The following list provides more information about the need for security quality requirements engineering in general and the SQUARE project in particular.

SEI Technical Reports

Adapting the SQUARE Process for Privacy Requirements Engineering (CMU/SEI-2010-TN-022, July 2012)

SQUARE Methodology: Case Study on Asset Management System (CMU/SEI-2004-SR-015, 2004)

SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies (CMU/SEI-2004-TN-045, November 2004)

System Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II (CMU/SEI-2005-SR-005, May 2005)

Security Quality Requirements Engineering (SQUARE) Methodology (CMU/SEI-2005-TR-009, November 2005)

Security Quality Requirements Engineering (SQUARE) Case Study Phase III (CMU/SEI-2006-SR-003, May 2006)

Security Requirements Reusability and the SQUARE Methodology (CMU/SEI-2010-TN-027, September 2010)

How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods (CMU/SEI-2007-TN-021, August 2007)

Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models (CMU/SEI-2008-TN-006, May 2008)

SQUARE-Lite: Case Study on VADSoft Project (CMU/SEI-2008-SR-017, June 2008)

Privacy Risk Assessment Case Studies in Support of SQUARE (CMU/SEI-2009-SR-017, July 2009)

Book Chapters and Books

Mead, N. R., Davis, N., Dougherty, C., & Mead, R. Ch. 8, “Recommended Practices,” 275-308. Secure Coding in C and C++. Robert Seacord. Upper Saddle River, NJ: Addison Wesley, 2005.

Mead, N. R. Ch. 3, “Identifying Security Requirements Using the SQUARE Method,” 44-69. Integrating Security and Software Engineering: Advances and Future Visions. H. Mouratidis & P. Giorgini. Hershey, PA: Idea Group, 2006, (ISBN: 1-59904-147-2).

Mead, N. R. Ch. 2.20, "Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method,” pp. 943-963. Information Security and Ethics: Concepts, Methodologies, Tools, and Applications. Edited by Hamid Nemati. IGI Global, 2007.

Allen, J., Barnum, S., Ellison, R., McGraw, G., & Mead, N. R. Software Security Engineering: A Guide for Project Managers. Addison-Wesley Professional, 2008 (ISBN-13: 978-0-321-50917-8).

Mead, N. R. & Shoemaker, D. Ch. VI, "Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses and Curricula,” 98-113. Software Engineering: Effective Teaching and Learning Approaches and Practices. Edited by Ellis, Demurjian, & Naveda. IGI Global, 2008.

Papers

Mead, N. R. & Hough, E. D. “Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education,” 149-156. Proceedings of the 19th Conference on Software Engineering Education & Training. Turtle Bay, Hawaii, April 2006. IEEE Computer Society, 2006.

Mead, N. R. “Experiences in Eliciting Security Requirements.” CrossTalk 19, 12 (December 2006): 14-19.

Mead, N. R., Viswanathan, V., & Zhan, J. “Incorporating Security Requirements Engineering into the Rational Unified Process,” 537-542. Proceedings of the 2008 International Conference on Information Security and Assurance (ISA). Busan, Korea, April 2008. IEEE Computer Society, 2008.

Mead, N. R., Viswanathan, Venkatesh, & Padmanabhan, Deepa. “Incorporating Security Requirements Engineering into the Dynamic Systems Development Method,” 949-954. Proceedings of the COMPSAC (International Computer Software and Applications Conference) 2008 and IWSSE Workshop (International Workshop on Security and Software Engineering). Turku, Finland, July, 2008. IEEE, 2008.

Mead, N.R., Viswanathan, V., & Zhan, J. “Incorporating Security Requirements Engineering into Standard Lifecycle Processes,” an invited paper. IJSIA 2, 4 (October 2008): 67-80.

Miyazaki, S., Mead N. R., & Zhan, J. “Computer-Aided Privacy Requirements Elicitation Technique,” 367-372. Proceedings of the 2008 IEEE Asia-Pacific Services Computing Conference (APSCC). Yilan, Taiwan December 2008. IEEE, 2009.

Mead, N. R., Shoemaker, D., & Ingalsbe, J. “Ensuring Cost Efficient and Secure Software through Student Case Studies in Risk and Requirements Prioritization.” Proceedings of the 42st Hawaii International International Conference on Systems Science (HICSS-42 2009). Waikoloa, Big Island, Hawaii, January 2009. IEEE Computer Society, 2009.

Mead, N. R. & Yoshioka, N. “Square Up Your Security Requirements Engineering with SQUARE,” an invited paper. Information Processing Society of Japan (IPSJ) Journal 50, 3 (March 2009).

Abu-Nimeh, S., Miyazaki, S., & Mead, N. R. “Integrating Privacy Requirements into Security Requirements Engineering.” Paper presented at the IEEE Software Engineering and Knowledge Engineering (SEKE) Conference. Boston, MA, July 2009.

Mead, N. R. “Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods.” International Journal of Software and Security Engineering (IJSSE) 1, 1 (Jan – Mar 2010).

Mead, N. R., Shoemaker, D., & Ingalsbe, J. “Teaching Security Requirements Engineering Using SQUARE.” Paper presented at the 4th International Workshop on Requirements Engineering Education and Training (REET), IEEE Requirements Engineering Conference. September, 2009.

Abu-Nimeh, S., & Mead, N. R. “Privacy Risk Assessment in Privacy Requirements Engineering.” Paper presented at the Second International Workshop on Requirements Engineering and Law (RELAW), IEEE Requirements Engineering Conference. September, 2009.

White Paper

Mead, Nancy R. Adapting the SQUARE Method for Security Requirements Engineering to Acquisition.