Software Engineering Institute

Collection Contents

• 

  Security Quality Requirements Engineering (SQUARE)

  January 5, 2017 • Collection

  This collection describes SQUARE, a process that helps organizations build security into the early stages of the production lifecycle.

  view
• 

  Security Quality Requirements Engineering (SQUARE) Fact Sheet

  December 9, 2016 • Fact Sheet

  SQUARE helps organizations build security, including privacy, into the early stages of the production lifecycle.

  read
• 

  Security Requirements Engineering

  July 7, 2016 • Webinar

  By Christopher J. Alberts

  Learn the importance of developing security requirements in the same time frame as functional requirements.

  watch
• 

  Security Requirements Engineering

  July 14, 2010 • White Paper

  By Nancy R. Mead

  In this paper, Nancy Mead how a systematic approach to security requirements engineering helps to avoid problems.

  read
• 

  An Evaluation of A-SQUARE for COTS Acquisition

  May 13, 2014 • Technical Note

  By Sidhartha Mani, Nancy R. Mead

  An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.

  read
• 

  Teaching Security Requirements Engineering Using SQUARE

  July 31, 2013 • White Paper

  By Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead

  In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.

  read
• 

  Measuring the Software Security Requirements Engineering Process

  July 3, 2013 • White Paper

  By Nancy R. Mead

  In this paper, Nancy Mead describes a measurement approach to security requirements engineering to analyze projects that were developed with and without SQUARE.

  read
• 

  Combining Security and Privacy in Requirements Engineering

  December 31, 2011 • Book Chapter

  By Saeed Abu-Nimeh (Damballa), Nancy R. Mead

  In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.

  read
• 

  Software Security Engineering: A Guide for Project Managers (white paper)

  May 13, 2013 • White Paper

  By Gary McGraw, Julia H. Allen, Nancy R. Mead, Robert J. Ellison, Sean Barnum

  In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.

  read
• 

  P-SQUARE Tool Video Demonstrations

  January 5, 2012 • Video

  A series of short video demonstrations of the P-SQUARE tool. The P-SQUARE tool was designed for use by stakeholders, requirements engineers, and administrators, supports both the security and privacy aspects of SQUARE.

  watch
• 

  Security Requirements Reusability and the SQUARE Methodology

  September 1, 2010 • Technical Note

  By Travis Christian, Nancy R. Mead

  In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.

  read
• 

  Adapting the SQUARE Process for Privacy Requirements Engineering

  July 1, 2010 • Technical Note

  By Ashwini Bijwe (Carnegie Mellon University), Nancy R. Mead

  In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.

  read
• 

  Adapting the SQUARE Method for Security Requirements Engineering to Acquisition

  February 22, 2010 • White Paper

  By Nancy R. Mead

  In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.

  read
• 

  SQUARE Up Your Security Requirements Engineering with SQUARE

  May 14, 2009 • Webinar

  By Nancy R. Mead

  In this 2009 webinar, Nancy Mead provides an overview of the CERT SQUARE process, and discusses current activities and plans.

  watch
• 

  Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses

  January 1, 2009 • Book Chapter

  By Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)

  In this book chapter, the authors describe methods of incorporating security requirements engineering into software engineering courses and curricula.

  read
• 

  Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Information Security and Ethics

  September 5, 2008 • Book Chapter

  By Nancy R. Mead

  In this book chapter, Nancy Mead describes issues in developing security requirements, useful methods, including details about the SQUARE method.

  read
• 

  Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

  May 1, 2008 • Technical Note

  By Nancy R. Mead, Venkatesh Viswanathan, Deepa Padmanabhan, Anusha Raveendran

  In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.

  read
• 

  Software Security Engineering: A Guide for Project Managers (book)

  March 1, 2008 • Book

  By Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead

  In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.

  read
• 

  Lessons Learned Applying the Mission Diagnostic

  March 1, 2008 • Technical Note

  By Audrey J. Dorofee, Lisa Marino, Christopher J. Alberts

  This technical note describes the adaptation of the Mission Diagnostic (MD) necessary for a customer and the lessons we learned from its use.

  read
• 

  How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

  August 1, 2007 • Technical Note

  By Nancy R. Mead

  In this 2007 report, Nancy Mead describes SQUARE, and outlines other methods used for identifying security requirements.

  read
• 

  Considering Operational Security Risk During System Development

  January 3, 2007 • Article

  By Carol Woody, Christopher J. Alberts

  In this article, the authors examine OCTAVE, an operational security-risk methodology, and apply it to security-related risks during system development.

  read
• 

  Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Integrating Security and Software Engineering

  August 22, 2006 • Book Chapter

  By Nancy R. Mead

  In this book chapter, Nancy Mead describes the SQUARE method, which can be used to elicit, analyze, and document security requirements for software systems.

  read
• 

  Security Quality Requirements Engineering (SQUARE): Case Study Phase III

  May 1, 2006 • Special Report

  By Lydia Chung, Frank Hung, Eric Hough, Don Ojoko-Adams, Nancy R. Mead

  In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.

  read
• 

  Security Quality Requirements Engineering Technical Report

  November 1, 2005 • Technical Report

  By Nancy R. Mead, Eric Hough, Ted Stehney II

  In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.

  read
• 

  SQUARE Frequently Asked Questions (FAQ)

  January 5, 2017 • White Paper

  This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle.

  read
• 

  CERT SQUARE for Acquisition (A-SQUARE)

  August 24, 2011 • Software

  SQUARE-A is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases.

  download
• 

  CERT SQUARE for Privacy (P-SQUARE)

  January 5, 2012 • Software

  P-SQUARE was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of SQUARE.

  download