Concerns about security have got a lot of new attention, both in a research field and public debate, after the 1st MeSSa workshop. Systematic approaches to measure security are needed in order to build secure software systems and to offer security evidence for users. On one hand, security measuring from software architectures is needed to produce sufficient evidence of security level as early as a software design phase. Consequently, design-time security measuring supports security-by-design approach. On the other hand, software architectures have to support runtime security measuring to obtain up-to-date security information from an online software system or service. Security measuring is exploited in situation-awareness and self-adaptive security. The systematic definition of security metrics and security assurance metrics is a young field that still lacks widely accepted definitions of metrics and applicable measuring techniques for design-time and runtime security monitoring. The workshop will provide a forum for dissemination, demonstration and discussion of original scientific and experimental results of security measurement topics.