Measuring security effectiveness.


Welcome to, a community website for security practitioners. offers a community blog (this website) and a members-only mailing list.


aggregation · benchmarking · catalog project · definitions · empirical studies · metricon · modeling · ROI · visualization


Review the proceedings from the Metricon 8 conference, which was held on March 1st, 2013 at the RSA Conference in San Francisco.

Join the mailing list.

Metricon 9 — Call for Papers

- - posted in metricon, news | Comments

Call for Papers for Metricon 9

Metricon is the annual conference dedicated to security metrics. We are excited to announce Metricon 9 — an all-day metrics workshop. We invite practitioners to present practical and novel approaches for measuring information security effectiveness.

When: Friday, February 28, 2014 (the Friday of RSA); All day event

Where: Near or at RSA; specific location TBD

Theme: Behind the Curtains: From Data to Insight

New Mailing List Server

- - posted in news | Comments

I am pleased to announce that has moved to a new virtual hosting system. The primary benefit is that we have a new mailing list server that uses Mailman, rather than Majordomo. Other changes include:

Changes Are Coming

- - posted in news | Comments

Changes are coming to We are moving to a new hosting environment and mailing list system. More details soon.

Metricon 8 — Seven Metrics Challenges

- - posted in metricon | Comments

Metricon 8 was a one-day event, Friday, March 1, 2013, co-located with the RSA Security Conference, in San Francisco, WA. This page contains a description of the event, official proceedings, presentations, and the original CFP.