CWE-1305: Understanding Software Quality Through CISQ Automated Quality Characteristic Measures

The most crucial concerns regarding software quality are highlighted in this perspective, which is based on the findings of the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristic Measures. These measures, which were published in 2020, are based on the standards established by the Object Management Group (OMG).

The graph provided illustrates the interconnected relationships between different levels of weaknesses. The highest level consists of categories and pillars, which serve as groupings for weaknesses. Categories, although not actual weaknesses, are specific CWE entries employed to cluster weaknesses that possess a common characteristic. Pillars, on the other hand, represent weaknesses described in a highly abstract manner. Below these top-level entries lie weaknesses of varying levels of abstraction. Classes are still very abstract, typically not dependent on any particular programming language or technology. Base level weaknesses, however, present a more specific type of weakness. A variant refers to a weakness that is described with great detail, often limited to a specific programming language or technology. A chain, in this context, refers to a sequence of weaknesses that must be accessible in consecutive order to exploit a vulnerability. Conversely, a composite refers to a set of weaknesses that must all be simultaneously present to exploit a vulnerability.