Microsoft's 'Exploitability Index' Not Very Reliable

Kara Reeder

Microsoft's attempt to predict whether hackers will create reliable exploit code for its bugs are right only 27 percent of the time, admits the company.


Computerworld reports that the "Exploitability Index" was intended to give customers more information to decide which vulnerabilities should be fixed first. But it turns out that Microsoft correctly predicted exploits only a little more than one out of every four times. Andrew Storms, director of security operations at nCircle Network Security, points out:

That's not as good as a coin toss. So what's the point?

Still, Microsoft defends its predictions:

The higher false positive rate for Critical security bulletins can be attributed to the conservative approach used during the assessment process to ensure the highest degree of customer protection for the most severe class of issues.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data