Reduction of the attack surface: is that specific enough?

Question

Reduction of the attack surface: is that specific enough?

ioggstream opened this issue 2 years ago · 2 comments

I expect

"reduction of the attack surface" should be described and classified better
can be implemented via various techniques, such as software inventory and application and configuration hardening
is it PatchManagement ?

Note

Using d3fend classification, this is related to:

        # PlatformHardening
        - LocalFilePermissions
        - SystemConfigurationPermissions
        # ApplicationHardening 
        - DeadCodeElimination
        - ApplicationConfigurationHardening
        # AssetInventory
        - SoftwareInventory

Answer 1 · 2024-07-20T02:10:25.000Z

This issue has been automatically marked as stale because it has not had recent activity. 📆 It will be closed automatically in one week if no further activity occurs.

Answer 2 · 2024-07-27T02:11:27.000Z

This issue was closed because it has been stalled for 7 days with no activity.