[145415] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI
daemon@ATHENA.MIT.EDU (Paul Tiemann)
Tue Jul 27 19:40:04 2010
From: Paul Tiemann <paul.tiemann.usenet@gmail.com>
In-Reply-To: <20100727191443.764A233E82@absinthe.tinho.net>
Date: Tue, 27 Jul 2010 17:20:09 -0600
Cc: cryptography@metzdowd.com
To: dan@geer.org
On Jul 27, 2010, at 1:14 PM, dan@geer.org wrote:
>> False metrics are rampant in the security industry. We really need
>> to do something about them. I propose that we make fun of them.
>=20
>=20
> You might consider joining us in D.C. on 10 August at
> http://www.securitymetrics.org/content/Wiki.jsp?page=3DMetricon5.0
>=20
> --dan, program committee
Wow, I was just going to recommend Dan's book, "Security Metrics."
Anyone tasked with quantifying actual security should read his book. =
There's a pretty good dissection of ALE, and a fantastic few chapters =
about building a balanced scorecard to measure your operations from more =
perspectives than just dollars and cents.
When I read that nist.gov link, the joke about the spherical cow popped =
into my head.
Paul Tiemann
(DigiCert)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
