SlideShare a Scribd company logo

CISQ Introduction & Objectives - Dr. Bill Curtis

CISQ - Consortium for IT Software Quality
CISQ - Consortium for IT Software Quality

This document provides an agenda and background information for a CISQ Executive Forum. The forum will include introductions to CISQ, the SEI, and OMG. There will also be sessions on quality issues and objectives for CISQ. CISQ aims to develop standard and automatable measures for evaluating software quality and promote their global acceptance. It operates through executive forums, technical meetings, and member involvement to define issues and drive adoption of quality standards. Initial work groups are focusing on size, security, and other attributes. Future directions may include additional measures and addressing industry challenges.

1 of 7
Download to read offline
CISQ Introduction and Objectives Dr. Dr Bill Curtis Special S i l Director, CISQ thanks to www.it-cisq.org 1 CISQ Executive Forum Agenda 9:00- 9:30 Welcome & Introductions Mr. Ganesh Natarajan, NASSCOM 9:30-10:15 Introduction to CISQ Dr. Bill Curtis, CISQ 10:15-10:30 break 10:30-11:15 Introduction to the SEI Dr. Paul Nielsen, SEI 11:15-12:00 Introduction to OMG Dr. Richard Soley, OMG 12:00- 1:00 lunch 1:00- 2:30 Forum−Quality Issues Moderator: Bill Curtis 2:30- 2:30 2:45 break 2:45- 4:00 Forum−CISQ Objectives Moderator: Bill Curtis 4:00- 4:30 Summary and Adjourn Nielsen, Soley, & Natarajan 2 1
The Software Quality Dilemma National Research Council Software for Dependable Systems “As higher levels of assurance are As demanded…testing cannot deliver the level of confidence required at a reasonable cost.” “The cost of preventing all failures will usually be prohibitively expensive, so a dependable system will not offer uniform levels of confidence across all functions.” “The correctness of the code is rarely the weakest link.” Jackson, D. (2009). Communications of the ACM, 52 (4) Software Engineering’s 4th Wave What: Architecture, Quality characteristics, Reuse 4 When: 2002 Why: Ensure software is constructed to standards Product that meet the lifetime demands placed on it What: CMM/CMMI, ITIL, PMBOK, Agile 3 When: 1990-2002 Why: Provide a more disciplined environment for Process professional work incorporating best practices What: Design methods, CASE tools 2 When: 1980-1990 Why: Give developers better tools and aids for constructing Methods software systems What: 3rd & 4th generation languages, structured programming 1 When: 1965-1980 Why: Give developers greater power for expressing their Languages programs 2
Why CISQ? • Industry needs software quality measures: – Visibility into business critical applications – Control of outsourced work – Benchmarks • Current limitations: – Manual, expensive infrequent use – Subjective not repeatable or comparable j p p – Inconsistent definitions burdens usage 5 What Is CISQ? Partnership p IT CISQ Technical IT organizations, Executives Outsourcers, experts Government Government, Experts Define industry issues Application quality standard Drive standards adoption Other standards, methods Create assessment Technical certification infrastructure 6 3
CISQ Members Initial CISQ Objectives 1 Raise international awareness of the critical challenge of IT software quality 2 Develop standard, automatable measures and anti-patterns for evaluating IT software quality 3 Promote global acceptance of the standard in acquiring IT software and services 4 Develop an infrastructure of authorized assessors and products using the standard 4
CISQ Operations • CISQ Executive Meetings – Annual Executive Forums – Quarterly Webinars on progress and special topics • Quarterly CISQ Technical Meetings – Initiated Q1 2010 – Virtual to the extent possible – Distributed work on prioritized quality attributes • Member Involvement – Executives – 1 day per year – Delegates – 2-4 weeks per year 9 CISQ Status • Executive Forums in Frankfurt, Germany; Arlington, Virginia; & Bangalore, India • Five Technical Work Groups established ⎯ Based on Executive Forum priorities ⎯ Member assignment of delegates underway • Standards targeted for 2011, first draft for some Work Groups expected in December 2010 5
CISQ Standards Process Knowledge Discovery Meta-model Technical Work Groups Structured Metrics Meta-model Function ISO Points Defined 25000 14143 Measures 27000 Maintainability CISQ Reliability & Exec Performance OMG Best ISO Practices 15939 Forum Security ISO Weaknesses 17799 Methods for & Violations CVSS Metrics Use Pattern Metamodel Knowledge Discovery Meta-model Size Technical Work Group Team Lead David Herron DCG Objective Create a definition of Function Points that is as close to IFPUG counting rules as ti l possible, while resolving the issues necessary to enable fully automated counting at the source code level 6
Security Technical Work Group Team Lead Robert Martin MITRE Objective Develop automated source code measures that predict the vulnerability of source code to external attack. Coordinate work products with work in the software assurance community Future CISQ Directions • CISQ will pursue member-driven objectives – Determined by CISQ Executive Forum – Consensus among CISQ members of problem to be addressed • Early requests for additional objectives: – Defect and failure-related definitions – Business value measures related to application quality – Size measures • Use of Executive Forum for addressing industry issues – Quality-based SLAs in outsourcing contracts – Benchmarking – Industry response to regulatory challenges 14 7

