The set of ways in which an adversary can enter a system and potentially cause damage.

Extended Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.

Adapted from: Manadhata, P.K., & Wing, J.M. in Attack Surface Measurement, retrieved from; DHS personnel