FAQ

The Consortium for IT Software Quality™ (CISQ™) is a not-for-profit IT leadership group that develops standards for automating software measurement from source code - this includes measures of software size, structural quality, technical debt, and related metrics. The standards written by CISQ enable IT and business leaders to measure the risk IT applications pose to the business, as well as estimate the cost of ownership. CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. The specifications are submitted to the OMG and ISO for approval as international standards.

We're in an era of "nine-digit defects" where IT outages, security breaches, and performance degradation issues can cost organizations in the millions of dollars. Software quality is a Board room issue.

The Information Technology (IT) industry needs standard measures for evaluating software quality. In fact, all industries that rely on software-intensive systems need these metrics to assess the risk and cost of their digital assets and platforms. Automated measurement is critical given the complexity of modern systems, the fast pace of development, and the future of auto-generated code (think AI).

Establishing a global standard for software structural quality is an important step for enabling these measures to be used in acquiring IT services from suppliers or for apples-to-apples comparison in benchmarking applications and the quality of new development. CISQ fills a critical void since there are no other standards bodies developing standards for automating the measurement of size and quality from the source code of a software system.

CISQ hosts outreach events, influences policy, and briefs analysts and the media on software quality. The Cyber Resilience Summit is hosted annually in Washington, DC to influence the cybersecurity and resilience of mission-critical Federal applications. Events are hosted in cities across North America, Europe and Asia with the support of sponsors. CISQ launched a Trustworthy Systems Manifesto for executives that set corporate policy to govern the development and maintenance of trustworthy software. Additionally, CISQ submits position papers and requests for information regarding policy from several government agencies.
There are two levels of membership. The first is Individual Membership, which is free and subscribes you to the mailing list for updates on the standards, a quarterly newsletter, and event invitations. The second is Corporate Membership, which gives your organization the ability to participate in standards development and the publication of technical guidance. Other benefits of Corporate Membership include speaking opportunities, a table and free passes to events, branding on the CISQ website, and more. It is based on an annual fee. Read more and become a member here.
CISQ is a program managed by the Object Management Group®, an international, open membership, not-for-profit technology standards consortium. The Executive Director of CISQ is Dr. Bill Curtis, well-known for his work on the Capability Maturity Model (CMM) for software process improvement and software measurement. Dr. Curtis is an active participant in ISO JTC1 SC7 WG6 for Software and System Product Measures. In 2007 he was elected a Fellow of the IEEE for his career contributions to software process improvement and measurement. The work that CISQ undertakes is directed by a Governing Board comprised of executives from corporate member organizations. CISQ’s Advisory Board advises on awareness and adoption of the standards. All important updates, news items, and event invitations are sent across CISQ membership.
CISQ supplements the ISO/IEC 25000 series of standards. While ISO defines software quality characteristics, CISQ automates their measurement through tooling. The CISQ code quality measures were developed using definitions in ISO/IEC 25010, the international standard that defines eight software quality characteristics and their subcharacteristics. The measures supplement ISO/IEC 25023, the standard that enumerates measures of the various subcharacteristics. The CISQ measures are quantified from the automated analysis of source code (via static analysis) to identify architectural and coding weaknesses in the software. Dr. Bill Curtis, Executive Director of CISQ, is on the ISO/IEC 25000 team. For more information, read CISQ Supplements ISO/IEC 25000 Series with Automated Quality Characteristic Measures.