James Walden and Stephan Neuhaus are organizing the International Workshop on Security Measurements and Metrics (MetriSec 2012), in Lund, Sweden, co-located with ESEM. Please consider submitting! Papers are due by May 30, 2012. The workshop is on September 21, 2012.
Quantitative assessment is a major stumbling block for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional driver for security metrics: vendors will only invest in security if customers will pay for it, and customers will only pay a premium for security that is measurably improved.
The goals of the MetriSec workshops are to showcase and foster research into security measurements and metrics and to keep building the community of individuals interested in this area. MetriSec continues the tradition started by the Quality of Protection (QoP) workshop series. As in the previous year, the co-location with ESEM is an opportunity for the security metrics folks to meet the metrics community at large.