search menu icon-carat-right cmu-wordmark

An Evaluation of A-SQUARE for COTS Acquisition

May 2014 Technical Note
Sidhartha Mani, Nancy R. Mead

An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2014-TN-003

Abstract

Developed by the Software Engineering Institute (SEI) at Carnegie Mellon University, Software Quality Requirements Engineering for Acquisition (A-SQUARE) is a methodology used for eliciting and prioritizing security requirements as part of the acquisition process. In the project described in this paper, we evaluated the effectiveness of the A-SQUARE method by applying it to a COTS product for the advanced metering infrastructure of a smart grid. We evaluated the ability of the A-SQUARE method to identify security requirements for the COTS product;identify candidate COTS products;elicit, categorize, and prioritize security requirements;prioritize COTS products;and select a COTS product. We also evaluated the usability of the A-SQUARE tool using qualitative evaluation criteria.