Open Source Metrics On Tap For Security Patch Management - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Open Source Metrics On Tap For Security Patch Management

User Rating:

How can I rate this item?

Posted by Dave Wreski

Securosis, Microsoft team up to solicit input for building a metrics model that measures efficiency and costs of security patching. Security consulting firm Securosis is spearheading a new effort to create metrics to quantify the cost and efficiency of an organization's security patching process.

Rich Mogull, founder of Securosis, says to date there's no real way to accurately measure the cost and productivity of an organization's security patch management process. "Those fully quantified [IT] risk models don't apply and the numbers aren't accurate," he says. "It's also bothered me to see those uber-metrics approaches that get an overview of everything in the security program. So why not start with one thing we can accurately measure and use it as a core for building security metrics?"

Securosis, with the financial backing of Microsoft for the initial phase of the project, will gather input in an open submission process for the so-called Project Quant metrics model. Version 1 is planned for release by the end of June.

Read this full article