[EIS] MetriSec 2009 - attend the workshop on Oct 14!

Andy Ozment andy.ozment at ieee.org
Wed Aug 12 10:42:19 EDT 2009


                        Call for Participation

                            MetriSec 2009
   5th International Workshop on SECURITY MEASUREMENTS AND METRICS
       (Formerly the Workshop on Quality of Protection - QoP)


          Affiliated with the International Symposium on
        Empirical Software Engineering and Measurement (ESEM)

                          October 14, 2009
                    Lake Buena Vista, Florida, USA



Information security academics and practitioners, please consider 
attending MetriSec 2009, which will be held on Wed October 14, 2009 near 
Orlando, Florida. The workshop is held in conjunction with the 
International Symposium on Empirical Software Engineering and 
Measurement (ESEM).


A stimulating set of technical papers has been accepted for presentation 
and can be seen at:

The workshop will also feature guest speakers and, as always, lively 


Registration for both the workshop and the workshop hotel is now open. 
Early registration ends September 16. Please go to our website, listed 
above, for registration information. The special hotel rate ends on 
September 11.


Quantitative assessment is a major stumbling block for software and 
system security. Although some security metrics exist, they are rarely 
adequate. The engineering importance of metrics is intuitive: you cannot 
consistently improve what you cannot measure. Economics is an additional 
driver for security metrics: customers are unlikely to pay a premium for 
security if they are unable to quantify what they receive.

The goal of the workshop is to foster research into security 
measurements and metrics and to continue building the community of 
individuals interested in this field. MetriSec continues the tradition 
started by the Quality of Protection (QoP) workshop series; this year, 
the new co-location with ESEM is an opportunity for the security metrics 
folks to meet the metrics community at large.

The topics of interest to the workshop include, but are not limited to:

* Security metrics
* Security measurement and monitoring
* Development of predictive models
* Experimental validation of models
* Formal theories of security metrics
* Security quality assurance
* Empirical assessment of security architectures and solutions
* Mining data from attack and vulnerability repositories: e.g. CVE, CVSS
* Static analysis metrics
* Simulation and statistical analysis
* Stochastic modeling
* Security risk analysis
* Industrial experience


Andy Ozment (US)
Riccardo Scandariato (Katholieke Universiteit Leuven, BE)


Thomas Heyman (Katholieke Universiteit Leuven, BE)

More information about the EIS-announce mailing list