CISQ creates definitions for IT quality
US software industry body announces new standards for measuring reliability and security
The Consortium for IT Software Quality (CISQ) has announced new standards for measuring structural quality of software. The US industry body said these are quantitative criteria that can be used to evaluate the performance of an IT system according to four different measures: reliability, security, performance efficiency, and maintainability.
The standards were created by compiling a list of known violations of good coding practice in each category. Software can then be ranked against these criteria according to the number of violations it contains.
Founded in 2010, CISQ is a joint effort between Carnegie Mellon university and Object Management Group, the not-for-profit technology standards group. CISQ aims to set performance benchmarks for software customers for use in service level agreements with vendors.
CISQ works with various US government and regulatory bodies, including the Securities and Exchange Commission, the Department of Defense, and the Department of Science and Technology.
The French government has adopted CISQ’s standards for automated function points, a measure of the size of an IT application. Dr Bill Curtis, executive director of CISQ told QA Financial that he expects to work closely with the UK government in the coming year.
“The biggest structural quality problems confronting banks are those related to software security and reliability,” said Curtis. “Clients want to know that their information is secure and they want to have 24/7 access to their accounts. Besides these two things, the third most important factor is maintainability. In an increasingly competitive market, it is important to be able to implement changes quickly and to measure how easy it is to update the code.”
Right now, said Curtis, different customers often have different standards and definitions for structural integrity, while software vendors have their own benchmarks. That will change he said, led by the the growing number of banks using common tools for analysis and testing to establish the robustness and safety of their platforms. Those banks will increasingly push for international standards of best practice, he said.
Dr Curtis is also chief scientist at CAST software, the Euronext-listed, software vendor, which has released a software analysis tool – called Application Intelligence Platform – which is designed to detect a majority of CISQ rule violations. CAST said it is upgrading the tool to cover the remainder of those violations; those that are the most complex and difficult to detect.