Standards to Automate Software Measurement
The Consortium for Information & Software Quality develops international standards to automate the measurement of software from source code. Industry needs standard, low-cost, automated measures for evaluating software size and structural quality that can be used in controlling the quality, cost, and risk of software that is produced internally or by third parties.
Automation is critical because manual review is infeasible for large multi‐layer, multi‐language, multi‐platform systems. Additionally, DevOps greatly speeds up the deployment of applications, some changing on a daily or even hourly basis, which may result in unintended vulnerabilities without review.
Click on a standard below to learn more about the measure and how to use it in practice.
Software Sizing
- Automated Function Points: Measures the functional size of software
- Automated Enhancement Points: Measures changes in the size of both functional and non-functional code during a release in one measure
Code Quality
- Security: Measures weaknesses in source code representing the most exploited security weaknesses in software including the CWE/Sans Institute Top 25 Most Dangerous Security Errors and OWASP Top 10
- Reliability: Measures weaknesses in source code impacting the availability, fault tolerance, and recoverability of software
- Performance Efficiency: Measures weaknesses in source code impacting response time and utilization of processor, memory, and other resources
- Maintainability: Measures weaknesses in source code impacting the comprehensibility, changeability, testability, and scalability of software
Technical Debt
- Technical Debt: A measure of corrective maintenance effort due to the CISQ code quality weaknesses remaining in a software application