First, it will collate all of your crashes and determine exactly how many there actually are. So for example, out of 60 crash reports, there may only be 2 or 3 actual problems.
The second thing it does is look at the type of crash and try to determine if the error is something that could be exploited by a malicious hacker. This means that more junior employees can work these bug issues without taking the time of more senior examiners. Jason Shirk from the Security Core team joined us to take a look at !exploitable.
Check out http://channel9.msdn.com/posts/PDCNews/Bang-Exploitable-Security-Analyzer/ for an interview on how it all works.
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer