.
>
>>
>> -gp
>>
>> On 4/24/07 7:32 PM, "Gary McGraw" <[EMAIL PROTECTED]> wrote:
>>
>>> Plus, check out Andrew Jaquith's excellent book:
>>>
>>> -Original Message-
>>> From: Gunnar Peterson [mailto:[E
uith's excellent book:
> >
> > -Original Message-
> > From: Gunnar Peterson [mailto:[EMAIL PROTECTED]
> > Sent: Tue Apr 24 20:14:53 2007
> > To: Secure Mailing List
> > Subject: [SC-L] MetriCon 2.0 CFP
> >
> > Last year's confer
You know its a little off topic - but I'd kill for a set of metrics
around the effectiveness/efficiency of a SOC :)
Anyone got any ideas? The usual "events per person" type metrics are
backwards (good security means less events so lower "efficiency"
Thanks
Bret
___
Plus, check out Andrew Jaquith's excellent book:
-Original Message-
From: Gunnar Peterson [mailto:[EMAIL PROTECTED]
Sent: Tue Apr 24 20:14:53 2007
To: Secure Mailing List
Subject: [SC-L] MetriCon 2.0 CFP
Last year's conference, MetriCon 1.0 featured a softwar
14:53 2007
> To: Secure Mailing List
> Subject: [SC-L] MetriCon 2.0 CFP
>
> Last year's conference, MetriCon 1.0 featured a software security metrics
> track ( http://securitymetrics.org/content/Wiki.jsp?page=Metricon1.0),
> including:
>
> * A Metric for Evaluating Stat
Last year's conference, MetriCon 1.0 featured a software security metrics
track ( http://securitymetrics.org/content/Wiki.jsp?page=Metricon1.0),
including:
* A Metric for Evaluating Static Analysis Tools - Chess & Tsipenyuk, Fortify
* An Attack Surface Metric - Manadhata & Wing, Carnegie-Mellon
*