Security Quality Requirements Engineering (SQUARE) Methodology

Abstract

Requirements engineering, a vital component in successful project development, often does not include sufficient attention to security concerns. Studies show that up-front attention to security can save the economy billions of dollars, yet security concerns are often treated as an afterthought to functional requirements. Industry can thus benefit from a model to examine security requirements in the development stages of the production life cycle. This report presents the Security Quality Requirements Engineering (SQUARE) Methodology for eliciting and prioritizing security requirements in software development projects, which was developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program. The methodology's steps are explained and results from its application in recent case studies are examined. The NSS Program continues to develop SQUARE, which has proven effective in helping organizations understand their security posture and produce products with verifiable security requirements.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2005
Accession Number
ADA443493

Entities

People

  • Eric D. Hough
  • Nancy R. Mead
  • Theodore R. Stehney Ii

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Authentication
  • Case Studies
  • Commerce
  • Computer Access Control
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Engineering
  • Information Systems
  • Insider Threats
  • Intrusion Detection
  • Malware
  • Operating Systems
  • Security
  • Security Personnel
  • Software Development

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Life Cycle Cost Analysis
  • Software Engineering.