This document provides an agenda and background information for a CISQ Executive Forum. The forum will include introductions to CISQ, the SEI, and OMG. There will also be sessions on quality issues and objectives for CISQ. CISQ aims to develop standard and automatable measures for evaluating software quality and promote their global acceptance. It operates through executive forums, technical meetings, and member involvement to define issues and drive adoption of quality standards. Initial work groups are focusing on size, security, and other attributes. Future directions may include additional measures and addressing industry challenges.
1. CISQ Introduction
and Objectives
Dr.
Dr Bill Curtis Special
S i l
Director, CISQ thanks to
www.it-cisq.org
1
CISQ Executive Forum Agenda
9:00- 9:30 Welcome & Introductions Mr. Ganesh Natarajan, NASSCOM
9:30-10:15 Introduction to CISQ Dr. Bill Curtis, CISQ
10:15-10:30 break
10:30-11:15 Introduction to the SEI Dr. Paul Nielsen, SEI
11:15-12:00 Introduction to OMG Dr. Richard Soley, OMG
12:00- 1:00 lunch
1:00- 2:30 Forum−Quality Issues Moderator: Bill Curtis
2:30-
2:30 2:45 break
2:45- 4:00 Forum−CISQ Objectives Moderator: Bill Curtis
4:00- 4:30 Summary and Adjourn Nielsen, Soley, & Natarajan
2
1
2. The Software Quality Dilemma
National Research Council
Software for Dependable Systems
“As higher levels of assurance are
As
demanded…testing cannot deliver
the level of confidence required at
a reasonable cost.”
“The cost of preventing all failures
will usually be prohibitively
expensive, so a dependable system
will not offer uniform levels of
confidence across all functions.”
“The correctness of the code
is rarely the weakest link.”
Jackson, D. (2009). Communications of the ACM, 52 (4)
Software Engineering’s 4th Wave
What: Architecture, Quality characteristics, Reuse
4 When: 2002
Why: Ensure software is constructed to standards
Product that meet the lifetime demands placed on it
What: CMM/CMMI, ITIL, PMBOK, Agile
3 When: 1990-2002
Why: Provide a more disciplined environment for
Process professional work incorporating best practices
What: Design methods, CASE tools
2 When: 1980-1990
Why: Give developers better tools and aids for constructing
Methods software systems
What: 3rd & 4th generation languages, structured programming
1 When: 1965-1980
Why: Give developers greater power for expressing their
Languages programs
2
3. Why CISQ?
• Industry needs software quality measures:
– Visibility into business critical applications
– Control of outsourced work
– Benchmarks
• Current limitations:
– Manual, expensive infrequent use
– Subjective not repeatable or comparable
j p p
– Inconsistent definitions burdens usage
5
What Is CISQ?
Partnership
p
IT
CISQ Technical
IT organizations,
Executives Outsourcers, experts
Government
Government,
Experts
Define industry issues Application quality standard
Drive standards adoption Other standards, methods
Create assessment Technical certification
infrastructure
6
3
4. CISQ Members
Initial CISQ Objectives
1
Raise international awareness of the critical
challenge of IT software quality
2
Develop standard, automatable measures and
anti-patterns for evaluating IT software quality
3
Promote global acceptance of the standard in
acquiring IT software and services
4
Develop an infrastructure of authorized
assessors and products using the standard
4
5. CISQ Operations
• CISQ Executive Meetings
– Annual Executive Forums
– Quarterly Webinars on progress and special topics
• Quarterly CISQ Technical Meetings
– Initiated Q1 2010
– Virtual to the extent possible
– Distributed work on prioritized quality attributes
• Member Involvement
– Executives – 1 day per year
– Delegates – 2-4 weeks per year
9
CISQ Status
• Executive Forums in Frankfurt, Germany;
Arlington, Virginia; & Bangalore, India
• Five Technical Work Groups established
⎯ Based on Executive Forum priorities
⎯ Member assignment of delegates underway
• Standards targeted for 2011, first draft for some
Work Groups expected in December 2010
5
6. CISQ Standards Process
Knowledge Discovery Meta-model
Technical Work Groups
Structured Metrics Meta-model
Function ISO
Points
Defined 25000
14143
Measures
27000
Maintainability
CISQ
Reliability &
Exec
Performance OMG Best ISO
Practices 15939
Forum
Security
ISO
Weaknesses 17799
Methods for & Violations CVSS
Metrics Use
Pattern Metamodel
Knowledge Discovery Meta-model
Size Technical Work Group
Team Lead
David
Herron
DCG
Objective
Create a definition of Function
Points that is as close to
IFPUG counting rules as
ti l
possible, while resolving the
issues necessary to enable
fully automated counting at
the source code level
6
7. Security Technical Work Group
Team Lead
Robert
Martin
MITRE
Objective
Develop automated source
code measures that predict the
vulnerability of source code to
external attack. Coordinate
work products with work in the
software assurance community
Future CISQ Directions
• CISQ will pursue member-driven objectives
– Determined by CISQ Executive Forum
– Consensus among CISQ members of problem to be addressed
• Early requests for additional objectives:
– Defect and failure-related definitions
– Business value measures related to application quality
– Size measures
• Use of Executive Forum for addressing industry issues
– Quality-based SLAs in outsourcing contracts
– Benchmarking
– Industry response to regulatory challenges
14
7