CISQ's Trustworthy Systems Manifesto
The Consortium for IT Software Quality™ (CISQ™) has launched a Trustworthy Systems Manifesto containing 5 principles for ensuring secure and trustworthy software. You are encouraged to read the Manifesto and use the information to develop corporate and government policy for developing and deploying trustworthy software systems.
As businesses and governments automate more of their business and mission processes, the risks to which software-intensive systems expose the organization grows dramatically. IT-related incidents at Knight Capital, SWIFT, Target, and United Airlines, for example, far exceeded $100 million in damages. In an era of 9-digit glitches (incidents with damages over $100,000,000), senior executives outside IT are held accountable, and some have lost their jobs as a result. Since senior executives are rarely IT experts, they need guidance on how to govern the risks of untrustworthy systems. The manifesto’s objective is to initiate discussions between the enterprise and IT or engineering about reducing operational and cost risks to the business.
As a greater portion of mission, business, and safety-critical functionality is committed to software-intensive systems, we establish the following principles to govern system development and deployment:
- Engineering discipline in product and process
- Quality assurance to risk tolerance thresholds
- Traceable properties of system components
- Proactive defense of the system and its data
- Resilient and safe operations
This manifesto is developed and maintained by the Consortium for IT Software Quality™ (CISQ™), a standards consortium managed by the Object Management Group® (OMG®). OMG is a member-driven, not-for-profit IT standards organization. CISQ is chartered to advance the trustworthiness of software-intensive systems by producing standards for automating the measurement of size and structural quality from software source code. CISQ conducts outreach activities to spread measures and techniques for improving the trustworthiness of software-intensive systems. www.it-cisq.org