The Place for Software Testing Innovations


STARWEST is one of the longest-running and most respected conferences on software testing and quality assurance. The event week features over 100 learning and networking opportunities and covers a wide variety of some of the most in-demand topics and innovations:

  • Testing in DevOps
  • Test Transformation
  • Test and Release Automation
  • Agile Testing
  • Testing for Developers
  • Security Testing
  • Test Strategy, Planning, Metrics
  • Test Leadership
  • Performance Testing and Monitoring
  • Big Data, Analytics, AI/Machine Learning for Testing


View the agenda here


Register now using CISQ’s exclusive promo code — SWCM — and save up to $200 off your registration! Additionally, if you register by August 31, you will save up to an additional $200 off with super early bird pricing — a combined savings of up to $400.*

Cyber Resilience Summit: The Crossroads of IT Modernization and Cybersecurity


TOPIC: Reducing Modernization Risk through Compliance to Software and Risk Management Standards


HOSTED BY: Consortium for IT Software Quality™ (CISQ™) in cooperation with the Object Management Group® (OMG®) and IT Acquisition Advisory Council (IT-AAC)


REGISTRATION: Admission is complimentary for government employees and elected officials, not-for-profit organizations, and universities. An industry pass is $250. Admission includes lunch and a refreshment break. Thank you for supporting this public service event. Register online here. Note: If eligible for a complimentary pass, select “Special” under Payment Type and enter CISQGOVF18 in Discount Code field. For a media pass, enter CISQPRF18.





The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. The program focuses on standards and best practices for measuring risk and quality in IT-intensive programs from the standpoint of productivity, software assurance, overall quality and system/mission risk. Discussions expose proven methods and tools of incorporating such standard quality metrics into the IT software development, sustainment and acquisition processes.


Our message to attendees: This is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.





8:00 Welcome to the Cyber Resilience Summit

Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)

John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)

8:15 Titans of Cyber: Critical Success Factors for Modernizing and Securing Government IT

Lead: John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)


Federal IT leaders brief on priorities, policy and plans for modernizing and securing government IT, building momentum from the “forcing functions” of the Federal IT Acquisition Reform Act (FITARA), Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda.


Titans of Cyber speakers:

  • Jeanette Manfra, Assistant Secretary for Cybersecurity and Communications, National Protection and Programs Directorate, U.S. Department of Homeland Security  – confirming
  • Mark Hakun, Deputy Chief Information Officer, National Security Agency
  • Scott Tousley, Deputy Director, Cyber Security Division, U.S. Department of Homeland Security Science and Technology Directorate
  • Susan Dorr, Director of Cybersecurity Division, Office of the Director of National Intelligence
  • Mark Kneidinger, Deputy Director, National Risk Management Center, U.S. Department of Homeland Security – confirming
9:30 Trustworthy Systems Manifesto from CISQ

Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)


As businesses and governments automate more of their business and mission processes, the risk to which Information Technology (IT) exposes the organization grows dramatically. In an era of 9-digit defects (IT incidents with damages over $100,000,000), senior executives outside IT are held accountable and some have lost their jobs.


CISQ will brief on cyber risk measurement standards and then introduce a Trustworthy Systems Manifesto. The Manifesto contains a set of principles that senior business and public executives should hold IT accountable for implementing to ensure the systems to which they have entrusted the business or mission are trustworthy. A trustworthy system is one that is secure from unauthorized users and actions, reliable in its performance, resilient to unexpected conditions, and accurate in its computations.


 10:15 Break & Networking
 10:30 Supply Chain Risk Management (SCRM) Gets Legislative Attention

Lead: Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and Board Member, Consortium for IT Software Quality (CISQ)


Software supply chain assurance is finally en vogue. The Pentagon is evaluating how to insert security metrics into the acquisition process to measure cyber risk on the same scale as cost, schedule, and performance. The phrase “shift left” from software development circles applies here, referring to the practice of mitigating risk earlier in the system lifecycle to avoid costly, compounded technical debt and unacceptable levels of risk from vulnerabilities and compromise. This panel will discuss the latest developments, best practices, and standards of practice for SCRM.



