Measuring the Trustworthiness of Software
ISO 25023 3 is the standard that defines measures for each of the characteristics and subcharacteristics in ISO 25010 . However , virtually all of the measures in ISO 25023 evaluate the operational behavior of a system rather than the quality of its construction . With the exception of Safety , ISO 25023 defines measures that can be used to assess the operational aspects of Trustworthiness such as outages , security breaches , data theft , managing unexpected conditions , etc .
For instance , Reliability is measured by the amount of time the system is available rather than by assessing software flaws that will cause the system to crash . Consequently , there was a need to evaluate the engineering structure of a software system to assess its Trustworthiness characteristics before it was placed in operation .
To meet this need , last year ISO published ISO / IEC 5055:2021 4 . This standard was originally developed by the Consortium for Information and Software Quality ( CISQ ), a Special Interest Group managed by the Object Management Group ( OMG ). CISQ was co-founded by Paul Nielsen , CEO of the Software Engineering Institute ( SEI ) at Carnegie Mellon University and Richard Soley , CEO of the Object Management Group . CISQ was initially chartered to create standards for automating the measurement of software size and structural quality .
Over 80 senior software experts from 31 companies in North America , Europe , and Asia met several times over 18 months to develop standards for measuring 4 of the 8 quality characteristics in ISO 25010 — Reliability , Security , Maintainability , and Performance Efficiency . The four standards were initially focused on business software applications .
These four measurement standards were eventually upgraded to add coverage for embedded software . All four updated measures were combined into one OMG standard⎯Automated Source Code Quality Measures . This consolidated standard was approved by OMG and submitted to ISO as a Publicly Available Standard . On March 31 , 2021 , it was approved and published by ISO as ISO / IEC 5055:2021 .
The two measures related to Trustworthiness are Reliability and Security , and they also provide coverage for Resilience and Privacy . Currently ISO 5055 does not provide a measure to cover Safety . However , when the updated ISO 25010 with is published between 2023 and 2025 , ISO 5055 will be updated to include a measure for Safety .
3
ISO / IEC 25023:2016 Systems and software engineering — Systems and software Quality Requirements and Evaluation ( SQuaRE ) — Measurement of system and software product quality .
4
ISO / IEC 5055:2021 Information technology — Software measurement — Software quality measurement — Automated source code quality measures .
IIC Journal of Innovation 39