EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Attack Surface Score for Software Systems

Yudeep Rajbhandari (), Rokin Maharjan (), Sakshi Shrestha and Tomas Cerny ()
Additional contact information
Yudeep Rajbhandari: Department of Computer Science, Baylor University, Waco, TX 76706, USA
Rokin Maharjan: Department of Computer Science, Baylor University, Waco, TX 76706, USA
Sakshi Shrestha: Department of Computing, East Tennessee State University, Johnson City, TN 37604, USA
Tomas Cerny: Department of Systems and Industrial Engineering, University of Arizona, Tucson, AZ 85721, USA

Future Internet, 2025, vol. 17, issue 7, 1-19

Abstract: Software attack surfaces define the external boundaries—entry points, communication channels, and sensitive data stores through which adversaries may compromise a system. This paper introduces a scoring mechanism that produces a normalized attack-surface metric in the range of 0–1. Building on the established Damage-Potential-to-Effort ratio, our approach further incorporates real-world vulnerability intelligence drawn from MITRE’s CVE and CWE repositories. We compute each application’s score by ingesting preliminary findings from a static-analysis tool and processing them through our unified model. To assess effectiveness, we validate the scoring system across a spectrum of scenarios, from a simple Java application to complex enterprise applications. The resulting metric offers development and security teams a concise, objective measure to monitor an application’s attack surface and hence proactively identify vulnerabilities in their applications. This tool can also be used to benchmark various third-party or dependent applications, enabling both developers and security practitioners to better manage risk.

Keywords: security; vulnerability; attack surface; static code analysis; common vulnerabilities and exposures (CVE); common weakness enumeration (CWE); OWASP; MITRE (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/7/305/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/7/305/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:7:p:305-:d:1701284

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-07-15
Handle: RePEc:gam:jftint:v:17:y:2025:i:7:p:305-:d:1701284