With security established as a critical ICT attribute, one also needs to be able to scientifically quantify the levels of desired or achieved security assurance. This naturally needs to occur over the entire multi-level life-cycle of systems & services, e.g., from requirements elicitation to run-time operation and maintenance. Addressing such quantitative aspects, the QASA workshop aims to bring together researchers and practitioners interested in the research dimensions of quantification spanning dependability, security, privacy and risk.