Code Quality and Related Standards

CISQ was chartered to automate the measurement of software source code. CISQ has developed specifications for automated measures now approved as standards by the Object Management Group® (OMG®) for the size and the structural quality of source code. The software measures were developed with input from major stakeholders representing government, academia and industry. The standards are implemented through static code analysis.


Software sizing standards focus on measuring the functional and non-functional components of the code. Code quality standards focus on detecting and measuring violations of critical rules of good architectural and coding practice. Technical Debt estimates the effort (cost predictor) of corrective maintenance resulting from violations of good architectural and coding practice remaining in the source code after release. Additional measures such as Green IT that are based on these CISQ/OMG standards will be posted periodically. Click on the links below for free copies of the standards. Visit the page for each category of standards for an explanation of the standards included under each.



Published OMG® Standards Developed by CISQ Available for Use



Software Sizing


Automated Function Points Measures the functional size of software
Automated Enhancement Points Measures the size of both functional and non-functional code in one measure


Code Quality


Security Measures 22 violations in source code representing the most exploited security weaknesses in software – CWE/Sans Institute Top 25 Most Dangerous Security Errors, OWASP Top 10
Reliability Measures 29 violations in source code impacting the availability, fault tolerance, and recoverability of software
Performance Efficiency Measures 15 violations in source code impacting response time and utilization of processor, memory, and other resources
Maintainability Measures 20 violations in source code impacting the comprehensibility, changeability, testability, and scalability of software


Technical Debt


Automated Technical Debt A measure of corrective maintenance effort due to violations (weaknesses) remaining in a software application