MetriSec 2012 8th International Workshop on SECURITY MEASUREMENTS AND METRICS
Affiliated with the International Symposium on Empirical Software Engineering and Measurement (ESEM) September 21, 2012 Lund, Sweden WORKSHOP OVERVIEW Quantitative assessment is a major stumbling block for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional driver for security metrics: customers are unlikely to pay a premium for security if they are unable to quantify what they receive. The goal of the workshop is to foster research into security measurements and metrics and to continue building the community of individuals interested in this field. This year, MetriSec continues its co-location with ESEM, which offers an opportunity for the security metrics folks to meet the metrics community at large. The organizers solicit original submissions from industry and academic experts on the development and application of repeatable, meaningful measurements in the fields of software and system security. The topics of interest include, but are not limited to: Security metrics Security measurement and monitoring Development of predictive models Experimental validation of models Formal theories of security metrics Security quality assurance Empirical assessment of security architectures and solutions Mining data from attack and vulnerability repositories: e.g. CVE, CVSS Software security metrics Static analysis metrics Simulation and statistical analysis Security risk analysis Industrial experience IMPORTANT DATES Submission of papers: May 30 Notification to authors: June 24 Submission of camera-ready: July 1 PUBLICATION Authors of accepted papers must present their work at the workshop. The proceedings of the workshop will be electronically published by the IEEE. PAPER SUBMISSION Submissions are sought in any of the following three categories: (a) Research papers describing original results, both theoretical and experimental, are solicited in any of the above mentioned topics. Theoretical papers should clearly state the contribution and include some initial validation. Experimental papers are particularly welcome. In this case, authors are required to explicitly state their hypothesis, to detail the methodology used, and to describe the experiment set-up. (b) Preliminary research results or new ideas can be submitted in the form of short papers. (c) Industry experience reports are also welcome. Industry papers should have at least one author from industry or government, and will be considered for their industrial relevance. The page limit for the final proceedings version is 10 pages in double-column format; short papers are limited to 4 pages. Authors should use the IEEE Conference Proceedings Template when preparing their submission. Only PDF files are accepted. WORKSHOP CO-CHAIRS James Walden - Northern Kentucky University (US) Stephan Neuhaus - ETH Zurich (CH) STEERING COMMITTEE Dieter Gollmann, TU Harburg (DE) Sushil Jajodia, GMU (US) Guenter Karjoth, IBM (CH) Fabio Massacci, Uni. Trento (IT) John McHugh, Dalhousie Uni. (CA) Riccardo Scandariato, KU Leuven (BE) Ketil Stolen, SINTEF (NO) Laurie Williams, NCSU (US) PROGRAM COMMITTEE Andrea Capiluppi, University of East London (UK) Robert Cunningham, MIT (US) Michael Gegick (US) Dieter Gollmann, TU Harburg (DE) Maureen Doyle, NKU (US) Christophe Huygens, KU Leuven (BE) Sushil Jajodia, GMU (US) Erland Jonsson, Chalmers (SE) Howard Lipson, CERT (US) Fabio Massacci, Uni. Trento (IT) Miles McQueen, Idaho National Laboratory (US) Andy Meneely, NCSU (US) Riccardo Scandariato, KU Leuven (BE) Karen Scarfone, NIST (US) Yonghee Shin, DePaul University (US) Ketil Stolen, SINTEF (NO) Jeff Stuckman, UMD (US) Laurie Williams, NCSU (US) Roland Yap, National University of Singapore (SG) Nicola Zannone, Eindhoven University of Technology (NL) _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
