-
Mitigating Security Threats by Minimizing Software Attack Surfaces
An important method for improving the security of software is to assess and minimize the system's "attack surface." In this report, we provide a conceptual understanding of attack surfaces and explore how to use this concept to improve security of both internally-developed software as well as systems purchased as off-the-shelf software. We conclude by recommending best practices for limiting attack opportunities on IT systems. (4 pp., 2 figs.) [Executive Summary]
May, 2008