Beta measures are used in financial analysis to measure the volatility of a stock relative to the market. A beta of one means that the volatility of one stock is the same as the volatility of the market itself. Higher than one is more volatile (which equals more risk); less than one is less volatile (less risk).

Every once in a while, I get to thinking whether a beta-like measure would be beneficial to the security space. I am not convinced, but I do have a scenario. We could compare the relative "unpopularity" of a particular software platform by comparing the number of vulnerabilities found over some period to the average number of vulnerabilities for some "S&P 500" index of the top 10, 20, or 30 platforms.

Given that this is a time-oriented metric, and is used in the stock market world to assist in stock purchases, it is not clear to me how this number could drive security decisionmaking (we are very unlikely to switch platforms back and forth), but perhaps it would be another metric for threat analysis.