CONCEPT Cited by 1 source

Attack surface minimization

Attack surface minimization is the design discipline of keeping the set of code paths / APIs / parsers / features reachable by untrusted input as small as possible. It's the first pillar of a well-designed security posture: before defending code, remove code that doesn't need to be reachable.

The framing

Meta's WhatsApp security team names it explicitly as the first of its three risk-reduction strategies (2026-01-27):

1. Design the product to minimize unnecessary attack surface exposure.
2. Invest in security assurance for the remaining C/C++ code.
3. Default the choice of memory-safe languages — and not C/C++ — for new code.

The ordering matters. (1) is the highest-leverage because every reachable code path is a potential bug site; shrinking the set shrinks the vulnerability budget proportionally. (3) bounds new growth; (2) mitigates legacy. All three together form Meta's stack; attack-surface minimization is what makes (2) and (3) affordable.

Practical moves

• Feature gating — if a feature isn't in use, don't expose its code path to untrusted input.
• Input taxonomy + type-whitelist — only accept file types / protocols / encodings you actually need.
• Protocol subsetting — disable ciphersuites, TLS versions, HTTP methods, content-encodings that no legitimate client uses.
• Sandboxing — even if you must reach the risky code, bound its reachable capabilities (process privilege, filesystem, network).
• Dangerous-type blocking — Meta's Kaleidoscope flags known-dangerous file types (executables / applications) for special handling, reducing the probability of a user double-clicking into a hazard.

Relationship to concepts/defense-in-depth

Attack-surface minimization is a precondition, not a layer. The layered defenses of defense-in-depth cost proportionally to the size of the attack surface they cover — the smaller the surface, the cheaper each layer is to implement correctly and the better it performs. Shrinking the surface makes each subsequent defense stronger and cheaper.

Seen in

• sources/2026-01-28-meta-rust-at-scale-an-added-layer-of-security-for-whatsapp — canonical wiki source. Meta's three-pillar risk reduction strategy names attack-surface minimization as the first pillar. Kaleidoscope's dangerous-type flagging + file-type-spoof detection are practical attack-surface-minimization moves.

Related

• concepts/defense-in-depth
• concepts/memory-safety
• concepts/os-library-vulnerability-ungovernable
• patterns/memory-safe-language-for-untrusted-input