Microsoft releases new cloud based fuzz testing service

Microsoft recently announced a new cloud based service which can identify the software bugs which are in applications which would be able to turn into vulnerabilities later. The new service that the company has created is called Project Springfield.

The service was announced during the Microsoft 2016 Ignite technology conference which took place in Atlanta this week. It is able to combine the artificial intelligence and the fuzz testing tools so that they can examine the binaries. The code will be run through the service with a purpose to stress the software and force it into crashing. Another function is that if the crash is examined, then the security issue could then be rooted out.

The fuzz code tools being used are not entirely new and actually date back to the 1980s. However, what Microsoft intends to do is to make the process faster and also simplify it. They plan to host the tools on the Azure platform, a way in which it will become easy to make it fast. This means a typical developer would have a 20 times scale than the side server testing.

The Microsoft Principal Researcher Patrice Godefroid was the one who led the development of the component which was named SAGE. Talking to reporters, Godefroid said that the tools had been used for the past decade. Microsoft said that the Project Springfield was also used during the Windows 8 formation, Microsoft said that they had been able to consider about a tenth of scenarios in one second.

SAGE is considered to be the centerpiece of the Project Springfield and has been available for the past six months. It was made available through a program that only a select fee customers had access to including the OSIsoft, one independent software developer.

The worldwide director of IoT at OSIsoft, Prabal Acharyya said that taking a software development perspective, the fuzz analysis of the code base has been truly helpful in the past. The SAGE component has not stopped getting intelligent. The code may not change but threats continually do, and the use of the Project Springfield software has been helpful in the fight against bugs, crashes and the various security holes.

In the Project Springfield case, the SAGE tool only works on the binaries, and there is mo source code needed. The software will be put on a virtual machine and the machine runs the Azure cloud service. A test driver will then set a sample input and create some test cases which exercise the software.

The Project Springfield is still in the limited mode and is currently only screening to the new customers.

Leave a Reply