Organizations that are acquiring software have the same security concerns as organizations that are developing software, but they usually have less control over the actual development process. Depending on the situation, the acquisition stakeholders may be heavily involved in security requirements engineering, or they may be limited to reviewing requirements developed by the supplier. The SQUARE process for security requirements engineering can be readily adapted for different acquisition situations.

Download the white paper Adapting the SQUARE Method for Security Requirements Engineering to Acquisition, the Square for Acquisition lecture slides, and workshop materials to learn how to adapt it to these situations:

• Your acquisition organization has the typical client role for newly developed software.
• Your acquisition organization specifies the requirements as part of the RFP for newly developed software.
• Your organization is acquiring COTS software.

A free, prototype tool to support A-SQUARE is now available. The tool, designed for use by stakeholders, requirements engineers, and contractors/vendors, aids in acquisition by providing documentation support for a variety of cases. Learn more and download the tool.