Extending the Quality Measure Standards to Secure Embedded Systems and IoT
CISQ launched a working group to extend the CISQ Automated Quality Characteristic Measures into the domain of embedded and real-time software. The first set of measures on which this work builds was developed to measure the quality and resilience of enterprise IT systems. This updated standard can be used to measure the quality and security of embedded software code used in device control, the Internet of Things (IoT), and safety-critical systems.
The working group launched in February 2018. An updated quality measure specification was submitted to OMG in December 2018 and was approved for a 3-month public review period. The specification was formally approved by the OMG Architecture Board in March 2019. The documentation will be finalized on the OMG website in June 2019. You can track the standard here.
“CISQ has launched a workgroup from its sponsor organizations to update the CISQ measures to incorporate embedded code. One of the first observations of the members with 35 years of experience in embedded systems development was that more of the functionality that used to be non-embedded is being loaded onto chips. With the evolution of IoT, this trend is only growing larger. Consequently they felt the majority of the weaknesses underlying the current CISQ measures are also relevant to embedded code. We will be adding more weaknesses into the measures and a few may be primarily for embedded, especially where there are real-time issues.” - Dr. Bill Curtis, CISQ Executive Director
The project team is led by Dr. Bill Curtis, CISQ Executive Director and Chief Scientist at CAST Research Labs. The team consists of delegates with expertise in embedded software from each participating sponsor of CISQ, in addition to experts from the Software Engineering Institute at Carnegie Mellon University and the Common Weakness Enumeration project at The MITRE Corporation. Combined, the team has over 150 years of experience in embedded software. The sponsors include CAST, CGI, Cognizant, ISHPI, Northrop Grumman, Synopsys and Tech Mahindra.
- Dr. Bill Curtis, Executive Director, CISQ
- Philippe Emmanuel-Douziech, Principal Research Scientist, CAST Research Labs
- Bill Dickenson, Director of Solution Delivery, CAST
- Joe Jarzombek, Director for Government, Aerospace & Defense Programs, Synopsys
- Gordon Uchenick, Lead Aerospace / Defense Sales Engineer, Software Integrity Group, Synopsys
- Robert Martin, Senior Principal Engineer, The MITRE Corporation
- Dan Plakosh, Principal Member of Technical Staff, Software Engineering Institute, Carnegie Mellon University
- Paul Seay, Northrop Grumman Fellow, Engineering Center of Excellence, NGMS Engineering, Sciences and Technology, Northrop Grumman Corporation
- Paul Rainey, Director Consulting Services, Global Program Director, Software Quality Center of Excellence, CGI
- Kevin Doyle, Cyber Security Engineer, CGI Federal
- Girish Seshagiri, Executive Vice President, CTO, ISHPI
- Amitabh Shankar, Principal Quality Consultant, Tech Mahindra
- Sanjeev Chikodi, SQA Head, Tech Mahindra
- Hariharan Mathrubutham, Vice President of Delivery Excellence, Cognizant
If you would like to learn more or get involved, contact CISQ at email@example.com.