ISO/IEC 25010 Quality Model

• ISO/IEC 25010 is a quality model that defines eight software quality characteristics and their subcharacteristics for systematic evaluation.
• It operationalizes quality by mapping subcharacteristics to measurable metrics using methodologies like the Quamoco project.
• The model is adaptable to domains such as software process usability, industrial automation, and test artifact quality, supporting both research and industry.

The ISO/IEC 25010 Quality Model, published as ISO/IEC 25010:2011, provides the de facto international framework for defining, evaluating, and operationalizing software product quality. It establishes a comprehensive taxonomy of quality characteristics and subcharacteristics, spanning both functional and non-functional dimensions, to support rigorous assessment and quality assurance practices across the software lifecycle. The model is widely adopted as a theoretical basis for both academic research and industrial assessment, and serves as the architectural backbone for advanced, measurement-driven approaches to software quality.

1. Structure and Core Characteristics of ISO/IEC 25010

ISO/IEC 25010 defines eight top-level product quality characteristics, each further decomposed into precisely specified subcharacteristics:

Characteristic	Subcharacteristics (exact ISO/IEC 25010 terminology)
Functional suitability	Functional completeness, Functional correctness, Functional appropriateness
Performance efficiency	Time behavior, Resource utilization, Capacity
Compatibility	Co-existence, Interoperability
Usability	Appropriateness recognizability, Learnability, Operability, User error protection, User interface aesthetics, Accessibility
Reliability	Maturity, Availability, Fault tolerance, Recoverability
Security	Confidentiality, Integrity, Non-repudiation, Accountability, Authenticity
Maintainability	Modularity, Reusability, Analysability, Modifiability, Testability
Portability	Adaptability, Installability, Replaceability

Each characteristic and subcharacteristic is precisely defined within the standard. For example, "Functional suitability" is the degree to which the product provides functions that meet stated and implied needs, while "Performance efficiency" concerns the relationship between software performance and resources used under set conditions (Patil, 19 May 2025, Sun et al., 13 Nov 2025).

2. Operationalization and Measurement

Although the ISO/IEC 25010 model specifies conceptual definitions, operationalizing its characteristics into quantitative assessment requires additional modeling. The Quamoco project exemplifies this, augmenting ISO/IEC 25010 with a meta-model of ProductFactors, Measures, and Instruments. In Quamoco (Wagner et al., 2016):

• Each QualityAspect (an ISO/IEC 25010 characteristic) is refined into ProductFactors (e.g., "Duplication of Source Code" for Maintainability).
• Each ProductFactor links to one or more Measures, directly mappable to tool-supported metrics (e.g., clone coverage, cyclomatic complexity).
• Aggregation employs weighted sums in a Multi-Attribute Utility Theory framework:

$$U(p) = \sum_{m \in M(p)} w_{m,p} U(m), \qquad U(q) = \sum_{p} w_{p,q} U(p)$$

where $U(m)$ is a normalized [0,1] utility for measure $m$.

Standalone metrics for ISO/IEC 25010 qualities are also widely used, such as:

• Cyclomatic complexity: $v(G) = E - N + 2P$
• Code duplication ratio: $$(\#\text{duplicated lines})/(\text{total lines}) \times 100\%$$
• Test coverage: $$(\#\text{requirements exercised}/\text{total requirements}) \times 100\%$$
• Availability: $\mathrm{MTTF}/(\mathrm{MTTF}+\mathrm{MTTR})$
• APFD for test artifacts: $1 - \frac{\sum_{i=1}^{m} TF_i}{n m} + \frac{1}{2n}$

Empirical work has validated that Quamoco's ISO/IEC 25010-based models statistically align with expert judgments, particularly for maintainability (Wagner et al., 2016).

