Researchers from the University of Maryland propose new security metrics that can help enterprises understand risks to their products and prioritize patching and vulnerability management. The new metrics, the researchers said, can help system and network administrators get a more accurate risk assessment of their environments. The researchers examined every version of Windows, from XP to XP to. recent versions of Adobe Reader, Office and Internet Explorer. They concluded that fewer than 35 percent of disclosed vulnerabilities in any of those products are ever exploited. The proposed metrics are: A count of vulnerabilities exploited in the wild,. an exploitation ratio which is the proportion of disclosed. vulnerabilities for a product within a certain time frame.
Source: https://threatpost.com/new-research-refines-security-vulnerability-metrics/108420/