In 1995, Netscape rolled out SSL, a protocol that's crucially dependent for its security on certificates created by third-party CAs, but for the first 1 1/2 decades of its existence no-one had ever tried to measure how effectively these were being handled. When a volunteer-run project by the EFF did finally examine the situation, they found a chaotic mess that still hasn't been fully untangled. This talk looks at various failures of measurement both in and outside the field of computer security where it's more widely encountered as revenue assurance, and applies lessons from that field to computer security mechanisms. https://its-now.science