Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Adapting the SQUARE Method for Security Requirements Engineering to Acquisition

  • February 2010
  • By Nancy R. Mead
  • In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
  • Cybersecurity Engineering
  • Publisher: Software Engineering Institute
  • Abstract

    Organizations that are acquiring software have the same security concerns as organizations that are developing software, but they usually have less control over the actual development process. Depending on the exact situation, the acquisition stakeholders may be heavily involved in security requirements engineering, or they may have a role that is largely limited to reviewing requirements developed by the supplier. In this paper the SQUARE process for security requirements engineering is adapted for different acquisition situations. In the future, it is hoped that other security requirements engineering methods will be adapted to acquisition. The next steps for SQUARE for Acquisition are to use it on actual projects.
  • Download