Oh No! Security Metrics!


I just posted an article over on the SDL blog about security metrics in reponse to an analyst’s criticisms of how we measure success/failure/progress.


Comments always welcome.


UPDATE David Litchfield just made a post on the subjet.