Collecting and sharing reliable, fact-based security metrics is a struggle in the enterprise specifically, and the security community in general. The fear of transparency and accountability has information security treading water. But is sharing security metrics the lifeline some think it is? Will it make us better security practitioners or divert critical resources from the front lines?