  • Christopher Nissen, Director, Assymetric Threat Response, MITRE; Co-author of Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War
  • Don Davidson, Deputy Director, Cybersecurity Risk Management (+ Chief of SCRM Division), Office of the Deputy DoD-CIO for Cybersecurity
  • Dr. Allan Friedman, Director, Cybersecurity Initiatives, National Telecommunications and Information Administration, U.S. Department of Commerce
  • Shon Lyublanovits, Senior Advisor for Cybersecurity, GSA
 11:30 Continuous Diagnostics and Mitigation (CDM) Moves to Phase 4

Kevin Cox, Program Manager, CDM, U.S. Department of Homeland Security – confirming


One of the biggest cybersecurity programs in the U.S. Federal Government is Continuous Diagnostics and Mitigation (CDM) at the Department of Homeland Security. This panel will discuss the CDM roadmap and phase 4 of the program which targets protection of data and the application stack. Speakers will join from agencies successfully deploying CDM.


12:15 Lunch and keynote
1:15 Regulators Roundtable: Best Practices in Cyber Policy for Industry

Lead: Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)


Cybersecurity challenges are not unique to government. This cross-industry panel will discuss how risk is measured and how policy is set and implemented in sectors outside of government, including financial services, healthcare, and utilities. What can we learn from each other? How do we strike the right balance?



  • Chris Hetner, Senior Cybersecurity Advisor to the Chairman, SEC – confirming
  • Bethany Dugan, Deputy Comptroller for Operational Risk, Office of the Comptroller of the Currency
  • Seth Carmody, Cybersecurity Program Manager, U.S. Food and Drug Administration
  • Donald Saxinger, Senior Examination Specialist, IT Supervision Brand, Division of Risk Management Supervision, FDIC – confirming
 2:15 Innovative Methods for Producing Cybersecure Software

Lead: Girish Seshagiri, EVP and CTO, ISHPI Information Technologies and Board Member, Consortium for IT Software Quality (CISQ)


The IT standards community is driving initiatives to automate cyber risk measurement and cyber threat modeling. In tandem, workforce development is critical to meeting the government’s cyber challenges and our nation’s IT skills gap. This panel of subject matter experts will brief the audience on methods for producing cybersecure, resilient and sustainable software systems through practice and education.



  • Robert Martin, Senior Principal Engineer, MITRE
  • Rodney Petersen, Director, National Initiative for Cybersecurity Education (NICE), NIST
  • Paul Seay, Northrop Grumman Fellow, Engineering Center of Excellence, NGMS Engineering, Sciences, and Technology, Northrop Grumman Corporation – confirming
3:15 Closing Remarks




Army Navy Country Club

Grand Ballroom, 2nd floor

1700 Army Navy Drive, Arlington, VA

website: phone: 703-521-6800














OWASP AppSec EU 2018


The OWASP Annual AppSec EU Security Conference is the premier application security conference for European developers and security experts. AppSec EU provides attendees with insight into leading speakers for application security and cyber security, training sessions on various applications, networking, connections and exposure to the best practices in cybersecurity.


The event begins with thirteen hands-on pre conference training programs from 2nd to 4th of July 2018. The main conference spans two days from 5th to 6th of July 2018, offering four full tracks of talks, for pen-testers and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs. This year’s conference program will focus on the bottom to the top and top to the bottom in application security.


The week is packed full of exciting opportunities and distractions such as the Women in Appsec gatherings, Capture The Flag, University Challenge and a great evening out at the AppSec EU 2018 Networking Event at the Imperial War Museums. There is so much to do at AppSec EU its a perfect blend of training, experiences, networking and fun.


CISQ members save $50 off the registration fee with the special code EU18-CISQ50. This code applies for the registration option of Conference and Networking Reception Event.  Register today!


New Texas State Laws for IT Project Performance and Cybersecurity


Join Agency CIOs and IT Professionals for a Strategic Breakfast Meeting in Austin


Recent legislation in Texas requires that state agency large IT projects measure and report on indicators for cost, schedule, scope and quality. When done properly, these measurements can be used to drive down costs, control risks, and improve project performance over time. Additionally, the Texas Cybersecurity Act establishes a framework for prioritizing security posture and reporting. The Texas Dept. of Information Resources (DIR), the Quality Assurance Team (QAT) and state agency CIOs and CISOs will be the primary actors to implement these new laws for optimum effect. These new measurement requirements will flow down to all IT vendors that support these projects.


We’re hosting a complimentary breakfast workshop on Tuesday, June 19 from 8:00 – 10:00 in Austin, TX to discuss these new laws and best practices for leveraging these new requirements. Specifically, the areas of quality and cybersecurity measurement will be highlighted at this forum.


Venue: Doubletree by Hilton, 303 W. 15th St., Austin, TX


RSVP: Registration is now closed.


