Metricon 1.0
The MetriCon 1.0 Agenda follows below with presentation materials from each author. A prose Digest of the meeting's conversation is here
.
1:30-3:00 Enterprise & Case Studies B - Betsy Nichols, track chair PDF
.
8:30-9:00 Keynote
- Resolved: Metrics are nifty - Andrew Jaquith, Yankee Group HTML
- Resolved: Metrics are too hard - Steve Bellovin, Columbia University PDF and TXT
9:00-10:30 Software Security Metrics - Gunnar Peterson, track chair
- A Metric for Evaluating Static Analysis Tools - Brian Chess & Katrina Tsipenyuk, Fortify Software PPT
- An Attack Surface Metric - Pratyusa Manadhata & Jeannette Wing, Carnegie-Mellon PPT
- "Good enough" Metrics - Jeremy Epstein, WebMethods PPT
- Software Security Patterns and Risk - Thomas Heyman & Christophe Huygens, U of Leuven PDF
- Code Metrics - Pravir Chandra, Secure Software PPT
11-12:30 Enterprise & Case Studies A - Adam Shostack, track chair
- Data Breaches: Measurement Efforts and Issues - Chris Walsh PDF
- The Human Side of Security Metrics - Dennis Opacki, Covestic PPT
- No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling - John Quarterman & Gretchen Phillips, InternetPerils PPT
- What are the Business Security Metrics? - Shawn Butler, MSB Associates PDF
1:30-3:00 Enterprise & Case Studies B - Betsy Nichols, track chair PDF
- Leading Indicators in Information Security - John Nye, Symantec PDF
- Top Network Vulnerabilities Over Time - Vik Solem PDF
- IAM Metrics Case Study - Andrew Sudbury, ClearPoint Metrics PPT
- Assessment of IT Security in Networked Information Systems - Jonas Hallberg & Amund Hunstad, Swedish Defence Research Agency PDF
3:30-5:00 Governance - Dan Geer, track chair
- The only metrics that matter are for decision support - Dan Geer, Verdasys PPT
- Model Concepts for Consideration and Discussion - Bryan Ware, Digital Sandbox PPT
- Mission and Metrics from Different Views: Firm/Agency, Industry, and Profession - Kawika Daguio, Northeastern University PPT
- Measuring Information Security Risk - Bob Blakley, Burton Group PPT
- Information Assurance Metrics Taxonomy - Wayne Jansen, NIST PPT
6:00 Dinner/Rump Session
- The Industrial Security Incident Database - Eric Byres, Wurldtech Analytics & David Leversage, British Columbia Institute of Technology PDF
- Milk or Wine: Does Software Security Improve with Age? - Andy Ozment and Stuart Schechter, MIT Lincoln Laboratory PDF
- Security Metrics - Pete Lindstrom, Spire Security PPT
Security Metrics: the book
Welcome
Mini MetriCon 4.5
MetriCon 4.0
Mini MetriCon 3.5
MetriCon 3.0
Mini MetriCon 2.5
MetriCon 2.0
MetriCon 1.0
Who We Are
News
Recent Changes
Aggregation
Benchmarking
Empirical Studies
Metrics Catalog Project
Metrics Definitions
Return on Investment
Security Modeling
Visualization
Page Info
My Prefs
Log in
This page (revision-23) last changed on
17:01 20-Sep-2006
by Andrew Jaquith.
JSPWiki v2.4.1-cvs
![[RSS]](/content/images/xml.png "Aggregate the RSS feed of the entire wiki")