Metricon 5 — Older but Wiser

- - posted in metricon | Comments

Metricon 5 was held Tuesday, August 10th, 2010, co-located with the 19th USENIX Security Symposium in Washington, DC. This page contains the details of the meeting, including its CFP, the final agenda, and the meeting’s Digest.


After the event, Andrew conducted a post-event survey of the participants.


Metricon 5 was held at the Marriott Woodman Park Hotel, 2660 Woodley Road Northwest, Washington, DC, on August 10th, 2010. It is co-located with the USENIX Security 2010 Symposium.

Event Sponsors

Program Committee

Conference chairs:

  • Andrew Jaquith, Forrester Research
  • Khalid Kark, Forrester Research

Program committee members:

  • Jennifer Bayuk, Stevens Institute of Technology
  • Dan Geer, In-Q-Tel
  • Chris Walsh, SurePayroll
  • Wade Baker, Verizon Risk Intelligence
  • Ray Kaplan, Ray Kaplan & Associates
  • Michael Smith, Akamai Technologies
  • Daniel Arista, Syracuse Research Corporation

Original Call for Participation

Metricon 5 is the fifth annual conference dedicated to security metrics. It is a forum for presenting new approaches for measuring information security effectiveness, with a bias towards practical, specific approaches. Topics and presentations will be selected for their novelty and merit, and their potential to stimulate discussion.

With five years of organized conferences in the history books, this year’s theme, appropriately, is Older But Wiser. Four years ago, presenters at the first Metricon discussed software security, benchmarking, identity management, enterprise case studies and many other topics. Since then, researchers and enterprises have continued to investigate new techniques. What have we learned? Given that we are trying to measure, measuring the security metrics field (and the success or failures of our own efforts) is also our responsibility.

The program is organized along three temporal perspectives:

  • Metrics Past. Which metrics techniques from 2006 worked, and which did not? And how can knowledge of the past inform the present and future?
  • Metrics Present. What is the state of the art as practiced ‘’today’ by leading corporations, consultants and researchers?
  • Metrics Future. What new strategies for measuring security will emerge in the future?

Metricon 5 will be a one-day event, Tuesday, August 10th, 2010, co-located with the 19th USENIX Security Symposium in Washington, DC ( Metricon will begin bright and early in the morning, continue through a catered lunch in meeting room, and extend into the evening with informal discussion. Attendance will be by invitation. Capacity is limited to 60 participants.

Attendance Attendance is by invitation only. If you would like to attend, send an e-mail to

All participants will be expected to “come with findings” and be willing to contribute to group discussions. Politeness will be praised; questions, encouraged; lurkers, flushed out.

The proceedings of all past meetings are available here:

For speakers:

  • Deadline for final presentation: July 30th, 2010