Security Quality Requirements Engineering

Requirements engineering, a vital component in successful project development, often does not include sufficient attention to security concerns. Studies show that up-front attention to security can save the economy billions of dollars, yet security concerns are often treated as an afterthought to functional requirements. Industry can thus benefit from a model to examine security requirements in the development stages of the production life cycle.

This report presents the Security Quality Requirements (SQUARE) Methodology for eliciting and prioritizing security requirements in software development projects, which was developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program. The methodology's steps are explained, and results from its application in recent case studies are examined. The NSS Program continues to develop SQUARE, which has proven effective in helping organizations understand their security posture and produce products with verifiable security requirements.

PDF [954 KB]

Authors

Nancy R. Mead

Eric Hough

Ted Stehney II

This report is related to the following area(s) of work:

Security and Survivability

Technical Report
CMU/SEI-2005-TR-009
November 2005

Cite This Report

SEI:

Mead, Nancy; Hough, Eric; & Stehney II, Ted. Security Quality Requirements Engineering (CMU/SEI-2005-TR-009). Software Engineering Institute, Carnegie Mellon University, 2005. http://www.sei.cmu.edu/library/abstracts/reports/05tr009.cfm

IEEE:

N. Mead, E. Hough, and T. Stehney II, "Security Quality Requirements Engineering," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2005-TR-009, 2005. http://www.sei.cmu.edu/library/abstracts/reports/05tr009.cfm

APA:

Mead, N., Hough, E., & Stehney II, T. (2005). Security Quality Requirements Engineering (CMU/SEI-2005-TR-009). Retrieved May 21, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/05tr009.cfm

CHI:

Mead, Nancy, Eric Hough, and Ted Stehney II. Security Quality Requirements Engineering (CMU/SEI-2005-TR-009). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005. http://www.sei.cmu.edu/library/abstracts/reports/05tr009.cfm

MLA:

Mead, N., Hough, E., & Stehney II, T. 2005. Security Quality Requirements Engineering (Technical Report CMU/SEI-2005-TR-009). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/05tr009.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.