search menu icon-carat-right cmu-wordmark

Cybersecurity Engineering Research: Security Quality Requirements Engineering (SQUARE) Collection

This research helps organizations to build security into the early stages of the production and acquisition lifecycles, including privacy.

Software Engineering Institute


Security Quality Requirements Engineering (SQUARE) is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle. Instructional materials are available for download that can be used to teach the SQUARE method.

Using SQUARE can enable your organization to develop more secure, survivable software and systems, more predictable schedules and costs, and achieve lower costs.

SQUARE for Privacy, or P-SQUARE, is available for free to help you use the SQUARE process for security, privacy, or both.

SQUARE for Acquisition, or A-SQUARE, is available for free to help stakeholders, requirements engineers, and contractors/vendors, for a variety of acquisition cases.

See the following publications for more information about SQUARE and SQUARE tools:

Collection Items