Automated Source Code Security Measure
Security assesses the degree to which an application protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization (ISO 25010). Security measures the risk of potential security breaches due to poor coding and architectural practices. Security problems have been studied extensively by the Software Assurance community and have been codified in the Common Weakness Enumeration (CWE) at cwe.mitre.org.
The CISQ Automated Source Code Security Measure draws from the CWE/SANS Institute Top 25 Most Dangerous Software Errors and identifies the most widespread and frequently exploited security weaknesses in software. The standard is comprised of 36 weaknesses and is a good predictor of how easily an application can suffer unauthorized penetration that results in stolen information, altered records, or other forms of malicious behavior.
View a description of each weakness contained in the Security measure here.