Attack Surface Score for Software Systems
Software attack surfaces define the external boundaries—entry points, communication channels, and sensitive data stores through which adversaries may compromise a system. This paper introduces a scoring mechanism that produces a normalized attack-surface metric in the range of 0–1. Building on the e...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-07-01
|
| Series: | Future Internet |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1999-5903/17/7/305 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Software attack surfaces define the external boundaries—entry points, communication channels, and sensitive data stores through which adversaries may compromise a system. This paper introduces a scoring mechanism that produces a normalized attack-surface metric in the range of 0–1. Building on the established Damage-Potential-to-Effort ratio, our approach further incorporates real-world vulnerability intelligence drawn from MITRE’s CVE and CWE repositories. We compute each application’s score by ingesting preliminary findings from a static-analysis tool and processing them through our unified model. To assess effectiveness, we validate the scoring system across a spectrum of scenarios, from a simple Java application to complex enterprise applications. The resulting metric offers development and security teams a concise, objective measure to monitor an application’s attack surface and hence proactively identify vulnerabilities in their applications. This tool can also be used to benchmark various third-party or dependent applications, enabling both developers and security practitioners to better manage risk. |
|---|---|
| ISSN: | 1999-5903 |