Recommended

ITSM Academy Webinar Leveraging Process Design
ITSM Academy Webinar Leveraging Process DesignITSM Academy Webinar Leveraging Process Design
ITSM Academy Webinar Leveraging Process DesignITSM Academy, Inc.
 
Catalyst college-presentation
Catalyst college-presentationCatalyst college-presentation
Catalyst college-presentationVinodh Kombissan
 
The quality attribute of upgradability
The quality attribute of upgradabilityThe quality attribute of upgradability
The quality attribute of upgradabilityLen Bass
 
Validation Item – Stating Requirements at the Adequate Level of Detail
Validation Item – Stating Requirements at the Adequate Level of DetailValidation Item – Stating Requirements at the Adequate Level of Detail
Validation Item – Stating Requirements at the Adequate Level of DetailEdwagney Luz
 
Exp eng brochure
Exp eng brochureExp eng brochure
Exp eng brochurekkathrynlee
 
Scrum
ScrumScrum
ScrumAmit Sawhney
 
Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Ian Sommerville
 
Refactoring the Organization Design (LESS2010)
Refactoring the Organization Design (LESS2010)Refactoring the Organization Design (LESS2010)
Refactoring the Organization Design (LESS2010)Ken Power
 

Recommended

ITSM Academy Webinar Leveraging Process Design
ITSM Academy Webinar Leveraging Process DesignITSM Academy Webinar Leveraging Process Design
ITSM Academy Webinar Leveraging Process DesignITSM Academy, Inc.
 
Catalyst college-presentation
Catalyst college-presentationCatalyst college-presentation
Catalyst college-presentationVinodh Kombissan
 
The quality attribute of upgradability
The quality attribute of upgradabilityThe quality attribute of upgradability
The quality attribute of upgradabilityLen Bass
 
Validation Item – Stating Requirements at the Adequate Level of Detail
Validation Item – Stating Requirements at the Adequate Level of DetailValidation Item – Stating Requirements at the Adequate Level of Detail
Validation Item – Stating Requirements at the Adequate Level of DetailEdwagney Luz
 
Exp eng brochure
Exp eng brochureExp eng brochure
Exp eng brochurekkathrynlee
 
Scrum
ScrumScrum
ScrumAmit Sawhney
 
Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Ian Sommerville
 
Refactoring the Organization Design (LESS2010)
Refactoring the Organization Design (LESS2010)Refactoring the Organization Design (LESS2010)
Refactoring the Organization Design (LESS2010)Ken Power
 
Nailing It Down: Detailed Design to Preserve the UX Vision
Nailing It Down: Detailed Design to Preserve the UX VisionNailing It Down: Detailed Design to Preserve the UX Vision
Nailing It Down: Detailed Design to Preserve the UX Visionjsokohl
 
