Attack Surface Score for Software Systems

Attack Surface Score for Software Systems

Software attack surfaces define the external boundaries—entry points, communication channels, and sensitive data stores through which adversaries may compromise a system. This paper introduces a scoring mechanism that produces a normalized attack-surface metric in the range of 0–1. Building on the e...

Full description

Saved in:

Bibliographic Details
Main Authors:	Yudeep Rajbhandari, Rokin Maharjan, Sakshi Shrestha, Tomas Cerny
Format:	Article
Language:	English
Published:	MDPI AG 2025-07-01
Series:	Future Internet
Subjects:	security vulnerability attack surface static code analysis common vulnerabilities and exposures (CVE) common weakness enumeration (CWE)
Online Access:	https://www.mdpi.com/1999-5903/17/7/305
Tags:	Add Tag No Tags, Be the first to tag this record!

Similar Items

ALDExA: Automated LLM-Assisted Detection of CVE Exploitation Attempts in Host-Captured Data
by: Niclas Ilg, et al.
Published: (2025-01-01)

A Case Study on Monolith to Microservices Decomposition with Variational Autoencoder-Based Graph Neural Network
by: Rokin Maharjan, et al.
Published: (2025-07-01)

Comparative evaluation of approaches & tools for effective security testing of Web applications
by: Sana Qadir, et al.
Published: (2025-04-01)

About Detection of Code Reuse Attacks
by: Yury V. Kosolapov
Published: (2019-06-01)

Research on network attack analysis method based on attack graph of absorbing Markov chain
by: Haiyan KANG, et al.
Published: (2023-02-01)

Advanced Persistent Threats and Wireless Local Area Network Security: An In-Depth Exploration of Attack Surfaces and Mitigation Techniques
by: Hosam Alamleh, et al.
Published: (2025-05-01)

A Hybrid Graph-Based Risk Assessment and Attack Path Detection Model for IoT Systems
by: Ferhat Arat, et al.
Published: (2025-01-01)

Dangerous attack paths analysis for power networks based on adaptive limited depth search and improved Z-score pruning
by: Mu Chen, et al.
Published: (2024-12-01)

Survey of software assurance
by: FANG Bin-xing1, et al.
Published: (2009-01-01)

Survey of software assurance
by: FANG Bin-xing1, et al.
Published: (2009-01-01)

Model of Social Influence in Analysis of Socio-engineering Attacks
by: T. V. Tulupieva, et al.
Published: (2021-10-01)

Design and implementation of OSPF vulnerability analysis and detection system
by: Zun-ying QIN, et al.
Published: (2013-09-01)

Machine Learning Models for DDoS Detection in Software-Defined Networking: A Comparative Analysis
by: Ferdiansyah Ferdiansyah, et al.
Published: (2024-09-01)

Design and implementation of national security vulnerability database
by: ZHANG Yu-qing1, et al.
Published: (2011-01-01)

On the Validity of Traditional Vulnerability Scoring Systems for Adversarial Attacks Against LLMs
by: Atmane Ayoub Mansour Bahar, et al.
Published: (2025-01-01)

Psychological Aspects of the Organization’s Information Security in the Context of Socio-engineering Attacks
by: T. V. Tulupieva
Published: (2022-03-01)

Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases
by: Anna Felkner, et al.
Published: (2024-11-01)

Evaluation method of network attack effect based on attack tree and CVSS
by: Pan Gang, et al.
Published: (2022-04-01)

Research of the aviation personnel vulnerability profile to social engineering attacks
by: A. K. Volkov, et al.
Published: (2020-04-01)

AI Under Attack: Metric-Driven Analysis of Cybersecurity Threats in Deep Learning Models for Healthcare Applications
by: Sarfraz Brohi, et al.
Published: (2025-03-01)

Methods for assessing the level of security of software of automated systems of internal affairs bodies and directions for their improvement
by: I. G. Drovnikova, et al.
Published: (2024-01-01)

Research on key technology of vulnerability threat classification
by: Qi-xu LIU, et al.
Published: (2012-09-01)

Characterization of security defects and analysis of vulnerability criticality in software for automated systems of internal affairs bodies
by: I. G. Drovnikova, et al.
Published: (2024-04-01)

D3S: A Drone Security Scoring System
by: Bruno Branco, et al.
Published: (2024-12-01)

Urban land use and the spatial targets of terrorist attacks in Maiduguri City, Northeast Nigeria
by: Babagana Abdullahi, et al.
Published: (2025-01-01)

Effect of the difference enumeration attack on LowMC instances
by: Xinxin GE, et al.
Published: (2021-06-01)

Real‐time implementation for vulnerability of power components under switching attack based on sliding mode
by: Seema Yadav, et al.
Published: (2024-12-01)

Assessing Browser Security: A Detailed Study Based on CVE Metrics
by: Oleksii Chalyi, et al.
Published: (2025-02-01)

Improved meet-in-the-middle attack on reduced-round Kiasu-BC algorithm
by: Manman LI, et al.
Published: (2022-07-01)

Systematic Review of Current Approaches and Innovative Solutions for Combating Zero-Day Vulnerabilities and Zero-Day Attacks
by: Kubra Nilgun Karaca, et al.
Published: (2025-01-01)

A comprehensive survey on IoT attacks: Taxonomy, detection mechanisms and challenges
by: Tinshu Sasi, et al.
Published: (2024-11-01)

Task-Oriented Adversarial Attacks for Aspect-Based Sentiment Analysis Models
by: Monserrat Vázquez-Hernández, et al.
Published: (2025-01-01)

AN OVERVIEW OF THE MAIN WAYS TO IMPROVE THE ADS-B SYSTEM SECURITY
by: V. V. Kosianchuk, et al.
Published: (2019-02-01)

Hardcoded vulnerability detection approach for IoT device firmware
by: Chao MU, et al.
Published: (2022-10-01)

Roku: A payload Generator Framework for Advanced System Exploitations
by: Alexandru-Cristian BARDAS
Published: (2025-01-01)

A Robust Framework for Comprehensive Container Image Vulnerability Assessment
by: Youngsoo Kim, et al.
Published: (2025-01-01)

Features of using Markov decision-making processes when modeling attacks on artificial intelligence systems
by: Igor A. Vetrov, et al.
Published: (2024-10-01)

Smallholder farmers’ livelihood vulnerability to climate change in Metuge district, Northern Mozambique
by: Heráclito Rodrigues Comia, et al.
Published: (2025-01-01)

A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories
by: Hannelore Sebestyen, et al.
Published: (2025-02-01)

SECURING WEB APPLICATIONS WITH OWASP ZAP FOR COMPREHENSIVE SECURITY TESTING
by: S. P. Maniraj, et al.
Published: (2024-12-01)