Starting next week, the index will separate the most recent editions of its software from older versions.
One column in the index will show the ratings for Windows 7, Office 2010, Server 2008 R2 and the like; the other will post exploitability scores for older software.
Microsoft argued that change "makes it easier for customers on recent platforms to determine their risk, given the extra security mitigations and features built in to Microsoft's newest products."
Storms agreed -- up to a point. "They clearly want to show that their newer software is the least risky," he said, discerning some marketing behind the move.
"And I think that this could be confusing to some people," Storms added, citing the requirement for many enterprises to have to check two scoreboards, not just one.
In a detailed blog post on the exploitability index change, Maarten Van Horenbeeck, a senior security program manager at Microsoft, cited statistics to back up the company's assertion that its newer software is more secure.
Of the 256 exploitability ratings Microsoft has given in the last eight months, 97 were less serious or not applicable on the latest version of the affected product. "In contrast, only seven cases affected the most recent product version and not the older platforms," he said.
Microsoft publishes the exploitability index as part of its month security update summary. Next week's will be posted here.
The two updates will be released at approximately 1 p.m. ET on May 10.
Sign up for Computerworld eNewsletters.