Developers　need　suitable　metric　for　computer　system　security.　Metrics　must　adapt　to　conditions　of　computer　system＇s　environment.　Considering　the　ability　of　administrator　and　dynamic　environment　are　the　most　important　conditions　of　computer　system.　In　this　paper,　we　present　a　metric　for　computer　system　security　based　on　Evolutionary　Optimization.　Our　approach　considers　a　value　for　ability　of　administrator　to　protect　system　against　attacks.　Attack　process　in　this　paper　is　a　multi-step　process.　We　use　attack　graph　to　show　the　attack　paths　and　components　of　system.