| dc.description.abstract |
Today's increasing concern and needfor security in software engineering prompted the
Software Engineering Institute at Carnegie Mellon University to create the SQUARE process to
elicit, categorize and prioritize key security requirements. These security requirements, in turn,
may befurther analyzed by architecture analysis methods such as ATAM to select an
architecture that would be capable of handling the security goals. Several case studies have
proven that the SQUARE process is effective in identifying missed security requirements.
However, the SQUARE process requires specialized skills for requirements analysis and elicitation,
and risk analysis. Furthermore, the nine step process can be time consuming and difficult to
manage for security-critical projects, especially when there are numerous organizational-level
security goals, and outputsfrom the SQUARE process can differ across teams.
The _mySQUARE application is a tool aimed at improving and simplifying the SQUARE
process by semi-automating certain steps and automatically generating some of the required
outputs, including the final requirements document. With the mySQUARE application, a smaller
team or even a single individual can perform and manage the SQUARE process, eliminating
administrative overhead and producing important documents for the stakeholders, thereby
achieving output consistency across the organization. |
en_US |
