-
August 5th, 2008, 10:18 PM
#1
Microsoft Exploitability Index at Black Hat
Microsoft wants to buddy up to Black Hat attendees by discussing its new Exploitability Index.
A Better View of Microsoft Security? - InternetNews
The new exploitability index will supplement the patch Tuesday announcement with a new metric that will help users understand the risks that a given vulnerability may pose.
In order to gauge risk, Microsoft will detail with the exploitability index, whether or not exploit code exists or is likely to exist for a given vulnerability. The general idea is to help Microsoft customers to prioritize the importance of updates based on their likelihood of being exploited.
...Reavey explained that Microsoft will look at classifying vulnerabilities into three broad buckets. The first bucket will be highly exploitable vulnerabilities where Microsoft is of the opinion that exploit code that will work consistent is likely to be released inside of the first 30 days of the Microsoft patch being made available. The second bucked is if there is the possibility of an inconsistent exploit code that being produced that might work some of the time. The third bucket will identify vulnerabilities for which Microsoft believes it is unlikely that exploit code will be released inside of 30 days.
There's also the community-driven Microsoft Active Protections Program (MAPP) that gives advance notice on vulnerabilities and upcoming patches to partners. Does this mean good-bye to the finger pointing among software vendors after a disastrous patch?
Similar Threads
-
By mohaughn in forum Microsoft Security Discussions
Replies: 1
Last Post: August 9th, 2005, 07:37 PM
-
By mohaughn in forum Microsoft Security Discussions
Replies: 2
Last Post: October 13th, 2004, 04:31 AM
-
By hjack in forum Code Review
Replies: 0
Last Post: March 7th, 2004, 09:20 PM
-
By spools.exe in forum Microsoft Security Discussions
Replies: 0
Last Post: September 15th, 2003, 09:47 PM
-
By NUKEM6 in forum Non-Security Archives
Replies: 10
Last Post: January 24th, 2002, 06:21 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|