search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Security Quality Requirements Engineering Technical Report

Technical Report
By
In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2005-TR-009
Subjects

Abstract

Requirements engineering, a vital component in successful project development, often does not include sufficient attention to security concerns. Studies show that up-front attention to security can save the economy billions of dollars, yet security concerns are often treated as an afterthought to functional requirements. Industry can thus benefit from a model to examine security requirements in the development stages of the production life cycle.

This report presents the Security Quality Requirements (SQUARE) Methodology for eliciting and prioritizing security requirements in software development projects, which was developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program. The methodology's steps are explained, and results from its application in recent case studies are examined. The NSS Program continues to develop SQUARE, which has proven effective in helping organizations understand their security posture and produce products with verifiable security requirements.

SHARE
Download PDF
Part of a Collection

Security Quality Requirements Engineering (SQUARE)

Cybersecurity Engineering Research: Security Quality Requirements Engineering (SQUARE) Collection
Cite This Technical Report

Mead, N., Hough, E., & Stehney II, T. (2005, November 1). Security Quality Requirements Engineering Technical Report. (Technical Report CMU/SEI-2005-TR-009). Retrieved April 19, 2024, from https://insights.sei.cmu.edu/library/security-quality-requirements-engineering-technical-report/.

@techreport{mead_2005,
author={Mead, Nancy and Hough, Eric and Stehney II, Ted},
title={Security Quality Requirements Engineering Technical Report},
month={Nov},
year={2005},
number={CMU/SEI-2005-TR-009},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/security-quality-requirements-engineering-technical-report/},
note={Accessed: 2024-Apr-19}
}

Mead, Nancy, Eric Hough, and Ted Stehney II. "Security Quality Requirements Engineering Technical Report." (CMU/SEI-2005-TR-009). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, November 1, 2005. https://insights.sei.cmu.edu/library/security-quality-requirements-engineering-technical-report/.

N. Mead, E. Hough, and T. Stehney II, "Security Quality Requirements Engineering Technical Report," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2005-TR-009, 1-Nov-2005 [Online]. Available: https://insights.sei.cmu.edu/library/security-quality-requirements-engineering-technical-report/. [Accessed: 19-Apr-2024].

Mead, Nancy, Eric Hough, and Ted Stehney II. "Security Quality Requirements Engineering Technical Report." (Technical Report CMU/SEI-2005-TR-009). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Nov. 2005. https://insights.sei.cmu.edu/library/security-quality-requirements-engineering-technical-report/. Accessed 19 Apr. 2024.

Mead, Nancy; Hough, Eric; & Stehney II, Ted. Security Quality Requirements Engineering Technical Report. CMU/SEI-2005-TR-009. Software Engineering Institute. 2005. https://insights.sei.cmu.edu/library/security-quality-requirements-engineering-technical-report/

Ask a question about this Technical Report