Oh No! Security Metrics! ★★★★★★★★★★★★★★★ Michael HowardApril 18, 20081 Share 0 0 I just posted an article over on the SDL blog about security metrics in reponse to an analyst's criticisms of how we measure success/failure/progress. Comments always welcome. UPDATE David Litchfield just made a post on the subjet.