
CISQ's Trustworthy Systems Manifesto
The Consortium for Information & Software Quality™ (CISQ™) has published a Trustworthy Systems Manifesto containing 5 principles for ensuring secure and trustworthy software. Read the Manifesto and use the information inside to set policy in your organization.
The Objective
As businesses and governments automate more of their business and mission processes, the risks to which software-intensive systems expose the organization grows dramatically. IT-related incidents at Knight Capital, SWIFT, Target, and United Airlines far exceeded $100 million in damages. In an era of 9-digit glitches (incidents with damages over $100,000,000), senior executives outside IT are held accountable, and some have lost their jobs as a result. Since senior executives are rarely IT experts, they need guidance on how to govern the risks of untrustworthy systems. The Manifesto’s objective is to initiate discussions between the enterprise and IT or engineering about reducing operational and cost risks to the business.
5 Principles
As a greater portion of mission, business, and safety-critical functionality is committed to software-intensive systems, we establish the following principles to govern system development and deployment:
- Engineering discipline in product and process
- Quality assurance to risk tolerance thresholds
- Traceable properties of system components
- Proactive defense of the system and its data
- Resilient and safe operations
About CISQ
This Manifesto is developed and maintained by the Consortium for Information & Software Quality ™ (CISQ™), a standards consortium managed by the Object Management Group® (OMG®). OMG is a member-driven, not-for-profit IT standards organization. CISQ is chartered to advance the trustworthiness of software-intensive systems by producing standards for automating the measurement of size and structural quality from software source code. CISQ conducts outreach activities to spread measures and techniques for improving the trustworthiness of software-intensive systems. www.it-cisq.org