CISQ banner
March 2016

 Highlights from March 15 Cyber Resilience Summit
Thank you for attending!

Last week CISQ hosted the Cyber Resilience Summit, our 4th annual event in Washington, D.C., bringing together nearly 200 IT innovators, standards experts, U.S. Federal Government leaders, and attendees from private industry. The CISQ quality measures became official standards last fall, so this was our largest outreach event to date. The Summit covered topics from the layered cybersecurity defense approach taken by the NSA, to the impact of acquisition policy on the reliability and security of Federal software-intensive systems. 

As Dr. Phyllis Schneck (Deputy Under Secretary for Cybersecurity and Communications for the National Protection and Programs Directorate, U.S. Department of Homeland Security) explained on the "Titans of Cyber" panel pictured below, the safest position is to assume your systems have already been penetrated and you must decide how to defend against the intruder.

Titans of Cyber: Dr. J. Michael Gilmore, DoD OT&E; Dr. Phyllis Schneck, DHS NPPD; John Weiler, IT-AAC; Lucia Savage, ONC HHS; Dr. Paul Nielsen, SEI, Carnegie Mellon University  L-R: Tom Hurt, DoD; Dr. Paul Nielsen, SEI, Carnegie Mellon University; Dr. Bill Curtis, CISQ; Don Davidson, DoD

Key themes coming out of the event:

  • Software must move from a "craft" to an engineering discipline
  • The current level of risk in Federal IT is unacceptable and processes must change
  • Poor quality software is inherently less secure and resilient software
  • You can’t secure software with risky architecture – both vulnerabilities must be addressed together

For their time and insights, I thank the Summit presenters: Curtis Dukes (NSA), Dr. Phyllis Schneck (DHS), Dr. J. Michael Gilmore (DoD OT&E), Lucia Savage (HHS), Dr. Paul Nielsen (SEI, Carnegie Mellon U.), Dr. David Zubrow (SEI, Carnegie Mellon U.), Dr. Vadim Okun (NIST), Kris Britton (NSA), Dr. Robert Childs (AFCEA), John Weiler (IT-AAC), Emile Monette (GSA), Lev Lesokhin (CAST), Richard Spires (Learning Tree), Joe Jarzombek (Synopsys), Don Davidson (DoD), and Jon Boyens (NIST). 

The presentations have been posted to the CISQ website here

Dr. Bill Curtis
Executive Director

Standards Update

Automated Enhancement Points: CISQ submitted a proposed specification for Automated Enhancement Points to the Object Management Group® (OMG®). Automated Enhancement Points is a measure of software size to be used in productivity analysis and sizing of software maintenance activities.The spec is being voted on by OMG members. We anticipate the spec will become a standard in 2016.

Technical Debt: CISQ is currently working on a specification for structural quality Technical Debt. Technical Debt is a measure of software cost due to defects remaining in code at release. Technical Debt is a primary component of the cost of ownership of an application. The Software Engineering Institute (SEI) at Carnegie Mellon University has been a leader in developing a framework for Technical Debt and is engaged in the project. In addition to an automated measure, the team will provide a general framework for describing and analyzing Technical Debt. CISQ will be participating in the Dagstuhl Seminar,"Managing Technical Debt in Software Engineering," in April to be held at Schloss Dagstuhl in Germany to build consensus on the Technical Debt framework and how it should be measured.

You're Invited to"Reducing IT Outages in UK Banks" in April

Event: Reducing IT Outages in UK Banks
April 27, 2016
15:00 – 17:00 Presentations & Panel
17:00 – 18:00 Networking & Drinks
Location: techUK building at 10 St Bride Street, London EC4A 4AD

Over the last few years the UK banks have suffered an increasing number of major IT outages causing customer dissatisfaction, brand damage, and, in some cases, fines from the regulators. It is more critical than ever for UK banks to measure the risk, robustness and security of core applications to mitigate these IT risks.

Learn more & register here


Industry Event Calendar

STAREAST, May 1-6, 2016 in Orlando, FL
CISQ is a partner sponsor. Save $200 with the code SECM!

SATURN 2016, May 2-5, 2016 in San Diego, CA
CISQ is a partner sponsor. 

ISMA12, May 3-5, 2016 in Rome, Italy.
CISQ is speaking.

Gartner Enterprise Architecture Summit, May 11-12, 2016 in National Harbor, MD
CISQ is a partner sponsor. Save $325 with the code GARTCISQ!

Agile Dev, Better Software, DevOps West, June 5-10, 2016 in Las Vegas, NV.
CISQ is a partner sponsor. Save $200 with the code CWCM!

Thank You CISQ Sponsors

About CISQ
The Consortium for IT Software Quality™ (CISQ™) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introduce a computable metrics standard for measuring software quality and size. CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk.

By accepting this email and not responding with an unsubscribe request, you have consented or "opted in" to receive additional correspondence and promotions from OMG and its associated partners and sponsors. Should you wish to opt-out in the future please visit