of Code Quality Standards Coming Soon!
In December, the Embedded
Extensions Working Group submitted an updated set of
Automated Source Code Quality Measures to the Object
Management Group® (OMG®) for measuring
Security, Reliability, Performance Efficiency and
Maintainability. This update includes a refresh of critical
software weaknesses in each measure. The first
set of measures were approved as OMG standards in 2015
and initially developed for enterprise and business systems.
This update addresses the uptake of IoT and its security. We will make an
announcement and present a webinar when the new measures are
The next time you visit the Common Weakness
Enumeration (CWE) you will see a new CISQ view that
maps the quality measure standards to the CWE. The
CWE is a repository of 800+ software weaknesses (also known as
"CWEs") that cause security issues. There are many CWEs, and these
views provide guidelines to prioritize the
mitigation of the most critical weaknesses. The CISQ view is alongside the
CWE / SANS Top 25 and OWASP Top 10, referencing the CISQ standard for Security and other complementary
measures for Reliability, Performance Efficiency and
Maintainability inherently tied to the trustworthiness of software.
I'd like to thank the CISQ team from CAST, Synopsys, MITRE, SEI,
Northrop Grumman, CGI, Tech Mahindra, ISHPI, and Cognizant for
your great work on the measures.
If you are establishing code quality standards
in your organization, we recommend that you use the CISQ
measures as a baseline for improving quality and
Dr. Bill Curtis
Spotlight on IT
Vendor-supplied software has
become a high-value/high-risk acquisition to Vendor Management
Offices (VMOs) in every industry vertical. The sourcing of
Application Development and Maintenance (ADM) is shifting from time
and material to outcome-based agreements. This webinar will discuss best practices and measures to use in managing your software vendors to ensure you are protecting your organization from unnecessary risk. Register
Do you have plans to attend IAOP's Outsourcing World Summit (OWS19), February 17-20 in Orlando, FL?
Lev Lesokhin, CISQ Governing Board Member, presents
Acquiring Trustworthy Software with Software Quality Measurement Standards on Tuesday, February
Southern California Joins CISQ
Please join us in welcoming the
Southern California, Center for Systems and Software
Engineering as CISQ's first academic sponsor!
Dr. Barry Boehm has joined the CISQ Governing
Board to help lead the consortium. Dr. Boehm is USC's Distinguished Professor of Computer Science, Industrial and Systems
“I’ve been impressed with CISQ’s influence in systems and software qualities, both in getting them more emphasized in systems engineering, development, acquisition, and life cycle management. USC is a partner with the Stevens Institute in leading the DoD Systems Engineering Research Center, where I’ve been the Chief Scientist and leader of a 5-year, 8-university project: Systems Qualities, Ontology, Tradespace, and Affordability, which identified Maintainability as a key to several other qualities, and Technical Debt as a key to improving maintainability, where we also found CAST and CISQ as leaders. I am looking forward to working within CISQ on these critical issues.”
Read the press release.
As businesses and governments automate more of their business and mission
processes, the risks to which software-intensive systems expose the organization grows dramatically. IT-related incidents at Knight Capital, SWIFT, Target, and United
Airlines far exceeded $100 million in damages.
The Trustworthy Systems Manifesto
outlines 5 principles for senior executives that are charged
with setting policy and need guidance on how to govern the risks of untrustworthy
Engineering discipline in product and process
Quality assurance to risk tolerance thresholds
Traceable properties of system components
Proactive defense of the system and its data
Resilient and safe operations
Bill Curtis joined a Software Ate My Homework
podcast on the subject of "Can We Trust Our
Software?" You can listen to the podcast or read the
transcript. There's also a webinar
introducing the Manifesto with a link to download the deck or
view the video.
Chain Risk Management in the News
houses of the US legislature passed the SECURE
Technology Act, which combines
three existing bills to establish a
Federal Acquisition Security Council to
help reduce the supply chain threat for
federal agencies, and establish a bug
bounty and vulnerability disclosure
program at the Department of Homeland
Security (DHS). CISQ
is discussing how to advise stakeholders
on this subject.
in a couple of meetings on your calendar:
you are interested in participating in
these meetings, please contact Tracie
Berardi at firstname.lastname@example.org.
Outsourcing World Summit (OWS) 19,
Orlando, FL. CISQ
presents Acquiring Trustworthy Software with Software Quality Measurement
Standards on Feb. 19.
Services and Outsourcing Week (SSOW),
March 11-14, Orlando, FL. CISQ members save
20% off the
registration fee with the code 23SSOW_CISQ.
Technical Meeting, March 18-22,
April 28 - May 3, Orlando, FL. CISQ members save
$200 off the
registration fee with the code SECM.
and Supply Chain Assurance (SSCA) Forum,
May 7-8, MITRE in McLean, VA.
Enterprise Architecture and Technology
Innovation Summit, May 14-15,
Orlando, FL. CISQ members save $350 off the registration
fee with the code GARTCISQ.
VIEW CISQ'S EVENT CALENDAR
Sponsors, Thanks for the Great Support!