Special Director, CISQ

Size: px

Start display at page:

Download "Special Director, CISQ"

MargaretMargaret Brown
5 years ago
Views:

1 1 CISQ Introduction and Objectives Dr. Bill Curtis Special Director, CISQ thanks to 1 CISQ Executive Forum Agenda 9:00-9:30 Welcome & Introductions Mr. Ganesh Natarajan, NASSCOM 9:30-10:15 Introduction to CISQ Dr. Bill Curtis, CISQ 10:15-10:30 break 10:30-11:15 Introduction to the SEI Dr. Paul Nielsen, SEI 11:15-12:00 Introduction to OMG Dr. Richard Soley, OMG 12:00-1:00 lunch 1:00-2:30 Forum Quality Issues Moderator: Bill Curtis 2:30-2:45 break 2:45-4:00 Forum CISQ Objectives Moderator: Bill Curtis 4:00-4:30 Summary and Adjourn Nielsen, Soley, & Natarajan 2

2 The Software Quality Dilemma National Research Council Software for Dependable Systems As higher levels of assurance are demanded testing cannot deliver the level of confidence required

The correctness of the code is rarely the weakest link. Jackson, D. (2009).

that meet the lifetime demands placed on it 3 Process What: CMM/CMMI, ITIL, PMBOK, Agile When: 1990-2002 Why: Provide a more disciplined environment for professional work incorporating

2 2 The Software Quality Dilemma National Research Council Software for Dependable Systems As higher levels of assurance are demanded testing cannot deliver the level of confidence required at a reasonable cost. The cost of preventing all failures will usually be prohibitively expensive, so a dependable system will not offer uniform levels of confidence across all functions. The correctness of the code is rarely the weakest link. Jackson, D. (2009). Communications of the ACM, 52 (4) Software Engineering s 4 th Wave 4 Product What: When: Why: Architecture, Quality characteristics, Reuse 2002 Ensure software is constructed to standards that meet the lifetime demands placed on it 3 Process What: CMM/CMMI, ITIL, PMBOK, Agile When: Why: Provide a more disciplined environment for professional work incorporating best practices 2 Methods What: Design methods, CASE tools When: Why: Give developers better tools and aids for constructing software systems 1 What: 3 rd & 4 th generation languages, structured programming When: Why: Give developers greater power for expressing their Languages programs

Control of outsourced work Benchmarks Current limitations: Manual, expensive infrequent use

CISQ? Partnership IT Executives CISQ IT organizations, Outsourcers, Government, Experts

3 3 Why CISQ? Industry needs software quality measures: Visibility into business critical applications Control of outsourced work Benchmarks Current limitations: Manual, expensive infrequent use Subjective not repeatable or comparable Inconsistent definitions burdens usage 5 What Is CISQ? Partnership IT Executives CISQ IT organizations, Outsourcers, Government, Experts Technical experts Define industry issues Drive standards adoption Create assessment infrastructure Application quality standard Other standards, methods Technical certification 6

for evaluating IT software quality Promote global acceptance of the standard in 3 acquiring IT

4 4 CISQ Members Initial CISQ Objectives 1 Raise international awareness of the critical challenge of IT software quality 2 Develop standard, automatable measures and anti-patterns for evaluating IT software quality Promote global acceptance of the standard in 3 acquiring IT software and services 4 Develop an infrastructure of authorized assessors and products using the standard

5 5 CISQ Operations CISQ Executive Meetings Annual Executive Forums Quarterly Webinars on progress and special topics Quarterly CISQ Technical Meetings Initiated Q Virtual to the extent possible Distributed work on prioritized quality attributes Member Involvement Executives 1 day per year Delegates 2-4 weeks per year 9 CISQ Status Executive Forums in Frankfurt, Germany; Arlington, Virginia; & Bangalore, India Five Technical Work Groups established Based on Executive Forum priorities Member assignment of delegates underway Standards targeted for 2011, first draft for some Work Groups expected in December 2010

6 CISQ Standards Process Technical Work Groups Function Points

Metrics Meta-model Defined Measures ISO 25000 14143 27000 CISQ

15939 Security Methods for Metrics Use Weaknesses & Violations

Meta-model Size Technical Work Group Team Lead David Herron

as close to IFPUG counting rules as possible, while resolving

6 6 CISQ Standards Process Technical Work Groups Function Points Maintainability Knowledge Discovery Meta-model Structured Metrics Meta-model Defined Measures ISO CISQ Exec Forum Reliability & Performance OMG Best Practices ISO Security Methods for Metrics Use Weaknesses & Violations ISO CVSS Pattern Metamodel Knowledge Discovery Meta-model Size Technical Work Group Team Lead David Herron DCG Objective Create a definition of Function Points that is as close to IFPUG counting rules as possible, while resolving the issues necessary to enable fully automated counting at the source code level

7 Security Technical Work Group Team Lead Robert Martin MITRE Objective Develop automated source code measures that

Coordinate work products with work in the software assurance community Future CISQ Directions CISQ will pursue

Early requests for additional objectives: Defect and failure-related definitions Business value measures related to

7 7 Security Technical Work Group Team Lead Robert Martin MITRE Objective Develop automated source code measures that predict the vulnerability of source code to external attack. Coordinate work products with work in the software assurance community Future CISQ Directions CISQ will pursue member-driven objectives Determined by CISQ Executive Forum Consensus among CISQ members of problem to be addressed Early requests for additional objectives: Defect and failure-related definitions Business value measures related to application quality Size measures Use of Executive Forum for addressing industry issues Quality-based SLAs in outsourcing contracts Benchmarking Industry response to regulatory challenges 14