These measures were developed from coding rules covering some of the most serious violations of good architectural and coding practices that should be avoided and can be detected through static code analysis. Each measure counts the number of violations of the architectural and coding rules related to that quality characteristic and then can be used in creating metrics for defect density, etc.

SecurityCritical security violations in the source code drawn from the Top 25 security weaknesses in the Common Weakness Enumeration (CWE) repository
ReliabilityCritical violations of availability, fault tolerance, and recoverability of software
Performance EfficiencyCritical violations of response time, as well as processor, memory, and utilization of other resources by the software
MaintainabilityCritical violations of modularity, architectural compliance, reusability, analyzability, and changeability in software
(...)"