July 2017

Update on Quality Standards and Adoption

Technical Debt specification approved, U.S. gov't agency reference, new Texas state law for IT projects...


On June 5 at the OMG® Technical Meeting in Brussels, Belgium, the OMG Architecture Board approved moving to finalization of the automated Technical Debt measure developed by CISQ. CISQ hosted a Cyber Resilience Summit in Brussels to brief CIOs and IT policy makers from NATO, the EU, and European national governments. Formal adoption should follow at the next Technical Meeting, September 25-29 in New Orleans, LA. 

Heading to New Orleans in late September? Register for the OMG Cybersecurity Workshop on Thursday, September 28 from 8:30am - 4:30pm. CISQ presents Technical Debt Findings and a Standard. Other presentation topics include securing the Industrial Internet of Things (IIoT), model based cybersecurity assessment, security views in the UAF (Unified Architecture Framework), and more.


This fall CISQ will begin extending the Automated Quality Characteristic Measures for Security, Reliability, Performance Efficiency and Maintainability to cover weaknesses unique to embedded and real-time systems. A number of organizations that are starting to certify software components of devices and IoT have expressed interest in having a common standard for embedded software. We will be working with such certification organizations (TUV, UL, AFNOR, AENOR) in the coming months.

Policy Adoption

CISQ has just been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA's document, Schedule 70 Blank Purchase Agreement for IT and Development Services, citing CISQ...

"PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for IT Software Quality (CISQ) for guidance on how to measure, evaluate and improve software." 

Herb Krasner, a member of the CISQ Advisory Board, led development of new legislation in Texas requiring the measurement and reporting of IT project performance across state IT projects. The goal is to get a better handle on oversight, quality, and cost of large IT projects to avoid some of the expensive failures of recent past. Directives in the new law, HB 3275, go into effect on January 1st. Herb Krasner has written a position paper for state CIOs and IT leaders where CISQ is referenced. 

Dr. Bill Curtis
Executive Director


Registration Now Open!

Cyber Resilience Summit
 Modernizing and Securing Government IT
October 19, 2017 Arlington, VA

RSVP today:

With passage of the Technology Modernization Act and Trump's Executive Order for Cyber Security seeking to modernize and secure legacy systems that right now are the #1 cyber threat, forward-leaning public officials, standards bodies, and IT Communities of Interests are converging for the 4th annual Cyber Resilience Summit on October 19 in Arlington, VA. With growing threats from a tech savvy adversary, Federal agencies need to embrace advanced risk management and modernization practices proven effective in the global IT market.

The program covers risk-managed digital transformation and the practical application of systems engineering to support agile acquisition, cloud readiness, big data, technical debt control, and cyber risk management of complex mission, C2, weapon and citizen-facing systems.


How Outsourcing Can Mitigate Cyberrisks in DevOps

Guest blog from Dr. Erik Beulen et al, Boston Consulting Group

DevOps agility requires organizational adjustments and additional tooling to ensure cybersecurity. At the same time, the challenges of the cybersecurity labor market drive the need to increase tooling’s impact and to consider outsourcing. In turn, these require carefully focusing on cybersecurity governance, including the assignment of accountability and responsibility...

Read this article on CISQ's blog



Upcoming Events 

Software and Supply Chain Assurance (SSCA) Meeting, Aug 29-30, MITRE, McLean, VA

Gartner Catalyst Conference, Aug 21-24, San Diego, CA. Save $300 with the code GARTCISQ!

Gartner Sourcing & Strategic Vendor Relationships Summit, Sept 13-15, Nashville, TN. Save $300 with the code GARTCISQ!

Forrester Privacy & Security, Sept 14-15, Washington, DC

OWASP AppSec USA, Sept 19-22, Orlando, FL

OMG® Technical Meeting, Sept 25-29, New Orleans, LA

STARWEST - Software Testing Conference, Oct 1-6, Anaheim, CA


Thank You CISQ Sponsors

About CISQ
The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introduce computable metrics standards for measuring software quality and size. CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. 

By accepting this email and not responding with an unsubscribe request, you have consented or "opted in" to receive additional correspondence and promotions from OMG and its associated partners and sponsors. Should you wish to opt-out in the future please visit