CISQ has developed Automated Quality Characteristic Measures to measure and manage the structural quality of IT application software. The automated measures for Security, Reliability, Performance Efficiency, and Maintainability are now OMG® approved standards making them global standards for use by IT organizations.
These measures were developed from coding rules covering some of the most serious violations of good architectural and coding practices that should be avoided and can be detected by static analysis technologies. Each measure counts the number of violations of the architectural and coding rules related to that quality characteristic, and then can be used in creating metrics for defect density, etc.
Security: Critical security violations in the source code drawn from the Top 25 security weaknesses in the Common Weakness Enumeration (CWE) repository.
Reliability: Critical violations of availability, fault tolerance, and recoverability of software.
Performance Efficiency: Critical violations of response time, as well as processor, memory, and utilization of other resources by the software.
Maintainability: Critical violations of modularity, architectural compliance, reusability, analyzability, and changeability in software.