October 2016

Standards Update

Automated Enhancement Points, Technical Debt...

This year CISQ finalized a standard for Automated Enhancement Points that has been approved by the Object Management Group® (OMG)® for publication. Automated Enhancement Points or "AEP" is a measure of software size to be used in productivity analysis and software maintenance activities.

CISQ worked on a measure of Technical Debt that identifies critical violations of good coding and architectural practice in source code (see Quality Characteristic Measures) and estimates their effort to repair. The measure will be submitted to the OMG in early 2017.

In July I attended NIST's Workshop, Software Measures and Metrics to Reduce Security Vulnerabilities, aimed at strengthening NIST's cybersecurity framework which is used widely across the U.S. Federal Government for securing critical IT infrastructure and software-intensive systems. I suggested inclusion of CISQ's code quality standards. NIST is focused on this effort and we'll share updates as we have them.

Please make plans to attend CISQ's Cyber Resilience Summit on October 20 in Arlington, Virginia. We're briefing Government leaders on software quality standards for use in IT development, sustainment, and acquisition programs. Keynote speaker, Dr. David Bray, CIO of the FCC, will discuss how he moved the FCC's legacy IT systems to cloud computing, saving the organization millions. 

Dr. Bill Curtis
Executive Director


Cyber Resilience Summit
 October 20, Army Navy Country Club, Arlington, VA

REGISTER NOW to join 150 of your peers for this educational event. 

As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Ensure Resiliency in Federal Software Acquisition. There are participants from DoD, many federal agencies, FFRDCs (MITRE, SEI, NIST..), and industry. The speakers are compelling and the subject matter is important. View the agenda and register today.


CISQ Webcast: Reducing Software Vulnerabilities - The "Vital Few" Process and Product Metrics

Speakers: Dr. Bill Curtis, Executive Director, CISQ; Girish Seshagiri, EVP/CTO, ISHPI
Date: Wednesday, October 26, 2016
Time: 2:00pm – 3:00pm ET
Registration: Complimentary registration

This presentation will demonstrate the combined impact of high maturity processes and disciplined agile teams on secure software development. We will share real-world data that reflects nearly zero security incidents as a result of high quality code. 

Learn more & register


Upcoming Events

New York Metro Joint Cyber Security Conference (NYMJCSC), October 5, 2016 in New York, NY. CISQ is presenting, "Measuring the Cybersecurity of Software." 

AFCEA DC's Cybersecurity Summit, October 11-12, in Arlington, VA and Washington, DC. CISQ is a partner sponsor. Visit our table!

Pacific Northwest Software Quality Conference (PNSQC), October 17-19, 2016 in Portland, OR. CISQ is a partner sponsor. 

View CISQ's Event Calendar 

If you're attending --  send us a note.



CISQ attended Gartner's Sourcing and Strategic Vendor Relationships Summit from September 21-23 in Grapevine, TX.  Read CISQ's blog for coverage: Sourcing Innovation

Dr. Bill Curtis, CISQ Executive Director, presented Software Security Issues in the Industrial Internet at the OMG's special event, IIoT Challenges and Opportunities on September 15 in Chicago, IL. Download the presentation deck here

October is National Cybersecurity Awareness Month. Follow CISQ on Twitter!  #cyberaware 


Thank You CISQ Sponsors

About CISQ
The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introduce computable metrics standards for measuring software quality and size. CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. 

By accepting this email and not responding with an unsubscribe request, you have consented or "opted in" to receive additional correspondence and promotions from OMG and its associated partners and sponsors. Should you wish to opt-out in the future please visit