Christopher Theisen gave a presentation on using stack trace analysis of crash dumps to approximate the attack surface of software systems. The goal is to help security engineers prioritize efforts by identifying which code is most exposed based on frequency of appearance in stack traces. An analysis of Windows and Firefox crashes found that a small number of files accounted for a large percentage of vulnerabilities. Considering stack trace depth revealed the areas with the highest flaw density to focus on first. The approach provides an initial attack surface model that can be refined over time as new code is added or removed. The shape of the attack surface model, such as many-to-many vs many-to-few, may also impact security.