A bounds check on the Microsoft exploitability index
Launched in October 2008 by the Microsoft Security Response Center (MSRC), the Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates.
This index provides customers with guidance on the likelihood of functioning exploit code being developed for vulnerabilities addressed by Microsoft security updates. So, just how valuable is such an exploitability index and how should it be used? To help answers these questions, Immunity, Inc., a well respected player in the vulnerability research community, has conducted a third-party analysis of the exploitability index and presented its case in the form of a white paper.
[ Read more ]