How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

Parent SEI Program

CERT

Related SEI Project

Requirements Engineering for Improved System Security

Related Publications

Security Quality Requirements Engineering (SQUARE): Case Study Phase III

Security Quality Requirements Engineering

System Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II

System Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System

SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies

Nancy R. Mead

Technical Note
CMU/SEI-2007-TN-021

PDF Download

The Security Quality Requirements Engineering (SQUARE) method, developed at the Carnegie Mellon Software Engineering Institute, provides a systematic way to identify security requirements in a software development project. This report describes SQUARE and then describes other methods used for identifying security requirements, such as the Comprehensive, Lightweight Application Security Process, the Security Requirements Engineering Process, and Tropos, and compares them with SQUARE. The report concludes with some guidelines for selecting a method and a look at some related trends in requirements engineering.