ISO/IEC 5055 defines four automated source code quality measures derived from detecting and counting severe weaknesses in source code that impact key quality characteristics. ISO/IEC 5055 operationalizes internal quality at the source-code level through measurable rule violations.
These measures are intended to be language-independent and applicable across application and embedded domains. They were standardized internationally to provide a consistent basis for specifying, assessing, and contracting for internal software quality at the code level. Implementations of this standard typically provide language-specific rule sets consistent with the OMG ASCQM specification, enabling aggregation per quality characteristic.
This standard is aligned with the ISO/IEC 25010 quality model and quantifies four characteristics via rule-based detection of weaknesses defined in the OMG Automated Source Code Quality Measures (ASCQM) specification.
Quality Attributes Required or Emphasized
| Attribute | Relevance in ISO/IEC 5055 |
|---|---|
| Reliability | Counts weaknesses that could cause faults at runtime or lead to system failure, thereby degrading dependable behavior. |
| Security | Counts weaknesses that introduce vulnerabilities exploitable by attackers, reducing protection of confidentiality, integrity, and availability. |
| Performance Efficiency | Counts weaknesses that produce excessive resource consumption or latency under stated conditions. |
| Maintainability | Counts weaknesses that make the code harder, riskier, or costlier to modify, test, or understand, thus impeding efficient evolution. |
References
Official/Authoritative Sources
- ISO/IEC 5055:2021 listing (ANSI Webstore): https://webstore.ansi.org/standards/iso/isoiec50552021
- BSI Knowledge catalog entry (preview pages with foreword/scope): https://shop.bsigroup.com/products/information-technology-software-measurement-software-quality-measurement-automated-source-code-quality-measures/standard
- OMG ASCQM — Automated Source Code Quality Measures (about page, v1.1): https://www.omg.org/spec/ASCQM/1.1/About-ASCQM
- OMG ASCQM specification PDF (v1.1): https://www.omg.org/spec/ASCQM/1.1/PDF
- OMG ASCQM catalog entry (latest): https://www.omg.org/spec/ASCQM/