[Infowarrior] - MetriCon 1.0 Call for Papers

[Richard Forno]

From: Andrew Jaquith <arj00001 at comcast.net>

MetricCon 1.0 - Announcement and Call for Participation
First Workshop on Security Metrics (MetriCon 1.0), August 1, 2006
Vancouver,B.C., Canada

Overview

Ever feel like Chicken Little? Wonder if letter grades, color codes, and/or
duct tape are even a tiny bit useful? Cringe at the subjectivity applied to
security in every manner? If so, MetriCon 1.0 may be your antidote to change
security from an artistic "matter of opinion" into an objective,
quantifiable science. The time for adjectives and adverbs has gone; the time
for numbers has come.
MetriCon 1.0 is intended as a forum for lively, practical discussion in the
area of security metrics. It is a forum for quantifiable approaches and
results to problems afflicting information security today, with a bias
towards practical, specific implementations. Topics and presentations will
be selected for their potential to stimulate discussion in the Workshop.

Workshop Format

MetriCon 1.0 will be a one-day event, Tuesday, August 1, 2006, co-located
with the 15th USENIX Security Symposium in Vancouver, B.C., Canada.
Beginning first thing in the morning, with meals taken in the meeting room,
and extending into the evening.
Attendance will be by invitation and limited to 50 participants. All
participants will be expected to "come with opinions" and be willing to
address the group in some fashion, formally or not. Preference giventothe
authors of position papers/presentations who have actual work in progress.

Each presenter will have 10-15 minutes to present his or her idea, followed
by 15-20 minutes of discussion with the workshop participants. Panels may be
convened to present different approaches to related topics, and will be
steered by what sorts of proposals come in in response to this Call.

Goals and Topics

The goal of the workshop is to stimulate discussion of and thinking about
security metrics and to do so in ways that lead to realistic, early results
of lasting value. Potential attendees are invited to submit position papers
to be shared with all. Such position papers are expected to address security
metrics in one of the following categories:
- Benchmarking
- Empirical Studies
- Metrics Definitions
- Financial Planning
- Security/Risk Modeling
- Visualization
Practical implementations, real world case studies, and detailed models will
be preferred over broader models or general ideas.

How to Participate

Submit a short position paper or description of work done/ongoing. Your
submission must be no longer than five(5) paragraphs or presentation slides.
Author names and affiliations should appear first in/on the submission.
Submissions may be in PDF, PowerPoint, HTML, or plaintext email and must be
submitted to MetriCon AT securitymetrics.org.
Presenters will be notified of acceptance by June 15, 2006 and expected to
provide materials for distribution by July 15, 2006. All slides and position
papers will be made available to participants at the workshop. No formal
proceedings are intended.

Simultaneous submission of the same work to multiple venues, submission of
previously published work, and plagiarism constitute dishonesty. The
organizers of this Workshop as well as USENIX prohibit these practices and
will take appropriate action if dishonesty of this sort is found.

Location

MetriCon 1.0 will be co-located with the 15th USENIX Security Symposium
(Security ‚06).
Cost

$200 all-inclusive ofmeeting space, materials preparation, and meals for the
day.

Important Dates

Requests to participate: by May 15, 2006
Notification of acceptance: by June 15, 2006
Materials for distribution: by July 15, 2006

Workship Organizers

Andrew Jaquith, Yankee Group, Chair
Adam Shostack, emergentchaos.org
Gunnar Peterson, Artec Group
Elizabeth Nichols, ClearPoint Metrics
Pete Lindstrom, Spire Security
Dan Geer,Verdasys