The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.
Organizations that are acquiring software have the same security concerns as organizations that are developing software, but they usually have less control over the actual development process. Depending on the exact situation, the acquisition stakeholders may be heavily involved in security requirements engineering, or they may have a role that is largely limited to reviewing requirements developed by the supplier. In this paper the SQUARE process for security requirements engineering is adapted for different acquisition situations. In the future, it is hoped that other security requirements engineering methods will be adapted to acquisition. The next steps for SQUARE for Acquisition are to use it on actual projects.