SQUARE Instructional Materials

Teach your students or team about SQUARE by using the following materials that describe the Security Quality Requirements Engineering (SQUARE) methodology.

A Set of Five Lectures, with Notes

  • Lecture 1: Security in Software Engineering
    Defines secure software engineering and explains the importance of considering security issues throughout the software development lifecycle, particularly during requirements engineering
  • Lecture 2: SQUARE Overview
    Explains how the SQUARE process is conducted and gives brief descriptions of each of its nine steps
  • Lecture 3: SQUARE in Detail, Part 1
    Describes SQUARE Steps 1 through 4 in detail
  • Lecture 4: SQUARE in Detail, Part 2
    Describes SQUARE Steps 5 through 9 in detail
  • Lecture 5: SQUARE for Acquisition
    Describes how SQUARE can be easily tailored and modified for various acquisition scenarios

A Tutorial

  • Part I: SQUARE Overview
    Provides some background about requirements engineering issues, explains the purpose of the SQUARE method and who is involved in implementing it, gives brief descriptions of each of its nine steps, and describes future work on the method
  • Part II: SQUARE in Detail
    Describes Steps 1 through 9 in detail and includes case study assignments

Workshop Materials

Our workshop guide gives participants a greater understanding of the SQUARE process. This is done by walking them through a sample scenario based on previously carried out case studies. Participants are split into two teams; each has a separate workshop guide:

  • One team acts as a client. This team's document describes its members' company and the situation for which they are using SQUARE.
  • The other team is the Requirements Engineering team. This team's document guides its team members through the scenario.

Additional scenarios are used for the SQUARE for Acquisition workshop. The guides used include the following:

  • Case Study 1: This case study guides participants through the process of adapting the SQUARE process for a typical software acquisition. Participants will be split into two teams: the acquisition organization team has the client role, and the contractor team is responsible for requirements identification.
  • Case Study 2: This case study also guides participants through the process of adapting the SQUARE process for a typical software acquisition. However, in this case study, the acquisition organization team defines the requirements as part of the RFP process, and the contractor team reviews the requirements.
  • Case Study 3: This case study focuses on COTS software acquisition using steps adapted from SQUARE. Participants work in three teams: the acquisition organization, COTS vendors, and subject matter experts.

These materials were developed by Software Engineering Institute staff in conjunction with Carnegie Mellon University's CyLab.

To download the files, you must first agree to a license for their use and to tell us your name and organizational affiliation.


We welcome your feedback about your experience using these materials.