ISO 25010
May 6, 2021

What Is ISO 25010?

Software Quality
Static Analysis

ISO 25010 helps you to ensure that your software is high quality.

Read along or jump ahead to the section that interests you the most:

➡️ See How static analysis supports ISo 25010

What Is ISO 25010?

ISO 25010, titled “Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models”, is a software quality standard. It describes the models, consisting of characteristics and sub-characteristics, for both software product quality, and software quality in use together with practical guidance on the use of the quality models.

ISO 25010 Standard Overview

ISO25010 describes two quality models:

  1. The quality in use model composed of five characteristics (some of which are further sub-divided into sub-characteristics) that relate to the outcome of interaction when a product is used in a particular context of use.
  2. A product quality model composed of eight characteristics (which are further sub-divided into sub-characteristics) that relate to static properties of software and dynamic properties of the computer system.

The characteristics and sub-characteristics provide consistent terminology for specifying, measuring and evaluating system and software product quality. They also provide a set of quality characteristics against which stated quality requirements can be compared for completeness.

Here is an overview of code quality from the perspective of “Product Quality”.

What are the ISO 25010 Product Quality Characteristics?

ISO 25010 is made up of eight product quality characteristics and 31 sub-characteristics:

  1. Functional Suitability
  2. Reliability
  3. Performance Efficiency
  4. Usability
  5. Security
  6. Compatibility
  7. Maintainability
  8. Portability

Here is an overview of each characteristic and sub-characteristic.

Functional Suitability

Functional Suitability refers to how well a product or system is able to provide functions that meet the stated and implied needs.

  • Functional Completeness: Refers to the set of functions that covers all of the specified tasks and user objectives.
  • Functional Correctness: Refers to how well a product or system provides the correct results with the needed degree of precision.
  • Functional Appropriateness: Refers to how well functions are able to accomplish specified tasks and objectives.


Reliability refers to how well a system, product, or component performs specified functions under specified conditions.

  • Maturity: Refers to how well a system, product, or component is able to meet your needs for reliability.
  • Availability: Refers to whether a system, product, or component is operational and accessible.
  • Fault Tolerance: Refers to how well a system, product, or component operates despite hardware and/or software faults.
  • Recoverability: Refers to how well a product or system can recover data in the event of an interruption or failure.

Performance Efficiency

Performance Efficiency refers to the performance related to the amount of resources used.

  • Time Behavior: Refers to the response and processing times, and throughput rates of a product or system while it’s performing its functions.
  • Resource Utilization: Refers to the amounts and types of resources used by a product or system while performing its functions.
  • Capacity: Refers to the maximum limits of a product or system parameter.


Usability refers to how well a product or system can be used to achieve specified goals effectively, efficiently, and satisfactorily.

  • Appropriateness Recognizability: Refers to how well you can recognize whether a product or system is appropriate for your needs.
  • Learnability: Refers to how easy it is to learn how to use a product or system.
  • Operability: Refers to whether a product or system has attributes that make it easy to operate and control.
  • User Error Protection: Refers to how well a system protects users against making errors.
  • User Interface Aesthetics: Refers to whether a user interface is pleasing.
  • Accessibility: Refers to how well a product or system can be used with the widest range of characteristics and capabilities.


Security refers to how well a product or system protects information and data from security vulnerabilities.

  • Confidentiality: Refers to how well a product or system is able to ensure that data is only accessible to those who have authorized access.
  • Integrity: Refers to how well a system, product, or component is able to prevent unauthorized access and modification to computer programs and/or data.
  • Non-repudiation: Refers to how well actions or events can be proven to have taken place.
  • Accountability: Refers to the actions of an unauthorized user can be traced back to them.
  • Authenticity: Refers to how well the identity of a subject or resource can be proved.
📕 Related Resource: Learn more about secure coding standards, like CERT C/CERT C++, CWE, and OWASP/OWASP Top 10.


Compatibility refers to how well a product, system, or component can exchange information as well as perform its required functions while sharing the same hardware or software environment.

  • Co-existence: Refers to how well a product can perform its required functions efficiently while sharing a common environment and resources with products, without negatively impacting any other product.
  • Interoperability: Refers to how well two or more systems, products, or components are able to exchange information and use that information.


Maintainability refers to how well a product or system can be modified to improve, correct, or adapt to changes in the environment as well as requirements.

  • Modularity: Refers to whether the components of a system or program can be changed with minimal impact on the other components.
  • Reusability: Refers to how well an asset can be used in more than one system.
  • Analysability: Refers to the effectiveness of an impact assessment on intended changes. In addition, it also refers to the diagnosis of deficiencies or causes of failures, or to identify parts to be modified.
  • Modifiability: Refers to how well a product or system can be modified without introducing defects or degrading existing product quality.
  • Testability: Refers to how effective the test criteria is for a system, product, or component. In addition, it also refers to the tests that can be performed to determine whether the test criteria has been met.


Portability refers to how well a system, product, or component can be transferred from one environment to another.

  • Adaptability: Refers to how well a product or system can be adapted for different or evolving hardware, software, or other usage environments.
  • Installability: Refers to how successfully a product or system can be installed and/or uninstalled.
  • Replaceability: Refers to how well a product can replace another comparable product.

What Is the Difference Between ISO 25010 and ISO 9126?

ISO 25010, which was published in 2011, superseded ISO 9126 published in 2001.

The main difference between the two lies in how they categorize and define non-functional software quality requirements.

ISO 25010 added two additional product quality characteristics to the six specified in ISO 9126 — adding security and compatibility.

Why Software Quality Is Important

Software quality reflects how well software conforms to the design but also how it meets non-functional requirements such as security or maintainability as described by the characteristics in ISO 25010.  Software quality measurement quantifies to what extent the software rates with regard to each of the characteristics.

Within the characteristics, the software can be assessed as to:

  • Can be tested.
  • Is easy to understand and follow.
  • Is easy to edit and upgrade without introducing new errors.

📕 For more information on software quality, check out our software quality guide.

Use Static Code Analysis to Support ISO 25010

Static code analysis plays a part in any well-defined software quality model particularly when considering security and maintainability characteristics.

Security:  Defined as the protection of system items from accidental or malicious access, use, modification, destruction, or disclosure. Static code analysis can help identify defects to prevent these types of malicious attack.

Maintainability characteristic: Metrics can be calculated to check the ongoing quality of the product:

  • Analysability: This is defined as the degree to which the software product can be diagnosed for deficiencies or causes of failures in the software.  Static analysis identifies deficiencies.
  • Testability: Using static analysis before testing reduces the number of test cases necessary

The use of coding standards such as AUTOSAR, MISRA, and CERT can discover both security issues and general deficiencies. Using a static code analysis tool like Helix QAC and Klocwork that can verify compliance with coding standards and provide evidence that compliance should be part of the quality process.

By using a static code analyzer — like Helix QAC and Klocwork — you are able to ensure software quality by:

  • Enforcing coding standards and detecting rule violations.
  • Detecting compliance issues earlier in development.
  • Accelerating code reviews and manual testing efforts.
  • Reporting on compliance over time and across product versions.

See how Helix QAC and Klocwork can help you improve your software quality, register for a free trial.

➡️ static analysis free trial