Microsoft Exploit Predictions Right 40% of Time

Posted by timothy on Thursday November 13, 2008 @11:54PM from the statistics-94pct-nonsense dept.

CWmike writes "Microsoft today called its first month of predicting whether hackers will create exploit code for its bugs a success — even though the company got its forecast right just 40% of the time for October. 'I think we did really well,' said Mike Reavey, group manager at the Microsoft Security Research Center (MSRC), when asked for a postmortem evaluation of the first cycle of the team's Exploitability Index. 'Four of the [nine] issues that we said where consistent exploit code was likely did have exploit code appear over the first two weeks. And another key was that in no case did we rate something too low.' Microsoft's Exploitability Index was introduced last month."

1 of 182 comments (clear)

Min score:

Reason:

Sort:

Re:This is why Microsoft software sucks by abigsmurf · 2008-11-14 00:23 · Score: 4, Interesting

No it isn't. Unless of course you assume that for every bug hackers flip a coin and go "heads, I'll write an exploit for this".
40% accuracy in predicting with no false negatives? There are plenty of distaster agencies around the world who would be incredibly pleased with that kind of accuracy