Microsoft opens up its ‘million dollar’ bug-finder

Microsoft is previewing a cloud-based bug detector, dubbed Project Springfield, that it calls one of its most sophisticated tools for finding potential security vulnerabilities.

Project Springfield uses “whitebox fuzzing,” which uncovered one-third of the “million dollar” security bugs during the development of Windows 7. Microsoft has been using a component of the project called SAGE since the mid-2000s to test products prior to release, including fuzzing both Windows and Office applications. 

For this project, SAGE is bundled with other tools for fuzz testing, featuring a dashboard and other interfaces that enable use by people without an extensive security background. The tests are run using Microsoft’s Azure cloud.

To read this article in full or to leave a comment, please click here