Hierarchical Software Quality Assurance Applied to CyberDefense

The Montana State University Software Engineering and Cybersecurity Laboratory (MSU-SECL) is currently developing the PIQUE technology. PIQUE, or the Platform for Investigative software Quality Understanding and Evaluation, is a framework that enables informed and efficient decisions when evaluating software. PIQUE collects and aggregates output from existing software analysis tools, compares the findings to similarly scoped software, and generates a quality score that is broken down into quality properties, characteristics, and measurements. PIQUE allows managers to make informed decisions about their software while also giving developers more visibility into the technical considerations and concerns of the software, especially code vulnerabilities.

We are currently working on implementations of the PIQUE framework that target following technologies: C, C#, ELF binaries (x86, ARM, MIPS, PPC architectures), Docker, and cloud-based services in Microsoft Azure's ecosystem. Each PIQUE model implementation is calibrated to report quality scores that are tuned with respect to its technology.

DHS

Idaho National Labs