Abstract
Today's increasing concern and needfor security in software engineering prompted the Software Engineering Institute at Carnegie Mellon University to create the SQUARE process to elicit, categorize and prioritize key security requirements. These security requirements, in turn, may befurther analyzed by architecture analysis methods such as ATAM to select an architecture that would be capable of handling the security goals. Several case studies have proven that the SQUARE process is effective in identifying missed security requirements. However, the SQUARE process requires specialized skills for requirements analysis and elicitation, and risk analysis. Furthermore, the nine step process can be time consuming and difficult to manage for security-critical projects, especially when there are numerous organizational-level security goals, and outputsfrom the SQUARE process can differ across teams. The _mySQUARE application is a tool aimed at improving and simplifying the SQUARE process by semi-automating certain steps and automatically generating some of the required outputs, including the final requirements document. With the mySQUARE application, a smaller team or even a single individual can perform and manage the SQUARE process, eliminating administrative overhead and producing important documents for the stakeholders, thereby achieving output consistency across the organization.