Always accurate, insightful, and irreverent, there's another great post over on the Layer 8 blog, this time taking aim at the "security metrics" landscape. "The meaning of metrics" has a great take on metrics, and really separates reality from navel-gazing. It also provides some memorable quips and quotes. I especially like:
"Keep applying the “so what?” criterion to your metrics."
and words to live by:
"Don’t be a metrics wanker."
Jack