Fuzz testing, one of the oldest methods of finding vulnerabilities and bugs in a software, is finally getting a dose of innovation thanks to Microsoft. Today at its Ignite conference in Atlanta, the Redmond giant announced a brand new security-oriented cloud service called Project Springfield.
Project Springfield, Microsoft says, is a million-dollar bug detector. Why? Because the Microsoft Research development is a fuzz tester that detects vulnerabilities that people could exploit by giving software random input. Essentially, this prevents a developer from releasing a buggy software and then spending millions of bucks on deploying patches to fix it. S singularly evil plan right? Well, hopefully with Microsoft’s new detector, it won’t work anymore.
Sure, there are hundreds, if not thousands of fuzzy detectors out there. But Project Springfield differentiates itself with the use of Artificial Intelligence that makes it that much more effective. Also, it runs on Microsoft’s cloud layout, making it more reliable than any other tool.
Project Springfield builds on that idea with what it calls “white box fuzz testing.” It uses artificial intelligence to ask a series of “what if” questions and make more sophisticated decisions about what might trigger a crash and signal a security concern. Each time it runs, it gathers data to hone in on the areas that are most critical.
The company had been testing the software with a small number of customers and collaborators using it on a smaller scale than Windows and Office. Now, however, the company is offering Springfield in full, for those who are interested. The company announced that any developer or organization can now have access to a free preview of the tool.
Surprisingly enough, the tech giant itself has been using a key component of Project Springfield, called SAGE, since the mid-2000s, testing products including Windows 7, prior to releasing them.
Project Springfield works on binaries, with no source code or private symbols needed.
Microsoft says on a website about Project Springfield. Speaking about the requirements and the use case scenarios, Microsoft said,
You need to be able to install the software you deploy on a virtual machine that runs in Azure, provide a ‘test driver’ that exercises your software, and a set of sample inputs. Project Springfield uses these to create many test cases for exercising your program.