The set of ways in which an adversary can enter a system and potentially cause damage.
Extended Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
Adapted from: Manadhata, P.K., & Wing, J.M. in Attack Surface Measurement; DHS personnel