Consumers and businesses increasingly rely on computing systems (e.g., smartphones, tablets, laptops, etc.) to store and manage sensitive data. Consequently, malicious programmers seem to continuously increase their efforts to gain illegitimate control and access to these computing systems through the use of viruses, Trojan horses, worms, and other programs meant to compromise computing systems and data belonging to other people.
The level to which a computing system is exposed to malicious attacks may be based on the level to which software components (e.g., the operating system and applications) running on the computing system are exposed to malicious attacks. Typical methods for determining the level to which a software component is exposed to malicious attacks may include a direct examination of how the software component is configured. For example, the level of exposure to malicious attacks of a software component may be estimated through a direct examination of the software component's source code and/or default configuration (e.g., the number of running services or open ports of the software component). Unfortunately, estimating malicious-attack exposure levels through direct examination may inadequately estimate real-world malicious-attack exposure levels. Accordingly, the instant disclosure addresses a need for additional and improved systems and methods for determining malicious-attack exposure levels based on field-data analysis.