Presentation topics

  • New measurement requirements and what they really mean
  • The policies, practices, standards and tools that can be used to support them
  • How to use this technology base to improve delivery performance for more effective IT systems






7:45 Check in at registration desk, pick up name badge, breakfast buffet
8:00 Welcome and introductions
8:05 New (?) Measurements for IT Projects: Leveraging Industry Best Practice
Herb Krasner, Texas IT Champion
Herb spent many years at UT Austin as Professor of Software Engineering, the Director of Outreach Services for the UT Center for Advanced Research in Software Engineering (ARiSE), and founder and CTO of the UT Software Quality Institute (SQI). Herb was instrumental in drafting this legislation and has been publishing a series of position papers to share guidance with state agencies across the U.S. Download presentation
8:40 An Introduction to Automatable Standards for Software Measurement
Dr. Bill Curtis, CISQ Executive Director
Dr. Bill Curtis is Executive Director of the Consortium for IT Software Quality (CISQ), an IT leadership group that develops standards for measuring software size, quality and technical debt. Dr. Curtis is the American lead on the ISO 25000 series of standards. Download presentation
9:15 Improving IT with Centralized Management of Code Quality Standards
Philip Crenshaw, Vice President and Global Business Engineering Leader for CGI’s U.S. Strategic Business Unit
Philip Crenshaw will explain how CGI derives better software quality, security and team performance utilizing software standards from CISQ. Leveraging an application intelligence platform managed by a single, centralized team, CGI applies CISQ quality metrics and CAST tools across every team around the world, no matter the client or location. Learn how CGI is turning the IT black box into a transparent, glass box, helping clients reduce costs for rework and outages – and shift capital from “run” to “change” initiatives. Download presentation
9:50 Open discussion and next steps
10:00 Close



CISQ outreach events are supported by program sponsors.


Thank you CGI, CAST, Cognizant, ISHPI, Northrop Grumman, Synopsys and Tech Mahindra for supporting the event!



Realizing Effective End-to-End Quality Management within the Health Domain: Case Studies Using OMG Standards


This special event is part of the OMG® Technical Meeting from June 18-22, 2018 in Boston, MA. Registration is complimentary.


From OMG’s website:


Boston is the “Hub of Healthcare,” a thriving ecosystem of thought leaders in technology, medicine and research and the epicenter of 300 digital healthcare companies pioneering the latest advances in big data analytics, patient personalization, smart technologies, and connected care. On June 18th join your peers from the Healthcare IT community for an introduction to standards and testbeds that are improving the quality and security of healthcare. This event is hosted by the OMG®, an IT standards development organization headquartered in Boston and led Dr. Richard Soley, an MIT alumnus.


The featured case study is the Connected Care Testbed showcasing the work from the Industrial Internet Consortium in developing an open IoT ecosystem for clinical and remote medical devices that can bring together patient monitoring data into a single data management and analytics platform.


The Consortium for IT Software Quality (CISQ) will present Cybersecurity and Resilience of Healthcare IT and Medical Devices, an introduction to code quality standards that can be used to guide software development projects or put into requirements definition for new systems or enhancements.


The OMG is organizing this meeting to demonstrate what’s possible and to discuss the application of cross-industry technologies, such as IoT, Blockchain, and AI, to improve patient outcomes and advance the practice of medicine. Attendance is beneficial to companies in healthcare, pharmaceuticals, life sciences and related sectors.


View the agenda


Register now for complimentary admission


View all OMG special events the week of June 18-22 in Boston



Gartner Program & Portfolio Management Summit 2018

Date: June 12 – 14, 2018
Venue: Gaylord National Resort & Convention Center in National Harbor, MD
Special rate: CISQ members save $350 off the registration fee! Apply the code GARTCISQ at registration


Scaling PPM for Digital Business: Pioneer. Partner. Build.


Digital business requires speed, continuous change and the embracing of uncertainty. The digital environment is constantly morphing, requiring leaders to adapt. In order to progress toward digital success, PPM leaders must re-evaluate and re-invent their disciplines, metrics, and tools – failure to adapt will be fatal. As a PPM leader you must:

  • Pioneer new approaches
  • Partner with teams to create a culture of change
  • Build bridges to get from strategy to effective execution.


Join Gartner to learn how to scale your PPM processes, tools and functions to position your organization for success in the digital era.


The agenda features four comprehensive tracks that will give you the insights and strategies you need to evaluate and re-invent your disciplines, metrics, and tools to enable enterprise transformation in the digital era.


