Teach your students or team about SQUARE by using the following materials that describe the Security Quality Requirements Engineering (SQUARE) methodology:

A set of five lectures, with notes

• Lecture 1: Security in Software Engineering
  Defines secure software engineering and explains the importance of considering security issues throughout the software development life cycle, particularly during requirements engineering
• Lecture 2: SQUARE Overview
  Explains how the SQUARE process is conducted and gives brief descriptions of each of its nine steps
• Lecture 3: SQUARE in Detail, Part 1
  Describes SQUARE Steps 1 through 4 in detail
• Lecture 4: SQUARE in Detail, Part 2
  Describes SQUARE Steps 5 through 9 in detail
• Lecture 5: SQUARE for Acquisition
  Describes how SQUARE can be easily tailored and modified for various acquisition scenarios.

• Part I: SQUARE Overview
  Provides some background about requirements engineering issues, explains the purpose of the SQUARE method and who is involved in implementing it, gives brief descriptions of each of its nine steps, and describes future work on the method
• Part II: SQUARE in Detail
  Describes Steps 1 through 9 in detail and includes case study assignments

Workshop materials

• A workshop guide that gives participants a greater understanding of the SQUARE process. This is done by walking them through a sample scenario based on previously carried out case studies. Participants are split into two teams; each has a separate workshop guide:
• Clients: One team acts as a client. This document describes their company and the situation for which they are using SQUARE.
• Requirements Engineering Team: The other team is the Requirements Engineering team. This document guides them through the scenario.
• SQUARE for Acquisition workshop guides
• Case Study 1: This case study guides participants through how to adapt the SQUARE process for a typical software acquisition. Participants will be split into two teams: the acquisition organization team has the client role, and the contractor team is responsible for requirements identification.
• Case Study 2: This case study also guides participants through how to adapt the SQUARE process for a typical software acquisition. However, in this case study, the acquisition organization team defines the requirements as part of the RFP process, and the contractor team reviews the requirements.
• Case Study 3: This case study focuses on COTS software acquisition using steps adapted from SQUARE. Participants work in three teams: the acquisition organization, COTS vendors, and subject matter experts.

Feedback

We welcome your feedback about your experience using these materials. Please direct your comments to Nancy Mead at nrm [at] sei.cmu.edu or this address:

Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213

Downloading the Files

To download the files, you will be required to agree to a license for their use and to tell us your name and organizational affiliation.