Software security failures are common and a long standing challenge to the research community. The authors can conceptualize the vulnerability of an application through its attack surface size. A system's attack surface is an indicator of the system's security. Unfortunately predicting software's future attack surface size during design phase in earlier stage of Software Development Life Cycle (SDLC) is largely missing. Their objective is to investigate the statistical relationship between system's attack surface with various size and complexity metrics to find a set of size and complexity metrics which is/are best suitable to predict software's future attack surface early in software development cycle.