SC-Lers, There are several presentations at Metricon by or of interest to SC-L denizens.
-gp The agenda for Metricon 2.0 in Boston August 7th has been set. Metricon is co-located with Usenix security conference. The details, travel info, registration, and agenda are here: https://www.securitymetrics.org/content/Wiki.jsp?page=Metricon2.0 There are a limited number of openings so please REGISTER SOON if interested in attending. A summary of the presentations Keynote Debate: ³Do Metrics Matter?² Andrew Jaquith (Yankee Group) & Mike Rothman (SecurityIncite) "Security Meta Metrics--Measuring Agility, Learning, and Unintended Consequence" Russell Cameron Thomas (Meritology) "Security Metrics in Practice: Development of a Security Metric System to Rate Enterprise Software" Fredrick DeQuan Lee and Brian Chess (Fortify) "A Software Security Risk Classification System" Eric Dalci and Robert Hines (Cigital) "Web Application Security Metrics" Jeremiah Grossman (WhiteHat Security) "Operational Security Risk Metrics: Definitions, Calculations, and Visualizations", Brian Laing, Mike Lloyd, and Alain Mayer (Redseal Systems) "Metrics for Network Security Using Attack Graphs: A Position Paper", Anoop Singhal (NIST), Lingyu Wang and Sushil Jaodia (Center for Secure Information Systems, George Mason University) "Software Security Weakness Scoring" Chris Wysopal (Veracode) "Developing secure applications with metrics in mind" Thomas Heyman Christophe Huygens, and Wouter Joosen (K.U.Leuven) "Correlating Automated Static Analysis Alert Density to Reported Vulnerabilities in Sendmail" Michael Gegick and Laurie Williams (North Carolina State University) Practitioner Panel moderated by Becky Bace: Three practitioners from thought leading companies describe how they use metrics to make better decisions. If you know others that would be interested this collaborative workshop, please forward them this email and let them know about this opportunity. Please contact us with any questions. Thanks, Betsy Nichols and Gunnar Peterson Metricon 2.0 Co-Chairs _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
