SQUARE Instructional Materials
Teach your students or team about SQUARE by using the following materials that describe the Security Quality Requirements Engineering (SQUARE) methodology.
A Set of Five Lectures, with Notes
- Lecture 1: Security in Software Engineering
Defines secure software engineering and explains the importance of considering security issues throughout the software development lifecycle, particularly during requirements engineering
- Lecture 2: SQUARE Overview
Explains how the SQUARE process is conducted and gives brief descriptions of each of its nine steps
- Lecture 3: SQUARE in Detail, Part 1
Describes SQUARE Steps 1 through 4 in detail
- Lecture 4: SQUARE in Detail, Part 2
Describes SQUARE Steps 5 through 9 in detail
- Lecture 5: SQUARE for Acquisition
Describes how SQUARE can be easily tailored and modified for various acquisition scenarios
- Part I: SQUARE Overview
Provides some background about requirements engineering issues, explains the purpose of the SQUARE method and who is involved in implementing it, gives brief descriptions of each of its nine steps, and describes future work on the method
- Part II: SQUARE in Detail
Describes Steps 1 through 9 in detail and includes case study assignments
Our workshop guide gives participants a greater understanding of the SQUARE process. This is done by walking them through a sample scenario based on previously carried out case studies. Participants are split into two teams; each has a separate workshop guide:
- One team acts as a client. This team's document describes its members' company and the situation for which they are using SQUARE.
- The other team is the Requirements Engineering team. This team's document guides its team members through the scenario.
Additional scenarios are used for the SQUARE for Acquisition workshop. The guides used include the following:
- Case Study 1: This case study guides participants through the process of adapting the SQUARE process for a typical software acquisition. Participants will be split into two teams: the acquisition organization team has the client role, and the contractor team is responsible for requirements identification.
- Case Study 2: This case study also guides participants through the process of adapting the SQUARE process for a typical software acquisition. However, in this case study, the acquisition organization team defines the requirements as part of the RFP process, and the contractor team reviews the requirements.
- Case Study 3: This case study focuses on COTS software acquisition using steps adapted from SQUARE. Participants work in three teams: the acquisition organization, COTS vendors, and subject matter experts.
These materials were developed by Software Engineering Institute staff in conjunction with Carnegie Mellon University's CyLab.