Hopkins.marghi
Hopkins.marghiHopkins.marghi
Hopkins.marghiNASAPMC
 
Mycv Tb
Mycv TbMycv Tb
Mycv TbAshfaque Malik Muhammad
 
Dnv Improving Your Process Performances With Agile
Dnv Improving Your Process Performances With AgileDnv Improving Your Process Performances With Agile
Dnv Improving Your Process Performances With AgileGeorge Ang
 
Adapting agile to the entreprise
Adapting agile to the entreprise Adapting agile to the entreprise
Adapting agile to the entreprise Valtech UK
 
Mulenburg jerry
Mulenburg jerryMulenburg jerry
Mulenburg jerryNASAPMC
 
Whipp q3 2008_sv
Whipp q3 2008_svWhipp q3 2008_sv
Whipp q3 2008_svObsidian Software
 
Terry.cooke davies
Terry.cooke daviesTerry.cooke davies
Terry.cooke daviesNASAPMC
 
Vodafone – Technical Due Diligence Exercise
Vodafone – Technical Due Diligence ExerciseVodafone – Technical Due Diligence Exercise
Vodafone – Technical Due Diligence ExerciseSpartanski
 
Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012jvangombos
 
Sunrise presentation
Sunrise presentationSunrise presentation
Sunrise presentationBarbara G Gibney
 
Dragonsden 2012
Dragonsden 2012Dragonsden 2012
Dragonsden 2012Samuel Mann
 
Successful NERC CIP Compliance - Robert Hoopes, PPL Corporation
Successful NERC CIP Compliance - Robert Hoopes, PPL CorporationSuccessful NERC CIP Compliance - Robert Hoopes, PPL Corporation
Successful NERC CIP Compliance - Robert Hoopes, PPL CorporationEnergy Network marcus evans
 
Kapruch steve
Kapruch steveKapruch steve
Kapruch steveNASAPMC
 
Leveraging Reusability and Traceability in Medical Device Development
Leveraging Reusability and Traceability in Medical Device DevelopmentLeveraging Reusability and Traceability in Medical Device Development
Leveraging Reusability and Traceability in Medical Device DevelopmentSeapine Software
 
Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.STAG Software Private Limited
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applicationsalexbe
 
Technology Projects. What could possibly go wrong
Technology Projects. What could possibly go wrongTechnology Projects. What could possibly go wrong
Technology Projects. What could possibly go wrongAndrew Lewis
 
Agile Brazil 2010 - DSD + Open Source + Agile Methods
Agile Brazil 2010 - DSD + Open Source + Agile MethodsAgile Brazil 2010 - DSD + Open Source + Agile Methods
Agile Brazil 2010 - DSD + Open Source + Agile MethodsWildtech
 
SEI Overview Dr. Paul Nielsen
SEI Overview Dr. Paul NielsenSEI Overview Dr. Paul Nielsen
SEI Overview Dr. Paul NielsenCISQ - Consortium for IT Software Quality
 
Productivity Measurement by Dr. Bill Curtis
Productivity Measurement by Dr. Bill CurtisProductivity Measurement by Dr. Bill Curtis
Productivity Measurement by Dr. Bill CurtisCISQ - Consortium for IT Software Quality
 
Automated Function Points a Game-Changer in Software Sizing
Automated Function Points a Game-Changer in Software SizingAutomated Function Points a Game-Changer in Software Sizing
Automated Function Points a Game-Changer in Software SizingCISQ - Consortium for IT Software Quality
 

More Related Content

What's hot

Nailing It Down: Detailed Design to Preserve the UX Vision
Nailing It Down: Detailed Design to Preserve the UX VisionNailing It Down: Detailed Design to Preserve the UX Vision
Nailing It Down: Detailed Design to Preserve the UX Visionjsokohl
 
