Given the increasing dependence of our societies on networked information systems, the overall security of these systems should be measured and improved. Existing security metrics have generally focused on measuring individual vulnerabilities without considering their combined effects. Our previous work tackle this issue by exploring the causal relationships between vulnerabilities encoded in an attack graph. However, the evolving nature of vulnerabilities and networks has largely been ignored. In this paper, we propose a Dynamic Bayesian Networks (DBNs)-based model to incorporate temporal factors, such as the availability of exploit codes or patches. Starting from the model, we study two concrete cases to demonstrate the potential applications. This novel model provides a theoretical foundation and a practical framework for continuously measuring network security in a dynamic environment. Categories and Subject Descriptors D.4.6 [Security and Protection]: Invasive software (e.g., vir...