Attackers often target software accessible over the Internet, highlighting the importance of understanding your application's attack surface. Measuring this surface is challenging, but knowing each feature and its access points is crucial. While one approach to threat modeling focuses on the severity and prevalence of vulnerabilities, the priority remains on identifying zero day bugs that pose serious risks.