Microsoft Releases Long-Awaited Security Tool, Sets Linux Preview

Microsoft Releases Long-Awaited Security Tool, Sets Linux Preview

By David Jones

Jul 25, 2017 1:25 PM PT

Microsoft has released its long-awaited cloud-based bug detection tool, previously code-named “Project Springfield.” The Windows version became generally available, and a new Linux version became available as a preview last week.

The tool, Microsoft Security Risk Detection, uses artificial intelligence to hunt down security vulnerabilities in software that is about to be released.

Microsoft Security Risk Detection will help developers do fuzz testing, said David Molnar, the Microsoft researcher in charge of the group that developed the tool. Fuzz testing normally is done using outside consultants to test new software. Its purpose is to make sure vulnerabilities can be weeded out before the product goes into wide release to avoid the necessity of patching them on the back end.

The service uses artificial intelligence to ask particular “what if” questions about new software, focusing on critical areas that might be vulnerable to attack by bad actors.

Microsoft first released a test version of the service last year. Docusign, a firm that specializes in automated electronic signatures, is one of the companies that volunteered to try it out.

The tool helped Docusign weed out bugs in its software and almost never returned false positives, according to John Heasman, senior director of software security at the company.

The low rate of false positives is very important, he said, because companies typically have to spend a lot of time tracking down false positives, which uses time that otherwise could be devoted to investigating legitimate threats.

Add a Comment

Your email address will not be published. Required fields are marked *