Microsoft rolls out cloud-based fuzzing tool

Microsoft has released a software bug finding tool that the company says will help developers identify flaws and vulnerabilities before software under development is released.

Code-named "Project Springfield", the tool was announced as a preview in September last year.

It performs what is known as fuzzing, which involves entering large amounts of random data into a software system to see if this causes unexpected behaviour or crashes that can be exploited for attacks.

Microsoft said companies would usually hire security experts to conduct fuzz testing, if they did it all.

"As the sheer volume of software that companies create and use has increased, it’s gotten harder to keep up with the dizzying pace of testing so much software – but more important than ever to keep systems safe from attackers," the company said.

Microsoft's Security Risk Detection (MSRD) tool uses artificial intelligence to automate the reasoning process that security experts use to find bugs, and augments this with cloud-based scaling.

MSRD lets developers test their software in a virtual machine, along with a program that runs through different fuzzing scenarios, to find potential bugs. Results are accessible via a web-based portal.

The new tool has its origin in Microsoft's Scalable, Automated, Guided Execution (SAGE pdf) whitebox fuzzer, which the company has used since the mid-2000s to test several products including Windows 7 prior to release.

A preview of MSRD for Linux is also available for coders who program across multiple platforms.