Currently, our metrics are based on reachability, computed as a percentage of nodes that can be reached from an entry point or that reach an exit point.
Three new attack surface metrics being considered are:
Proximity to Entry/Exit Surface - Measure of the nearness or remoteness of a function to the entry or exit attack surface of a software system.
Surface Coupling with Entry/Exit Surface - Measure of the number of ways in which data enters a function from the entry attack surface or number of ways in which data exits a function through the exit attack surface of a software system.
Attack Surface Betweenness - Measure of the importance of a function that is connected to the attack surface (either entry or exit or both) of a software system.
We need to refine our function-level metrics that will be columns in the results table described in #19.
Write up the definitions here and we'll make them separate issues.