Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Brochure

Security Quality Requirements Engineering (SQUARE)

  • December 2016
  • SQUARE helps organizations build security, including privacy, into the early stages of the production lifecycle.
  • Cybersecurity Engineering
  • Publisher: CERT
  • Abstract

    Requirements problems are the primary reason that projects

    • are significantly over budget and past schedule
    • have significantly reduced scope
    • deliver poor-quality applications that are little used once delivered, or are cancelled altogether

    One source of these problems is poorly expressed or analyzed quality requirements, such as security and privacy. Requirements engineering defects cost 10 to 200 times more to correct during implementation than if they are detected during requirements development. Moreover, it is difficult and expensive to significantly improve the security of an application after it is in its operational environment.

    Security Quality Requirements Engineering (SQUARE) is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle. Instructional materials are available for download that can be used to teach the SQUARE method.

  • Download