Security Quality Requirements Engineering (SQUARE)
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
Requirements problems are the primary reason that projects are significantly over budget and past schedule, have significantly reduced scope, and deliver poor-quality applications that are little used once delivered, or are cancelled altogether.
One source of these problems is poorly expressed or analyzed quality requirements, such as security and privacy. Requirements engineering defects cost 10 to 200 times more to correct during implementation than if they are detected during requirements development. Moreover, it is difficult and expensive to significantly improve the security of an application after it is in its operational environment.
Security Quality Requirements Engineering (SQUARE) is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle. Instructional materials are available for download that can be used to teach the SQUARE method.
Collection Items
Security Quality Requirements Engineering Technical Report
• Technical Report
By Nancy R. Mead, Eric Hough, Ted Stehney II
In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
ReadSecurity Quality Requirements Engineering (SQUARE) Fact Sheet
• Fact Sheet
By Software Engineering Institute
SQUARE helps organizations build security, including privacy, into the early stages of the production lifecycle.
Learn MoreSQUARE Frequently Asked Questions (FAQ)
• White Paper
By Software Engineering Institute
This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle.
ReadAdapting the SQUARE Process for Privacy Requirements Engineering
• Technical Note
By Ashwini Bijwe (Carnegie Mellon University), Nancy R. Mead
In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.
ReadSecurity Requirements Reusability and the SQUARE Methodology
• Technical Note
By Travis Christian, Nancy R. Mead
In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
ReadSoftware Security Engineering: A Guide for Project Managers (book)
• Book
By Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead
In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.
ReadSoftware Security Engineering: A Guide for Project Managers (white paper)
• White Paper
By Gary McGraw, Julia H. Allen, Nancy R. Mead, Robert J. Ellison, Sean Barnum
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
ReadAdapting the SQUARE Method for Security Requirements Engineering to Acquisition
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
ReadAn Evaluation of A-SQUARE for COTS Acquisition
• Technical Note
By Sidhartha Mani, Nancy R. Mead
An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
ReadIncorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models
• Technical Note
By Nancy R. Mead, Venkatesh Viswanathan, Deepa Padmanabhan, Anusha Raveendran
In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.
ReadIdentifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Integrating Security and Software Engineering
• Book Chapter
By Nancy R. Mead
In this book chapter, Nancy Mead describes the SQUARE method, which can be used to elicit, analyze, and document security requirements for software systems.
ReadIdentifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Information Security and Ethics
• Book Chapter
By Nancy R. Mead
In this book chapter, Nancy Mead describes issues in developing security requirements, useful methods, including details about the SQUARE method.
ReadCombining Security and Privacy in Requirements Engineering
• Book Chapter
By Saeed Abu-Nimeh (Damballa), Nancy R. Mead
In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.
ReadConsidering Operational Security Risk During System Development
• Article
By Carol Woody, Christopher J. Alberts
In this article, the authors examine OCTAVE, an operational security-risk methodology, and apply it to security-related risks during system development.
Read