Cybersecurity Engineering Research: Security Quality Requirements Engineering (SQUARE) Collection
• Collection
Publisher
Software Engineering Institute
Abstract
Security Quality Requirements Engineering (SQUARE) is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle. Instructional materials are available for download that can be used to teach the SQUARE method.
Using SQUARE can enable your organization to develop more secure, survivable software and systems, more predictable schedules and costs, and achieve lower costs.
SQUARE for Privacy, or P-SQUARE, is available for free to help you use the SQUARE process for security, privacy, or both.
SQUARE for Acquisition, or A-SQUARE, is available for free to help stakeholders, requirements engineers, and contractors/vendors, for a variety of acquisition cases.
See the following publications for more information about SQUARE and SQUARE tools:
Collection Items

Security Quality Requirements Engineering (SQUARE)
• Collection
By Software Engineering Institute
This collection describes SQUARE, a process that helps organizations build security into the early stages of the production lifecycle.
Learn More
Security Quality Requirements Engineering (SQUARE) Fact Sheet
• Fact Sheet
By Software Engineering Institute
SQUARE helps organizations build security, including privacy, into the early stages of the production lifecycle.
Learn More
Security Requirements Engineering
• Webcast
By Christopher J. Alberts
Learn the importance of developing security requirements in the same time frame as functional requirements.
Watch
Security Requirements Engineering
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead how a systematic approach to security requirements engineering helps to avoid problems.
Read
An Evaluation of A-SQUARE for COTS Acquisition
• Technical Note
By Sidhartha Mani, Nancy R. Mead
An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
Read
Teaching Security Requirements Engineering Using SQUARE
• White Paper
By Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.
Read
Measuring the Software Security Requirements Engineering Process
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead describes a measurement approach to security requirements engineering to analyze projects that were developed with and without SQUARE.
Read
Combining Security and Privacy in Requirements Engineering
• Book Chapter
By Saeed Abu-Nimeh (Damballa), Nancy R. Mead
In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.
Read
Software Security Engineering: A Guide for Project Managers (white paper)
• White Paper
By Gary McGraw, Julia H. Allen, Nancy R. Mead, Robert J. Ellison, Sean Barnum
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
Read
Security Requirements Reusability and the SQUARE Methodology
• Technical Note
By Travis Christian, Nancy R. Mead
In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
ReadPart of a Collection
Cybersecurity Engineering Research Collection