CISQ has developed Automated Quality Characteristic Measures to proactively measure and manage the structural quality of IT application software. The automated measures for Security, Reliability, Performance Efficiency, and Maintainability are now OMG® approved standards making them global standards for use in IT organizations.
The measures are used to identify critical violations of good coding and architectural practice in the source code of software. The measures are applied against system source code to identify vulnerabilities at both the unit level and system level. Violations were included in the CISQ measures only if the violations were considered severe enough that they had to be addressed in future releases. These measures collectively cover eighty-six critical code quality rules. View a description of the weaknesses contained in each measure here.
Security: Critical security violations in the source code drawn from the Top 25 security weaknesses in the Common Weakness Enumeration (CWE) repository.
Reliability: Critical violations of availability, fault tolerance, and recoverability of software.
Performance Efficiency: Critical violations of response time, as well as processor, memory, and utilization of other resources by the software.
Maintainability: Critical violations of modularity, architectural compliance, reusability, analyzability, and changeability in software.
These measures conform to ISO/IEC 25010 definition. CISQ supplements ISO by specifying measures of internal quality at the source code level.