Hopkins.marghi
Hopkins.marghiHopkins.marghi
Hopkins.marghiNASAPMC
 
Dnv Improving Your Process Performances With Agile
Dnv Improving Your Process Performances With AgileDnv Improving Your Process Performances With Agile
Dnv Improving Your Process Performances With AgileGeorge Ang
 
Adapting agile to the entreprise
Adapting agile to the entreprise Adapting agile to the entreprise
Adapting agile to the entreprise Valtech UK
 
Mulenburg jerry
Mulenburg jerryMulenburg jerry
Mulenburg jerryNASAPMC
 
Terry.cooke davies
Terry.cooke daviesTerry.cooke davies
Terry.cooke daviesNASAPMC
 
Vodafone – Technical Due Diligence Exercise
Vodafone – Technical Due Diligence ExerciseVodafone – Technical Due Diligence Exercise
Vodafone – Technical Due Diligence ExerciseSpartanski
 
Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012jvangombos
 
Successful NERC CIP Compliance - Robert Hoopes, PPL Corporation
Successful NERC CIP Compliance - Robert Hoopes, PPL CorporationSuccessful NERC CIP Compliance - Robert Hoopes, PPL Corporation
Successful NERC CIP Compliance - Robert Hoopes, PPL CorporationEnergy Network marcus evans
 
Kapruch steve
Kapruch steveKapruch steve
Kapruch steveNASAPMC
 
Leveraging Reusability and Traceability in Medical Device Development
Leveraging Reusability and Traceability in Medical Device DevelopmentLeveraging Reusability and Traceability in Medical Device Development
Leveraging Reusability and Traceability in Medical Device DevelopmentSeapine Software
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applicationsalexbe
 
Technology Projects. What could possibly go wrong
Technology Projects. What could possibly go wrongTechnology Projects. What could possibly go wrong
Technology Projects. What could possibly go wrongAndrew Lewis
 
Agile Brazil 2010 - DSD + Open Source + Agile Methods
Agile Brazil 2010 - DSD + Open Source + Agile MethodsAgile Brazil 2010 - DSD + Open Source + Agile Methods
Agile Brazil 2010 - DSD + Open Source + Agile MethodsWildtech
 

What's hot (19)

Nailing It Down: Detailed Design to Preserve the UX Vision
Nailing It Down: Detailed Design to Preserve the UX VisionNailing It Down: Detailed Design to Preserve the UX Vision
Nailing It Down: Detailed Design to Preserve the UX Vision
 
Hopkins.marghi
Hopkins.marghiHopkins.marghi
Hopkins.marghi
 
Mycv Tb
Mycv TbMycv Tb
Mycv Tb
 
Dnv Improving Your Process Performances With Agile
Dnv Improving Your Process Performances With AgileDnv Improving Your Process Performances With Agile
Dnv Improving Your Process Performances With Agile
 
Adapting agile to the entreprise
Adapting agile to the entreprise Adapting agile to the entreprise
Adapting agile to the entreprise
 
Mulenburg jerry
Mulenburg jerryMulenburg jerry
Mulenburg jerry
 
Whipp q3 2008_sv
Whipp q3 2008_svWhipp q3 2008_sv
Whipp q3 2008_sv
 
Terry.cooke davies
Terry.cooke daviesTerry.cooke davies
Terry.cooke davies
 
Vodafone – Technical Due Diligence Exercise
Vodafone – Technical Due Diligence ExerciseVodafone – Technical Due Diligence Exercise
Vodafone – Technical Due Diligence Exercise
 
Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012
 
Sunrise presentation
Sunrise presentationSunrise presentation
Sunrise presentation
 
Dragonsden 2012
Dragonsden 2012Dragonsden 2012
Dragonsden 2012
 
Successful NERC CIP Compliance - Robert Hoopes, PPL Corporation
Successful NERC CIP Compliance - Robert Hoopes, PPL CorporationSuccessful NERC CIP Compliance - Robert Hoopes, PPL Corporation
Successful NERC CIP Compliance - Robert Hoopes, PPL Corporation
 
