维基百科上的解释
The attack surface of a software environment is the sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment.
我能理解出来的意思是,每一处未经授权的用户输入叫做attack vectors,那所有的攻击向量叫做attack surface