search menu icon-carat-right cmu-wordmark

Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

May 2008 Technical Note
Nancy R. Mead, Venkatesh Viswanathan, Deepa Padmanabhan, Anusha Raveendran

In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.


Software Engineering Institute

CMU/SEI Report Number


DOI (Digital Object Identifier):


SQUARE (Security Quality Requirements Engineering) is a method for eliciting and prioritizing security requirements in software development projects. This report describes how SQUARE can be incorporated in standard life-cycle models for security-critical projects. Life-cycle models and process methods considered for the report are the waterfall model, Rational Unified Process, the spiral model, and Dynamic Systems Development Method (an agile method).  

This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical projects that follow standard life-cycle models.