Dana Epp’s blog has a post about a source code complexity scoring system by Mark Miller. I have long been a critic of using the public vulnerability seeking "ugly contest" as a measurement for comparative software security. Scores like Miller’s are crucial to our understanding of the amount of risk that a piece of software introduces into the environment when it is installed.