[SC-L] Microsoft Pushes Secure, Quality Code
Steven M. Christey
coley at linus.mitre.org
Mon Oct 8 13:14:53 EDT 2007
Interesting that attack surface isn't included, given that Microsoft was
one of the earliest advocates of attack surface, a metric that is likely
strongly associated with the number of input-related vulnerabilities.
It's probably hard to do perfectly, though, especially if any third-party
APIs are involved.
Are there any tools out there that try to measure attack surface? Has
anybody had any experience in trying to apply it?
- Steve
More information about the SC-L
mailing list