3. Domain-Specific Adaptations and Extensions

The ISO/IEC 25010 model is frequently adapted for domain-specific evaluation:

• Software Process Usability: ISO/IEC 25010’s Usability subcharacteristics are repurposed for assessing software development process adoption. Key Usability subcharacteristics—Appropriateness recognizability, Learnability, Operability, User error protection, User interface aesthetics, Accessibility—are preserved, though Accessibility may be replaced with constructs such as Visibility and Understandability. Metrics include subjective ratings, counts, and ratios for each subcharacteristic, and aggregation remains primarily a checklist or scale, pending formalized composition (Fontdevila et al., 2017).
• Industrial Automation: Agent–automation integration reframes characteristics like Usability (as Operability), Security (adding non-repudiation and accountability), and Performance Efficiency (emphasizing end-to-end timing, capacity, and reliability). Quantitative assessment relies strongly on Likert-rated importance, direct computation of reliability measures ($\mathrm{MTTF}$, $\mathrm{Availability}$), and aggregation using weighted sums based on stakeholder preferences (Karnouskos et al., 2021).
• Test Artifact Quality: ISO/IEC 25010 dimensions are instantiated for test cases/suites, often without direct formulas. Subcharacteristics such as Functional completeness or Operability are interpreted with context-specific metrics (APFD, suite execution time), while maintainability gains attributes like Independency, Traceability, and Changeability (Tran et al., 14 Feb 2024).
• Formal Software Models: For B abstract machines, six ISO/IEC 25010 characteristics are mapped to explicit ratios derived from labeled transition system statistics, assembling a multidimensional "quality vector" per model (Cai et al., 2020).

4. Application in Contemporary Quality Assurance Practice

ISO/IEC 25010 provides the canonical schema through which modern quality assurance, particularly in LLM-enhanced settings, is mapped and operationalized:

• Automated SQA: LLM–driven tools are mapped to ISO/IEC 25010 characteristics, e.g., automated test generation supporting Functional suitability, static analysis of code for Security or Maintainability, and UI critique for Usability. Common metrics include coverage percentage, speedup ratios, mutation coverage, and code smell reduction (Patil, 19 May 2025).
• Non-functional Quality for Generated Code: Current research emphasizes Security, Performance efficiency, and Maintainability. Automated measures such as CodeQL risk scores, runtime/memory metrics, and maintainability warnings are used to operationalize quality. There is a demonstrable mismatch between academic attention (favoring security and performance) and industry priorities (emphasizing maintainability, readability, technical debt), highlighting gaps in holistic adoption of ISO/IEC 25010 (Sun et al., 13 Nov 2025).
• Selection Methodologies: In industrial contexts, the model supports stakeholder-driven selection of system architectures or practices using normalized Likert-based weights and score aggregation via

$S_j = \sum_i w_i s_{i,j}$

where $w_i$ are sub-characteristic weights and $s_{i,j}$ are normalized performance scores per practice (Karnouskos et al., 2021).

5. Aggregation, Interpretation, and Empirical Validation

Aggregation in ISO/IEC 25010-based modeling is domain-dependent:

• Simple models group native-scale metrics and provide subcharacteristic checklists or ordinal scores (Fontdevila et al., 2017).
• Advanced models (e.g., Quamoco) employ hierarchical, weighted aggregation with normalization and utility-mapping:
  • From raw metric to [0,1] utility
  • Aggregation up the factor tree to characteristics and global quality indices (Wagner et al., 2016).

Empirical validation in peer-reviewed studies confirms the model’s practical utility and alignment to expert ratings. For example, Spearman's $\rho$ between Quamoco-derived and expert rankings for maintainability was 0.67–0.98 in practice (Wagner et al., 2016).

6. Limitations, Controversies, and Future Directions

The ISO/IEC 25010 model’s generality enables wide adoption but introduces open questions:

• Trade-offs between characteristics are context-dependent and may be unpredictable or opposed; for instance, optimizing for runtime may worsen memory usage, and security-improving prompts sometimes degrade functional correctness in generated code (Sun et al., 13 Nov 2025).
• Holistic, quantitative aggregation of all subcharacteristics into a single quality index remains an open research direction; many practical systems use subcharacteristic scores or spider plots for practitioner interpretability rather than a global scalar.
• Certain subcharacteristics, notably Usability or Accessibility, may have reduced importance or applicability in some technical domains (e.g., headless automation), as confirmed by expert surveys (Karnouskos et al., 2021).
• The need for domain-adapted metrics and nuanced operationalization is a recurrent observation across studies; substantial further work is required to develop actionable metrics for under-represented qualities (e.g., maintainability for code generated by LLMs, or test artifact-specific security) (Tran et al., 14 Feb 2024, Sun et al., 13 Nov 2025).

A plausible implication is that ISO/IEC 25010 should be viewed as a reference taxonomy: empirical research and tooling must complement it with domain- and context-specific metrics, operationalization strategies, and methodologies for weighting, aggregation, and longitudinal quality monitoring.