ISO/IEC 5055 defines four automated source code quality measures derived from detecting and counting severe weaknesses in source code that impact key quality characteristics. ISO/IEC 5055 operationalizes internal quality at the source-code level through measurable rule violations.
These measures are intended to be language-independent and applicable across application and embedded domains. They were standardized internationally to provide a consistent basis for specifying, assessing, and contracting for internal software quality at the code level. Implementations of this standard typically provide language-specific rule sets consistent with the OMG ASCQM specification, enabling aggregation per quality characteristic.
This standard is aligned with the ISO/IEC 25010 quality model and quantifies four characteristics via rule-based detection of weaknesses defined in the OMG Automated Source Code Quality Measures (ASCQM) specification.
Quality Attributes Required or Emphasized
| Attribute | Relevance in ISO/IEC 5055 |
|---|---|
| Reliability | Counts weaknesses that could cause faults at runtime or lead to system failure, thereby degrading dependable behavior. |
| Security | Counts weaknesses that introduce vulnerabilities exploitable by attackers, reducing protection of confidentiality, integrity, and availability. |
| Performance Efficiency | Counts weaknesses that produce excessive resource consumption or latency under stated conditions. |
| Maintainability | Counts weaknesses that make the code harder, riskier, or costlier to modify, test, or understand, thus impeding efficient evolution. |