CWE-1128: Understanding the CISQ Automated Quality Characteristic Measures in 2016

The most crucial software quality concerns, as highlighted by the Consortium for Information & Software Quality (CISQ) with their release of Automated Quality Characteristic Measures in 2016, are presented in this perspective. These measures are based on the standards established by the Object Management Group (OMG).

The graph presented illustrates the hierarchical connections between weaknesses at different levels of abstraction. At the highest level, weaknesses are categorized and grouped into pillars. These categories are not considered weaknesses themselves but serve to organize weaknesses that possess a common characteristic. Pillars, on the other hand, describe weaknesses in a more general and abstract manner. Below these top-level classifications, weaknesses are categorized at various levels of abstraction. Classes are still highly abstract and are not tied to any specific language or technology. On the other hand, base level weaknesses provide more specific details about a particular type of weakness. Variants, meanwhile, are weaknesses that are described in a more granular manner, often limited to a specific language or technology. Chains are sets of weaknesses that must be exploitable consecutively in order to create a vulnerability. Conversely, composites are sets of weaknesses that must all be present simultaneously to exploit a vulnerability.