Robert Hensing's Blog

Software Security . . . and stuff.

MAPP + Exploitability Index == Protected Customers, Better Security Update Prioritization

MAPP + Exploitability Index == Protected Customers, Better Security Update Prioritization

  • Comments 1
  • Likes

Today we officially launched our MAPP program (http://www.microsoft.com/security/msrc/mapp/partners.mspx) and at the same time we also started providing exploitability information about our vulnerabilities to the world.  These two things are pretty huge.  The idea behind the exploitability index is to help customers understand which updates they should deploy immediately vs. which ones we don't think are as likely to be epxloited or exploited reliably (trivia:  Did you know that only about 30% of all of our vulns ever have exploit code written for them?). 

You can see the exploitability index for the October release here: http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

Here's the breakout of the numbering system used for the exploitability index - it uses 3 numbers - simple - like me: http://technet.microsoft.com/en-us/security/cc998259.aspx

Code monkey very simple man.

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment