February 22, 2010—Carnegie Mellon University staff within CERT, part of the Software Engineering Institute, and CyLab announced that a robust tool has been developed by a team of Carnegie Mellon Master of Software Engineering (MSE) students to support Security Quality Requirements Engineering (SQUARE).
The SQUARE tool is a free, downloadable application that gives step-by-step guidance on how to implement a requirements engineering process focused on security. With a built-in educational component, the tool helps new adopters of SQUARE more easily and quickly understand and implement the process. The tool was designed for use by requirements engineers and security professionals.
SQUARE is a nine-step process to help organizations build security into the early stages of the production life cycle. Research has shown that requirements engineering defects cost 10 to 200 times as much to correct once fielded than if they are detected during requirements development and that software faulty in security and reliability costs the economy $59.5 billion annually in breakdowns and repairs. And yet, when security requirements are considered at all during the system life cycle, they tend to be general lists of security features that are not security requirements at all, but rather implementation mechanisms. As a result, security requirements that are specific to the system and that provide for protection of essential services and assets are often neglected. Using SQUARE can enable your organization to develop more secure, survivable software and systems, more predictable schedules and costs, and achieve lower costs.
Learn more about SQUARE and download the tool from the CERT website.
For more information
Please tell us what you
think with this short
(< 5 minute) survey.