Kapruch steve
Kapruch steveKapruch steve
Kapruch steve
 
Leveraging Reusability and Traceability in Medical Device Development
Leveraging Reusability and Traceability in Medical Device DevelopmentLeveraging Reusability and Traceability in Medical Device Development
Leveraging Reusability and Traceability in Medical Device Development
 
Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applications
 
Technology Projects. What could possibly go wrong
Technology Projects. What could possibly go wrongTechnology Projects. What could possibly go wrong
Technology Projects. What could possibly go wrong
 
Agile Brazil 2010 - DSD + Open Source + Agile Methods
Agile Brazil 2010 - DSD + Open Source + Agile MethodsAgile Brazil 2010 - DSD + Open Source + Agile Methods
Agile Brazil 2010 - DSD + Open Source + Agile Methods
 

Viewers also liked

CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)CISQ - Consortium for IT Software Quality
 

Viewers also liked (7)

SEI Overview Dr. Paul Nielsen
SEI Overview Dr. Paul NielsenSEI Overview Dr. Paul Nielsen
SEI Overview Dr. Paul Nielsen
 
Productivity Measurement by Dr. Bill Curtis
Productivity Measurement by Dr. Bill CurtisProductivity Measurement by Dr. Bill Curtis
Productivity Measurement by Dr. Bill Curtis
 
Automated Function Points a Game-Changer in Software Sizing
Automated Function Points a Game-Changer in Software SizingAutomated Function Points a Game-Changer in Software Sizing
Automated Function Points a Game-Changer in Software Sizing
 
Software Engineering Trends: Vision from Paul Nielsen, SEI
Software Engineering Trends: Vision from Paul Nielsen, SEISoftware Engineering Trends: Vision from Paul Nielsen, SEI
Software Engineering Trends: Vision from Paul Nielsen, SEI
 
The Technical Debt Management Cycle
The Technical Debt Management CycleThe Technical Debt Management Cycle
The Technical Debt Management Cycle
 
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
 
OMG Introduction Dr. Richard Mark Soley
OMG Introduction Dr. Richard Mark SoleyOMG Introduction Dr. Richard Mark Soley
OMG Introduction Dr. Richard Mark Soley
 

Similar to CISQ Introduction & Objectives - Dr. Bill Curtis

Is an agile SDLC an oxymoron?
Is an agile SDLC an oxymoron? Is an agile SDLC an oxymoron?
Is an agile SDLC an oxymoron? Dave Sharrock
 
Vectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric InteroperabilityVectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric InteroperabilityGovCloud Network
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsSPIN Chennai
 
Application Lifecycle Management & VSTS
Application Lifecycle Management & VSTSApplication Lifecycle Management & VSTS
Application Lifecycle Management & VSTSMicrosoft Iceland
 
De-Risk Data Center Projects With Cisco Services
De-Risk Data Center Projects With Cisco ServicesDe-Risk Data Center Projects With Cisco Services
De-Risk Data Center Projects With Cisco ServicesCisco Canada
 
Future Focus Infotech
Future Focus InfotechFuture Focus Infotech
Future Focus InfotechLyf Ffi
 
Idexcel Independent Testing Services Presentation
Idexcel Independent Testing Services PresentationIdexcel Independent Testing Services Presentation
Idexcel Independent Testing Services PresentationIdexcel
 
C S S L P & OWASP 2010 & Web Goat By Surachai.C Publish Presentation
C S S L P & OWASP 2010 & Web Goat By Surachai.C Publish PresentationC S S L P & OWASP 2010 & Web Goat By Surachai.C Publish Presentation
C S S L P & OWASP 2010 & Web Goat By Surachai.C Publish PresentationWon Ju Jub
 
20100121 04 - Présentation du CISQ par cast software
20100121 04 - Présentation du CISQ par cast software20100121 04 - Présentation du CISQ par cast software
20100121 04 - Présentation du CISQ par cast softwareLeClubQualiteLogicielle
 
