Faq - CISQ

1. What is CISQ?

The Consortium for Information & Software Quality™ (CISQ™) is a not-for-profit IT leadership group that develops standards for automating software measurement from source code - this includes measures of software size, structural quality, technical debt, and related metrics. The standards written by CISQ enable IT and business leaders to measure the risk IT applications pose to the business, as well as estimate the cost of ownership. CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. The specifications are submitted to the OMG and ISO for approval as international standards.

2. Why do we need CISQ?

We're in an era of "nine-digit defects" where IT outages, security breaches, and performance degradation issues can cost organizations in the millions of dollars. Software quality is a Board room issue.

The Information Technology (IT) industry needs standard measures for evaluating software quality. In fact, all industries that rely on software-intensive systems need these metrics to assess the risk and cost of their digital assets and platforms. Automated measurement is critical given the complexity of modern systems, the fast pace of development, and the future of auto-generated code (think AI).

Establishing a global standard for software structural quality is an important step for enabling these measures to be used in acquiring IT services from suppliers or for apples-to-apples comparison in benchmarking applications and the quality of new development. CISQ fills a critical void since there are no other standards bodies developing standards for automating the measurement of size and quality from the source code of a software system.

3. How does CISQ deploy its standards?

CISQ hosts outreach events, influences policy, and briefs analysts and the media on software quality. The Cyber Resilience Summit is hosted annually in Washington, DC to influence the cybersecurity and resilience of mission-critical Federal applications. Events are hosted in cities across North America, Europe and Asia with the support of sponsors. CISQ launched a Trustworthy Systems Manifesto for executives that set corporate policy to govern the development and maintenance of trustworthy software. Additionally, CISQ submits position papers and requests for information regarding policy from several government agencies.

4. How do I become a CISQ member?

There are two levels of membership. The first is Individual Membership, which is free and subscribes you to the mailing list for updates on the standards, a quarterly newsletter, and event invitations. The second is Corporate Membership, which gives your organization the ability to participate in standards development and the publication of technical guidance. Other benefits of Corporate Membership include speaking opportunities, a table and free passes to events, branding on the CISQ website, and more. It is based on an annual fee. Read more and become a member here.

5. How is CISQ managed?

CISQ is a program managed by the Object Management Group®, an international, open membership, not-for-profit technology standards consortium. The Founding Executive Director of CISQ is Dr. Bill Curtis, well-known for his work on the Capability Maturity Model (CMM) for software process improvement and software measurement. Dr. Curtis leads the CISQ working groups that develop standards and is also an active participant in ISO JTC1 SC7 WG6 for Software and System Product Measures. David Norton is CISQ's Executive Director and he works closely with Dr. Curtis, members of CISQ, and the broader community. The work that CISQ undertakes is directed by a Governing Board comprised of executives from corporate sponsor organizations. CISQ's Advisory Board advises on awareness and adoption of the standards. We use CISQ's mailing list and host events to communicate and connect with members. By joining CISQ, you will receive tech updates, event invitations, and invitations to contribute to the standards and get involved.

6. What is CISQ's relationship to ISO?

CISQ submits its specifications to OMG and ISO for approval as international standards.

With regards to software quality, CISQ supplements the ISO/IEC 25000 series of standards. ISO defines software quality characteristics and CISQ automates their measurement through tooling. The code quality measures were developed by CISQ using definitions in ISO/IEC 25010, the international standard that defines eight software quality characteristics and their subcharacteristics. The measures supplement ISO/IEC 25023, the standard that enumerates measures of the various subcharacteristics. The CISQ measures are quantified from the automated analysis of source code (via static analysis) to identify architectural and coding weaknesses in the software. Dr. Bill Curtis, Founding Executive Director of CISQ, is on the ISO/IEC 25000 team. For more information, read CISQ Supplements ISO/IEC 25000 Series with Automated Quality Characteristic Measures.

With regards to software sizing, the Automated Function Point (AFP) standard developed by CISQ and standardized by OMG was also approved by ISO. The AFP standard is ISO 19515:2019.