples-to-apples comparison in benchmarking applications.
3. How does CISQ deploy its standards?
CISQ hosts outreach events, influences policy, and briefs analysts and the media on software quality. CISQ hosts the Cyber Resilience Summit in Washington, DC to influence the cybersecurity and resilience of mission-critical federal applications. CISQ has submitted position papers and requests for information regarding federal policy from several U.S. government agencies such as NIST, DoD, and the SEC. CISQ is developing a certification program to enable IT organizations to certify the structural quality of IT software they develop or acquire. CISQ is also developing an individual certification program to advance professional skills in this area.
4. How do I become a CISQ member?
To become a CISQ member, please click here.
5. Is there a membership fee?
CISQ is an open membership organization. There is no fee to join. CISQ sponsors provide the resources needed to support CISQ’s mission and operations.
6. How is CISQ managed?
CISQ is managed by the Object Management Group®, an international, open membership, not-for-profit technology standards consortium. The Executive Director of CISQ is Dr. Bill Curtis, well-known for his work on CMM software process improvement, and software measurement (Read Dr. Curtis’ biography). The work that CISQ undertakes is directed by a Governing Board comprised of executives from sponsoring organizations. CISQ’s Advisory Board helps to advise on awareness and adoption.
7. What are the benefits of CISQ sponsorship?
Sponsoring CISQ puts IT leaders in the position to directly influence the implementation of the industry standard for the structural quality of software and showcase their leadership in delivering dependable, trustworthy software. CISQ standards are developed by experts from CISQ sponsor organizations. To learn more about becoming a CISQ sponsor, please click here.
8. How does CISQ relate to ISO?
The CISQ Automated Quality Characteristic Measures were written using definitions in ISO/IEC 25010, the international standard that defines eight software quality characteristics and elaborates them into sub‐characteristics. The CISQ measures supplement ISO/IEC 25023, the standard that enumerates measures of the various sub‐characteristics. However, ISO/IEC 25023 provides measures primarily at the behavioral level and does not enumerate or measure specific weaknesses in the source code that cause undesirable behaviors. The CISQ measures were written to be quantified from the automated analysis of architectural and coding weaknesses in source code, since manual review is infeasible for large multi‐layer, multi‐language, multi‐platform systems. For more information, read CISQ Supplements ISO/IEC 25000 Series with Automated Quality Characteristic Measures.
9. How does CISQ relate to CMMI?
CISQ is complementary to CMMI. CISQ measures the structural quality of a software product. CMMI is a standard for measuring the maturity of an organization’s software development and maintenance processes. Both standards can be used together to improve an organization’s ability to develop and maintain high quality software.
10. How does CISQ relate to the NIST Cybersecurity Framework?
CISQ is in support of NIST’s efforts to develop the Cybersecurity Framework. For details, click here. CISQ has submitted comments during open review periods. The Cybersecurity Framework explains “what to do” to develop, acquire, modernize and secure IT-intensive systems, and leaves “how to do it” open to an organization to customize with practices. CISQ’s contributions to the NIST Cybersecurity Framework are automatable source code standards for measuring software size and software structural quality.