Automated Quality Characteristic Measures

CISQ has developed Automated Quality Characteristic Measures to proactively measure and manage the structural quality of IT application software. The automated measures for Security, Reliability, Performance Efficiency, and Maintainability are now OMG® approved standards making them global standards for use in IT organizations.


The CISQ Automated Quality Characteristic Measures are used to identify critical violations of good coding and architectural practice in the source code of software. The measures are designed to be run against system source code to identify vulnerabilities at both the unit level and system level. Violations were included in the CISQ measures only if the violations were considered severe enough that they had to be addressed in future releases. These measures collectively cover eighty-six critical code quality rules. Software quality should be measured over time for the improvement of application development and maintenance. 


The CISQ Automated Quality Characteristic Measures are conformant to the definitions of these quality characteristics in ISO/IEC 25010. CISQ aims to supplement ISO by specifying measures of internal quality at the source code level.


Security: Identifies critical security violations in the source code drawn from the Top 25 security weaknesses in the Common Weakness Enumeration (CWE) repository.

Reliability: Identifies critical violations of availability, fault tolerance, and recoverability of software.

Performance Efficiency: Identifies critical violations of response time, as well as processor, memory, and utilization of other resources by the software.

Maintainability: Identifies critical violations of modularity, architectural compliance, reusability, analyzability, and changeability in software.



Read the CISQ Recommendation Guide: Effective Software Quality Metrics for ADM Service Level Agreements


<< Back to Code Quality Standards