Security Quality Requirements Engineering (SQUARE)
This collection describes SQUARE, a process that helps organizations build security into the early stages of the production lifecycle.
Abstract
Requirements problems are the primary reason that projects are significantly over budget and past schedule, have significantly reduced scope, and deliver poor-quality applications that are little used once delivered, or are cancelled altogether.
One source of these problems is poorly expressed or analyzed quality requirements, such as security and privacy. Requirements engineering defects cost 10 to 200 times more to correct during implementation than if they are detected during requirements development. Moreover, it is difficult and expensive to significantly improve the security of an application after it is in its operational environment.
Security Quality Requirements Engineering (SQUARE) is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle. Instructional materials are available for download that can be used to teach the SQUARE method.
Collection Contents
-
Security Quality Requirements Engineering Technical Report
November 1, 2005 • Technical Report
By Nancy R. Mead, Eric Hough, Ted Stehney II
In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
read -
Security Quality Requirements Engineering (SQUARE) Fact Sheet
December 9, 2016 • Fact Sheet
SQUARE helps organizations build security, including privacy, into the early stages of the production lifecycle.
read -
SQUARE Frequently Asked Questions (FAQ)
January 5, 2017 • White Paper
This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle.
read -
Adapting the SQUARE Process for Privacy Requirements Engineering
July 1, 2010 • Technical Note
By Ashwini Bijwe (Carnegie Mellon University), Nancy R. Mead
In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.
read -
P-SQUARE Tool Video Demonstrations
January 5, 2012 • Video
A series of short video demonstrations of the P-SQUARE tool. The P-SQUARE tool was designed for use by stakeholders, requirements engineers, and administrators, supports both the security and privacy aspects of SQUARE.
watch -
Security Requirements Reusability and the SQUARE Methodology
September 1, 2010 • Technical Note
By Travis Christian, Nancy R. Mead
In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
read -
Software Security Engineering: A Guide for Project Managers (book)
March 1, 2008 • Book
By Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead
In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.
read -
Software Security Engineering: A Guide for Project Managers (white paper)
May 13, 2013 • White Paper
By Gary McGraw, Julia H. Allen, Nancy R. Mead, Robert J. Ellison, Sean Barnum
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
read -
Adapting the SQUARE Method for Security Requirements Engineering to Acquisition
February 22, 2010 • White Paper
By Nancy R. Mead
In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
read -
An Evaluation of A-SQUARE for COTS Acquisition
May 13, 2014 • Technical Note
By Sidhartha Mani, Nancy R. Mead
An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
read -
SQUARE Up Your Security Requirements Engineering with SQUARE
May 14, 2009 • Webinar
By Nancy R. Mead
In this 2009 webinar, Nancy Mead provides an overview of the CERT SQUARE process, and discusses current activities and plans.
watch -
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models
May 1, 2008 • Technical Note
By Nancy R. Mead, Venkatesh Viswanathan, Deepa Padmanabhan, Anusha Raveendran
In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.
read -
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Integrating Security and Software Engineering
August 22, 2006 • Book Chapter
By Nancy R. Mead
In this book chapter, Nancy Mead describes the SQUARE method, which can be used to elicit, analyze, and document security requirements for software systems.
read -
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Information Security and Ethics
September 5, 2008 • Book Chapter
By Nancy R. Mead
In this book chapter, Nancy Mead describes issues in developing security requirements, useful methods, including details about the SQUARE method.
read -
Combining Security and Privacy in Requirements Engineering
December 31, 2011 • Book Chapter
By Saeed Abu-Nimeh (Damballa), Nancy R. Mead
In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.
read -
Considering Operational Security Risk During System Development
January 3, 2007 • Article
By Carol Woody, Christopher J. Alberts
In this article, the authors examine OCTAVE, an operational security-risk methodology, and apply it to security-related risks during system development.
read