Threat Modelling Using an Attack Surface Metric
Measurement of software security is a long-standing challenge to the research community. At the same time, practical security metrics and measurements are essential for secure software development. Hence, the need for metrics is more pressing now due to a growing demand for secure software. In this paper, the authors propose using a software system's attack surface measurement as an indicator of the system's security. They formalize the notion of a system's attack surface and introduce an attack surface metric to measure the attack surface in a systematic manner.