Using Attack Surface Area and Relative Attack Surface Quotient to Identify Attackability of Windows Server 2003

by Wayne Maples [Published on 12 Aug. 2004 / Last Updated on 12 Aug. 2004]

416 KB Adobe Acrobat file - In March 2003, Microsoft engaged the Security and Technology Solutions practice of Ernst & Young LLP to validate the Relative Attack Surface Quotient (RASQ) model developed by Microsoft, which quantifies the relative "attackability" provided by each of its operating system platforms. The model provides a methodology to compute the attackability of Microsoft Windows server operating systems by describing potential exploit points and assigning a relative vulnerability level based on exploits that occur in the real world. Ernst & Young conclude that Windows Server 2003 is the least attackable operating system Microsoft has ever released.

Featured Links