Bush.stewart
Bush.stewartBush.stewart
Bush.stewartNASAPMC
 
Principles of software architecture design
Principles of software architecture designPrinciples of software architecture design
Principles of software architecture designLen Bass
 
Infrastructure as code with test approach
Infrastructure as code with test approachInfrastructure as code with test approach
Infrastructure as code with test approachEnrique Carbonell
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
HITSC 2010 06-30 slides
HITSC 2010 06-30 slidesHITSC 2010 06-30 slides
HITSC 2010 06-30 slidesBrian Ahier
 
Idexcel Corporate Overview
Idexcel Corporate OverviewIdexcel Corporate Overview
Idexcel Corporate OverviewIdexcel
 

Similar to CISQ Introduction & Objectives - Dr. Bill Curtis (20)

Is an agile SDLC an oxymoron?
Is an agile SDLC an oxymoron? Is an agile SDLC an oxymoron?
Is an agile SDLC an oxymoron?
 
Vectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric InteroperabilityVectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric Interoperability
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
 
Quality 4.0 and reimagining quality
Quality 4.0 and reimagining qualityQuality 4.0 and reimagining quality
Quality 4.0 and reimagining quality
 
Application Lifecycle Management & VSTS
Application Lifecycle Management & VSTSApplication Lifecycle Management & VSTS
Application Lifecycle Management & VSTS
 
De-Risk Data Center Projects With Cisco Services
De-Risk Data Center Projects With Cisco ServicesDe-Risk Data Center Projects With Cisco Services
De-Risk Data Center Projects With Cisco Services
 
Future Focus Infotech
Future Focus InfotechFuture Focus Infotech
Future Focus Infotech
 
Idexcel Independent Testing Services Presentation
Idexcel Independent Testing Services PresentationIdexcel Independent Testing Services Presentation
Idexcel Independent Testing Services Presentation
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoat
 
C S S L P & OWASP 2010 & Web Goat By Surachai.C Publish Presentation
C S S L P & OWASP 2010 & Web Goat By Surachai.C Publish PresentationC S S L P & OWASP 2010 & Web Goat By Surachai.C Publish Presentation
C S S L P & OWASP 2010 & Web Goat By Surachai.C Publish Presentation
 
Camo
CamoCamo
Camo
 
20100121 04 - Présentation du CISQ par cast software
20100121 04 - Présentation du CISQ par cast software20100121 04 - Présentation du CISQ par cast software
20100121 04 - Présentation du CISQ par cast software
 
Bush.stewart
Bush.stewartBush.stewart
Bush.stewart
 
Principles of software architecture design
Principles of software architecture designPrinciples of software architecture design
Principles of software architecture design
 
Infrastructure as code with test approach
Infrastructure as code with test approachInfrastructure as code with test approach
Infrastructure as code with test approach
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
HITSC 2010 06-30 slides
HITSC 2010 06-30 slidesHITSC 2010 06-30 slides
HITSC 2010 06-30 slides
 
FFI PPT
FFI PPT FFI PPT
FFI PPT
 
Idexcel Corporate Overview
Idexcel Corporate OverviewIdexcel Corporate Overview
Idexcel Corporate Overview
 
USTS Corporate Profile 2011
USTS Corporate Profile 2011USTS Corporate Profile 2011
USTS Corporate Profile 2011
 

