{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T07:30:35Z","timestamp":1769585435651,"version":"3.49.0"},"reference-count":7,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2005,5,15]],"date-time":"2005-05-15T00:00:00Z","timestamp":1116115200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGSOFT Softw. Eng. Notes"],"published-print":{"date-parts":[[2005,7]]},"abstract":"<jats:p>Requirements engineering, a vital component in successful project development, often neglects sufficient attention to security concerns. Further, industry lacks a useful model for incorporating security requirements into project development. Studies show that upfront attention to security saves the economy billions of dollars. Industry is thus in need of a model to examine security and quality requirements in the development stages of the production lifecycle.In this paper, we examine a methodology for both eliciting and prioritizing security requirements on a development project within an organization. We present a model developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program, and then examine two case studies where the model was applied to a client system. The NSS Program continues to develop this useful model, which has proven effective in helping an organization understand its security posture.<\/jats:p>","DOI":"10.1145\/1082983.1083214","type":"journal-article","created":{"date-parts":[[2005,11,7]],"date-time":"2005-11-07T19:28:32Z","timestamp":1131391712000},"page":"1-7","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":86,"title":["Security quality requirements engineering (SQUARE) methodology"],"prefix":"10.1145","volume":"30","author":[{"given":"Nancy R.","family":"Mead","sequence":"first","affiliation":[{"name":"Software Engineering Institute, Pittsburgh, PA"}]},{"given":"Ted","family":"Stehney","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA"}]}],"member":"320","published-online":{"date-parts":[[2005,5,15]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Secure Business Quarterly","author":"Soo Hoo K.","year":"2001","unstructured":"Soo Hoo , K. , Sudbury , J. W. , Jaquith , J. R. \" Tangible ROI Through Secure Software Engineering \" , Secure Business Quarterly , Volume 1 , Number 2, @stake, 2001 . Soo Hoo, K., Sudbury, J. W., Jaquith, J. R. \"Tangible ROI Through Secure Software Engineering\", Secure Business Quarterly, Volume 1, Number 2, @stake, 2001."},{"key":"e_1_2_1_2_1","volume-title":"http:\/\/www.nist.gov\/public_affairs\/releases\/n02-10.htm","author":"National Institute of Standards and Technology, \"Software Errors Cost U.S. Economy $59.5 Billion Annually\" (NIST 2002-10).","year":"2002","unstructured":"National Institute of Standards and Technology, \"Software Errors Cost U.S. Economy $59.5 Billion Annually\" (NIST 2002-10). http:\/\/www.nist.gov\/public_affairs\/releases\/n02-10.htm ( 2002 ). National Institute of Standards and Technology, \"Software Errors Cost U.S. Economy $59.5 Billion Annually\" (NIST 2002-10). http:\/\/www.nist.gov\/public_affairs\/releases\/n02-10.htm (2002)."},{"key":"e_1_2_1_3_1","volume-title":"SQUARE Methodology: Case Study on Asset Management System (CMU\/SEI-2004-SR-015)","author":"Chen P.","year":"2004","unstructured":"Chen , P. , Mead , N. R. , Dean , M. , Lopez , L. , Ojoko-Adams , D. , Osman , H. Xie , N. SQUARE Methodology: Case Study on Asset Management System (CMU\/SEI-2004-SR-015) . Pittsburgh, PA : Software Engineering Institute, Carnegie Mellon University , 2004 . Chen, P., Mead, N. R., Dean, M., Lopez, L., Ojoko-Adams, D., Osman, H. Xie, N. SQUARE Methodology: Case Study on Asset Management System (CMU\/SEI-2004-SR-015). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004."},{"key":"e_1_2_1_4_1","volume-title":"SQUARE Methodology: Case Study on Asset Management System (CMU\/SEI-2004-SR-015)","author":"Chen P.","year":"2004","unstructured":"Chen , P. , Mead , N. R. , Dean , M. , Lopez , L. , Ojoko-Adams , D. , Osman , H. Xie , N. SQUARE Methodology: Case Study on Asset Management System (CMU\/SEI-2004-SR-015) . Pittsburgh, PA : Software Engineering Institute, Carnegie Mellon University , 2004 . Chen, P., Mead, N. R., Dean, M., Lopez, L., Ojoko-Adams, D., Osman, H. Xie, N. SQUARE Methodology: Case Study on Asset Management System (CMU\/SEI-2004-SR-015). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004."},{"key":"e_1_2_1_5_1","volume-title":"4th International Workshop on Requirements for High Assurance Systems","author":"Mead N.","year":"2004","unstructured":"Mead , N. \" Requirements Elicitation and Analysis Processes for Safety & Security Requirements\" , 4th International Workshop on Requirements for High Assurance Systems , September 6, 2004 , Kyoto, Japan, proceedings published by SEI:http:\/\/www.sei.cmu.edu\/community\/rhas-workshop\/#papers. Mead, N. \"Requirements Elicitation and Analysis Processes for Safety & Security Requirements\", 4th International Workshop on Requirements for High Assurance Systems, September 6, 2004, Kyoto, Japan, proceedings published by SEI:http:\/\/www.sei.cmu.edu\/community\/rhas-workshop\/#papers."},{"key":"e_1_2_1_6_1","unstructured":"Student report to be sanitized and published by the SEI.  Student report to be sanitized and published by the SEI."},{"key":"e_1_2_1_7_1","unstructured":"Student report to be sanitized and published by the SEI.  Student report to be sanitized and published by the SEI."}],"container-title":["ACM SIGSOFT Software Engineering Notes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1082983.1083214","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1082983.1083214","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:08:06Z","timestamp":1750262886000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1082983.1083214"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,5,15]]},"references-count":7,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2005,7]]}},"alternative-id":["10.1145\/1082983.1083214"],"URL":"https:\/\/doi.org\/10.1145\/1082983.1083214","relation":{"is-identical-to":[{"id-type":"doi","id":"10.1145\/1083200.1083214","asserted-by":"subject"}]},"ISSN":["0163-5948"],"issn-type":[{"value":"0163-5948","type":"print"}],"subject":[],"published":{"date-parts":[[2005,5,15]]},"assertion":[{"value":"2005-05-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}