Gartner Security & Risk Management Summit 2018

Date: June 4 – 7, 2018
Venue: Gaylord National Resort & Convention Center in National Harbor, MD
Special rate: CISQ members save $325 off the registration fee! Apply the code GARTCISQ at registration



Transform your data security, cyber-security, risk management and compliance strategies


Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Build resilience through leading-edge research and thinking on key topics such as BCM, cloud security, privacy and securing the Internet of Things (IoT).


The summit will provide the latest information on new threats and emerging technologies such as AI, machine learning, analytics and blockchain—while helping you address the ongoing shortage of skilled staff. Join the world’s CISOs and top security and risk management professionals to hone your leadership capabilities and gather the information you need to enable digital business in a world of escalating risk.







CISQ Webinar: Using Software Quality Standards at Scale in Agile and DevOps Environments

Speaker: Barry Snyder, DevOps Product Manager, Enterprise Architecture, Fannie Mae

Presented live on May 30, 2018


Over the past two years Fannie Mae IT has transformed from a waterfall organization to a lean culture enabled by Agile and DevOps. This webinar will discuss how Fannie Mae uses software measurement standards from CISQ to demonstrate significant improvements in code quality and development productivity. Executive management monitors the organization’s Agile-DevOps transformation by reviewing quality, productivity, and delivery-to-speed. Barry Snyder will discuss how his team aligned analytics across the organization to justify investment in Agile-DevOps practices.


Watch the webinar on CISQ YouTube









Tech Mahindra Collaborates with CISQ to Help Accelerate Code Quality Standards

Leading digital transformation services provider collaborates with CISQ to improve IT application quality, reduce cost and cyber-risk to meet future customer demands


Needham, MA; New Delhi – April 20, 2018 – The Consortium for IT Software Quality™ (CISQ™) announced today that Tech Mahindra has joined its roster of supporters in order to accelerate the creation and adoption of software quality standards in the IT industry. Tech Mahindra is a leading provider of digital transformation, consulting and business re-engineering services and solutions with headquarters in Mumbai.


This year, CISQ launched a working group to develop automatable standards for measuring the quality of embedded and real-time software. This new body of work is critically important to securing the Internet of Things (IoT) and related technologies and builds upon a set of standards developed by CISQ for measuring risk, security and technical debt in enterprise and business systems. In addition to its technical expertise, Tech Mahindra will help expand the presence of CISQ in India. The two organizations are teaming up to share best practices and methods for delivering quality software products that meet the highest industry standards.


“Tech Mahindra’s partnership with us is a testimony to its commitment to software quality. We are excited about incorporating its knowledge and experience into our software standards work, given the critical importance of software quality in technologies like IoT, medical devices, and mobile,” said Dr. Bill Curtis, Executive Director, CISQ.


“The new age customer, today, demands defect-free high-quality solutions, lightning fast delivery with no downtime, and the best-of-the-breed competency from their technology partners to address business challenges, deliver a seamless customer experience and create a distinct market position for themselves. It is imperative, therefore, that the quality of the product/solutions, match world-class standards”, said Mr. Abhijit Lahiri, Chief of Transformation, Tech Mahindra.TechM has ventured into building a #NewAgeDELIVERY Platform to bring these world-class solutions to the customer. The collaboration with CISQ complements this objective by using automated measures for evaluating structural quality of the software from the source code and establishing global quality standards.”


CISQ sponsors are committed to the development of high quality software and are prominently recognized as thought leaders in software quality measurement and analysis. CISQ sponsorship is available to companies of all sizes as well as government, academic and non-profit organizations. The collaboration reinforces Tech Mahindra’s efforts to comply with optimum software quality standards from a global perspective. It is also in line with the company’s efforts to continuously deliver the best in class solutions and offerings to its customers.


About Tech Mahindra

Tech Mahindra represents the connected world, offering innovative and customer-centric information technology experiences, enabling Enterprises, Associates and the Society to Rise™. We are a USD 4.7 billion company with 115,200+ professionals across 90 countries, helping over 903 global customers including Fortune 500 companies. Our convergent, digital, design experiences, innovation platforms and reusable assets connect across a number of technologies to deliver tangible business value and experiences to our stakeholders. Tech Mahindra is amongst the Fab 50 companies in Asia (Forbes 2016 list).