CISQ Introduction & Objectives - Dr. Bill Curtis

  • 1. CISQ Introduction and Objectives Dr. Dr Bill Curtis Special S i l Director, CISQ thanks to www.it-cisq.org 1 CISQ Executive Forum Agenda 9:00- 9:30 Welcome & Introductions Mr. Ganesh Natarajan, NASSCOM 9:30-10:15 Introduction to CISQ Dr. Bill Curtis, CISQ 10:15-10:30 break 10:30-11:15 Introduction to the SEI Dr. Paul Nielsen, SEI 11:15-12:00 Introduction to OMG Dr. Richard Soley, OMG 12:00- 1:00 lunch 1:00- 2:30 Forum−Quality Issues Moderator: Bill Curtis 2:30- 2:30 2:45 break 2:45- 4:00 Forum−CISQ Objectives Moderator: Bill Curtis 4:00- 4:30 Summary and Adjourn Nielsen, Soley, & Natarajan 2 1
  • 2. The Software Quality Dilemma National Research Council Software for Dependable Systems “As higher levels of assurance are As demanded…testing cannot deliver the level of confidence required at a reasonable cost.” “The cost of preventing all failures will usually be prohibitively expensive, so a dependable system will not offer uniform levels of confidence across all functions.” “The correctness of the code is rarely the weakest link.” Jackson, D. (2009). Communications of the ACM, 52 (4) Software Engineering’s 4th Wave What: Architecture, Quality characteristics, Reuse 4 When: 2002 Why: Ensure software is constructed to standards Product that meet the lifetime demands placed on it What: CMM/CMMI, ITIL, PMBOK, Agile 3 When: 1990-2002 Why: Provide a more disciplined environment for Process professional work incorporating best practices What: Design methods, CASE tools 2 When: 1980-1990 Why: Give developers better tools and aids for constructing Methods software systems What: 3rd & 4th generation languages, structured programming 1 When: 1965-1980 Why: Give developers greater power for expressing their Languages programs 2
  • 3. Why CISQ? • Industry needs software quality measures: – Visibility into business critical applications – Control of outsourced work – Benchmarks • Current limitations: – Manual, expensive infrequent use – Subjective not repeatable or comparable j p p – Inconsistent definitions burdens usage 5 What Is CISQ? Partnership p IT CISQ Technical IT organizations, Executives Outsourcers, experts Government Government, Experts Define industry issues Application quality standard Drive standards adoption Other standards, methods Create assessment Technical certification infrastructure 6 3
  • 4. CISQ Members Initial CISQ Objectives 1 Raise international awareness of the critical challenge of IT software quality 2 Develop standard, automatable measures and anti-patterns for evaluating IT software quality 3 Promote global acceptance of the standard in acquiring IT software and services 4 Develop an infrastructure of authorized assessors and products using the standard 4
  • 5. CISQ Operations • CISQ Executive Meetings – Annual Executive Forums – Quarterly Webinars on progress and special topics • Quarterly CISQ Technical Meetings – Initiated Q1 2010 – Virtual to the extent possible – Distributed work on prioritized quality attributes • Member Involvement – Executives – 1 day per year – Delegates – 2-4 weeks per year 9 CISQ Status • Executive Forums in Frankfurt, Germany; Arlington, Virginia; & Bangalore, India • Five Technical Work Groups established ⎯ Based on Executive Forum priorities ⎯ Member assignment of delegates underway • Standards targeted for 2011, first draft for some Work Groups expected in December 2010 5
  • 6. CISQ Standards Process Knowledge Discovery Meta-model Technical Work Groups Structured Metrics Meta-model Function ISO Points Defined 25000 14143 Measures 27000 Maintainability CISQ Reliability & Exec Performance OMG Best ISO Practices 15939 Forum Security ISO Weaknesses 17799 Methods for & Violations CVSS Metrics Use Pattern Metamodel Knowledge Discovery Meta-model Size Technical Work Group Team Lead David Herron DCG Objective Create a definition of Function Points that is as close to IFPUG counting rules as ti l possible, while resolving the issues necessary to enable fully automated counting at the source code level 6
  • 7. Security Technical Work Group Team Lead Robert Martin MITRE Objective Develop automated source code measures that predict the vulnerability of source code to external attack. Coordinate work products with work in the software assurance community Future CISQ Directions • CISQ will pursue member-driven objectives – Determined by CISQ Executive Forum – Consensus among CISQ members of problem to be addressed • Early requests for additional objectives: – Defect and failure-related definitions – Business value measures related to application quality – Size measures • Use of Executive Forum for addressing industry issues – Quality-based SLAs in outsourcing contracts – Benchmarking – Industry response to regulatory challenges 14 7