Last year's conference, MetriCon 1.0 featured a software security metrics
track ( http://securitymetrics.org/content/Wiki.jsp?page=Metricon1.0),
including:
* A Metric for Evaluating Static Analysis Tools - Chess Tsipenyuk, Fortify
* An Attack Surface Metric - Manadhata Wing, Carnegie-Mellon
* Good enough Metrics - Epstein, WebMethods
* Software Security Patterns and Risk - Heyman Huygens, U of Leuven
* Code Metrics - Chandra, Secure Software
-gp
Second Workshop on Security Metrics (MetriCon 2.0) Call for Papers
MetriCon 2.0 CFP
August 7, 2007 Boston, MA
Overview
Do you cringe at the subjectivity applied to security in every manner? If
so, MetriCon 2.0 may be your antidote to change security from an artistic
matter of opinion into an objective, quantifiable science. The time for
adjectives and adverbs has gone; the time for hard facts and data has come.
MetriCon 2.0 is intended as a forum for lively, practical discussion in the
area of security metrics. It is a forum for quantifiable approaches and
results to problems afflicting information security today, with a bias
towards practical, specific implementations. Topics and presentations will
be selected for their potential to stimulate discussion in the Workshop.
MetriCon 2.0 will be a one-day event, Tuesday, August 7, 2007, co-located
with the 16th USENIX Security Symposium in Boston, MA, USA
(http://www.usenix.org/events/sec07/). Beginning first thing in the morning,
with meals taken in the meeting room, and extending into the evening.
Attendance will be by invitation and limited to 60 participants. All
participants will be expected to come with findings and be willing to
address the group in some fashion, formally or not. Preference given to the
authors of position papers/presentations who have actual work in progress.
Each presenter will have 10-15 minutes to present his or her idea, followed
by 15-20 minutes of discussion with the workshop participants. Panels and
groups of related presentations may be proposed to present different
approaches to selected topics, and will be steered by what sorts of
proposals come in response to this Call.
Goals and Topics
The goal of the workshop is to stimulate discussion of and thinking about
security metrics and to do so in ways that lead to realistic, early results
of lasting value. Potential attendees are invited to submit position papers
to be shared with all. Such position papers are expected to address security
metrics in one of the following categories:
Benchmarking
Empirical Studies
Metrics Definitions
Financial Planning
Security/Risk Modeling
Tools, Technologies, Tips, and Tricks
Visualization
Practical implementations, real world case studies, and detailed models will
be preferred over broader models or general ideas.
How to Participate
Submit a short position paper or description of work done/ongoing. Your
submission must be no longer than five(5) paragraphs or presentation slides.
Author names and affiliations should appear first in/on the submission.
Submissions may be in PDF, PowerPoint, HTML, or plaintext email and must be
submitted to MetriCon AT securitymetrics.org.
Presenters will be notified of acceptance by June 22, 2007 and expected to
provide materials for distribution by July 22, 2007. All slides and position
papers will be made available to participants at the workshop. No formal
proceedings are intended. Plagiarism constitutes dishonesty. The organizers
of this Workshop as well as USENIX prohibit these practices and will take
appropriate action if dishonesty of this sort is found. Submission of
recent, previously published work as well as simultaneous submissions to
multiple venues is acceptable but please so indicate in your proposal.
Location
MetriCon 2.0 will be co-located with the 16th USENIX Security Symposium
(Security ¹07). (http://www.usenix.org/events/sec07/)
Cost
$200 all-inclusive of meeting space, materials preparation, and meals for
the day.
Important Dates
Requests to participate: by May 11, 2007
Notification of acceptance: by June 22, 2007
Materials for distribution: by July 22, 2007
Workshop Organizers
Fred Cohen, Fred Cohen Associates
Jeremy Epstein, webMethods
Dan Geer, Geer Risk Services
Andrew Jaquith, Yankee Group
Elizabeth Nichols, ClearPoint Metrics, Co-Chair
Gunnar Peterson, Arctec Group, Co-Chair
Russell Cameron Thomas, Meritology
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
