A software system's attack surface metric measures the freedom of a potential attacker to influence the system's execution, potentially exploiting a security vulnerability. Existing attack surface metrics aim to measure the security impact associated with deploying an application or component; however, a systematic evaluation of various metrics' suitability for this purpose has not yet been performed. We outline a framework for formalizing code-level attack surface metrics and deployment-time activities that reduce the attack surface of an application. We also outline a tool for measuring the attack surface of a deployed web application, along with a method to retrospectively evaluate an attack surface metric over a corpus of known vulnerabilities.
Owing to the inherent difficulty in obtaining experimental data from wikis, past quantitative wiki research has largely focused on Wikipedia, limiting the ability to generalize such research. To facilitate the analysis of wikis other than Wikipedia, we developed WikiCrawler, a tool that automatically gathers research data from public wikis without supervision. We then built a corpus of 151 wikis, which we have made publicly available. Our analysis indicated that these wikis display signs of collaborative authorship, validating them as objects of study. We then performed an initial analysis of the corpus and discovered some similarities with Wikipedia, such as users contributing at unequal rates. We also analyzed distributions of edits across pages and users, resulting in data which can motivate or verify mathematical models of behavior on wikis. By providing data collection tools and a corpus of already-collected data, we have completed an important first step for investigations that analyze user behavior, establish measurement baselines for wiki evaluation, and generalize Wikipedia research by testing hypotheses across many wikis.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.