G. Yip and C. Zhang (USA)
SQUARE, requirements, software security
Today’s increasing need for security in software engineering prompted the SEI at CMU to create the SQUARE process to elicit, categorize and prioritize key security requirements. These security requirements, in turn, may be further analyzed to select an architecture that would be capable of handling the security goals. Several case studies have proven that the SQUARE process is effective in identifying missed security requirements. However, the nine step process can be time consuming and difficult to manage for security-critical projects, especially when there are numerous organizational-level security goals, and outputs from the SQUARE process can differ across teams. This paper presents the mySQUARE application, a tool aimed at improving and simplifying the SQUARE process by semi-automating certain steps and automatically generating some required outputs, including the final requirements document.
Important Links:
Go Back
