SQUARE Instructional Materials
Teach your students or team about SQUARE by using the following materials that describe
the Security Quality Requirements Engineering (SQUARE) methodology:
A set of five lectures, with notes
- Lecture 1: Security in Software Engineering
Defines secure software engineering and explains the importance of considering security issues throughout the
software development life cycle, particularly during requirements engineering
- Lecture 2: SQUARE Overview
Explains how the SQUARE process is conducted and gives brief descriptions of each of its nine steps
- Lecture 3: SQUARE in Detail, Part 1
Describes SQUARE Steps 1 through 4 in detail
- Lecture 4: SQUARE in Detail, Part 2
Describes SQUARE Steps 5 through 9 in detail
- Lecture 5: SQUARE for Acquisition
Describes how SQUARE can be easily tailored and modified for various acquisition scenarios.
- Part I: SQUARE Overview
Provides some background about requirements engineering issues, explains the purpose of the SQUARE method and who
is involved in implementing it, gives brief descriptions of each of its nine steps, and describes future work on
- Part II: SQUARE in Detail
Describes Steps 1 through 9 in detail and includes case study assignments
These materials were developed by Software Engineering Institute staff in conjunction with Carnegie Mellon
- A workshop guide that gives participants a greater understanding of the SQUARE process. This is done by walking them through a sample scenario based on previously carried out case studies. Participants are split into two teams; each has a separate workshop guide:
- Clients: One team acts as a client. This document describes their company and the situation for which they are using SQUARE.
- Requirements Engineering Team: The other team is the Requirements Engineering team. This document guides them through the scenario.
- SQUARE for Acquisition workshop guides
- Case Study 1: This case study guides participants through how to adapt the SQUARE process for a typical software acquisition. Participants will be split into two teams: the acquisition organization team has the client role, and the contractor team is responsible for requirements identification.
- Case Study 2: This case study also guides participants through how to adapt the SQUARE process for a typical software acquisition. However, in this case study, the acquisition organization team defines the requirements as part of the RFP process, and the contractor team reviews the requirements.
- Case Study 3: This case study focuses on COTS software acquisition using steps adapted from SQUARE. Participants work in three teams: the acquisition organization, COTS vendors, and subject matter experts.
We welcome your feedback about your experience using these materials. Please direct your comments to Nancy Mead at
nrm [at] sei.cmu.edu or this address:
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213
Downloading the Files
To download the files, you will be required to agree to a license for their use and to tell us your name and
Last updated July 26, 2010