We are part of the USD 19 billion Mahindra Group that employs more than 200,000 people in over 100 countries. The Group operates in the key industries that drive economic growth, enjoying a leadership position in tractors, utility vehicles, after-market, information technology and vacation ownership.


About CISQ


The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon University, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by CAST, CGI, Cognizant, ISPHI, Northrop Grumman, Synopsys and Tech Mahindra. For more information, visit


For more information on Tech Mahindra, please contact:

Tuhina Pandey, Global Corporate Communications



For more information on CISQ, please contact:

Ann McDonough, Marketing Communications Specialist




Note to editors: Object Management Group and OMG are registered trademarks of the Object Management Group.  For a listing of all OMG trademarks, visit All other trademarks are the property of their respective owners.

Dr. Bill Curtis, Executive Director of Consortium for IT Software Quality, to Keynote at QUEST 2018 Conference, May 23

CISQ thought leaders share software quality insights


Needham, MA – April 17, 2018 – Dr. Bill Curtis, the Executive Director of the Consortium for IT Software Quality™ (CISQ™), a recognized authority in software quality and sizing, will serve as a keynote speaker at the QUEST conference in San Antonio, Texas. The conference attracts managers and practitioners, quality professionals, and software development professionals interested in new technologies and proven methods for quality engineered software and testing. His keynote titled, “Software Intelligence: Structural Quality Analysis and Machine Learning,” is scheduled from 8:30 a.m. – 9:30 a.m. on Wednesday, May 23.


Dr. Curtis heads CISQ, which is chartered to produce international standards for automating the measurement of structural quality from source code. A SVP and Chief Scientist at CAST, he leads CAST Research Labs in applying visualization and machine learning to structural quality analysis. With 40 years of experience in software, Dr. Curtis is best known for leading development of the Capability Maturity Model (CMM) and People CMM at the Software Engineering Institute. He is also a Fellow of the IEEE for his contributions to software process improvement and measurement.


Dr. Curtis’ keynote will examine the C-Suite’s demand for more accountability and improvements in software processes. He will also discuss recent results from machine learning research in software quality and review international standards for measuring the structural quality of software developed by CISQ, along with results of empirical research on how some of the most severe flaws are distributed in business applications.


According to Dr. Curtis, “The software stack is increasingly complex and exceeds the ability of developers to fully understand all the interactions. Consequently, human-based quality practices must be augmented by advanced technology. I will describe the CISQ standards that are available now to automate the analysis and measurement of software quality, and the role that machine learning plays in providing deeper intelligence into structural quality pathologies.”


In addition to Dr. Curtis’ keynote, Joe Jarzombek, from CISQ sponsor Synopsys, will present “Software Integrity: Integrated Focus for Software Quality and Security” from 10 a.m. – 11 a.m. on May 23. A retired Lt. Col. in the U.S. Air Force and a Certified Secure Software Lifecycle Professional, Jarzombek is Director for Government, Aerospace & Defense Programs for the Synopsys Software Integrity Group. Prior to joining Synopsys, Jarzombek served as the Director for Software & Supply Chain Assurance in the U.S. Department of Homeland Security Office of Cybersecurity and Communications.


During his presentation, Jarzombek will provide details on the types of test tools and services used to determine resilience of products and residual risk exposures attributable to software, and the value proposition for software integrity as an integrating focus for software quality and security. He will also explain how software integrity is an enabler for IoT cybersecurity and how using standards-based automation enables the exchange of information internally and externally with vendors for IoT/ICT products.


Also speaking is Bill Dickenson, Director of Solution Delivery at CAST, a CISQ sponsor. He has worked with C-level executives on business case development, services strategy, program and vendor management, business process re-engineering, outsourcing engagements and implementation approaches. Prior to CAST, Dickenson was an independent consultant with Strategy On The Web and former VP of Application Management Services for IBM, bringing decades of experience in application development, maintenance and integrated operations.


He will co-present “Leverage Software Intelligence to Improve Risk-Based Testing” from 11:15 a.m. –12:15 p.m. on May 24 when he will examine risk-based testing models and discuss overlooked factors that impact their test effectiveness and production stability.


For more information on the keynotes and the QUEST conference 2018, visit


About CISQ

The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by CAST, CGI, Cognizant, ISPHI, Northrop Grumman, Synopsys and Tech Mahindra. For more information, visit



Ann McDonough
+1 781-444-0404



Note to editors: Object Management Group and OMG are registered trademarks of the Object Management Group.  For a listing of all OMG trademarks, visit All other trademarks are the property of their respective owners.