DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
October 16, 2019 
Main Menu
News archives

Who's Online
There are currently 177 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Microsoft exploit predictions were 40% accurate last month

Posted on Friday, November 14 2008 @ 17:33:42 CET by

Microsoft reports its first month of predicting whether hackers will create exploits for its bugs was a success - even though they only got it right 40% of the time. The software giant expected consistent exploit code was likely for nine October vulnerabilities but only four of the vulnerabilities were actually exploited. None of the bugs they rated were rated too low.
"I think we did really well," said Mike Reavey, group manager at the Microsoft Security Research Center (MSRC), when asked for a postmortem evaluation of the first cycle of the team's Exploitability Index. "Four of the issues that we said where consistent exploit code was likely did have exploit code appear over the first two weeks. And another key was that in no case did we rate something too low."

The index, launched last month, rates each vulnerability using a three-step system. It predicts, in descending order of severity, the probability that researchers or hackers would come up with a consistently working exploit or develop an exploit that works only some of the time, or whether they would fail to craft attack code at all.

The predictions are valid for the following 30 days, or until the next cycle of patches is released.

Of the nine October vulnerabilities marked "Consistent exploit code likely," four did, in fact, end up with exploit code available, said Reavey, for an accuracy rate of 44%. None of the nine tagged "Inconsistent exploit code likely" had seen actual attack code. But Microsoft correctly called the four bugs last month tagged with "Functioning exploit code unlikely." As Reavey said, exploit code did not appear for any of the four.

All told, Microsoft correctly predicted eight out of October's 20 vulnerabilities' exploitability, an accuracy rate of 40%. (One of the month's 21 bugs did not receive a rating, as Microsoft said public exploit code was already circulating, making a label moot.)
More info at ComputerWorld.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba