Interesting that attack surface isn't included, given that Microsoft was
one of the earliest advocates of attack surface, a metric that is likely
strongly associated with the number of input-related vulnerabilities.
It's probably hard to do perfectly, though, especially if any third-party
APIs are involved.

Are there any tools out there that try to measure attack surface?  Has
anybody had any experience in trying to apply it?

- Steve
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Reply via email to