search menu icon-carat-right cmu-wordmark

How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

August 2007 Technical Note
Nancy R. Mead

In this 2007 report, Nancy Mead describes SQUARE, and outlines other methods used for identifying security requirements.


Software Engineering Institute

CMU/SEI Report Number


DOI (Digital Object Identifier):


The Security Quality Requirements Engineering (SQUARE) method, developed at the Carnegie Mellon Software Engineering Institute, provides a systematic way to identify security requirements in a software development project. This report describes SQUARE and then describes other methods used for identifying security requirements, such as the Comprehensive, Lightweight Application Security Process, the Security Requirements Engineering Process, and Tropos, and compares them with SQUARE. The report concludes with some guidelines for selecting a method and a look at some related trends in requirements engineering.