The Complete Magazine on Open Source

Microsoft opens internal bug detection service to customers

, / 2094 0


Microsoft is expanding the reach of its internal bug detection service to external customers and partners. Called Project Springfield, the service was developed internally by Microsoft Research team in the 2000s to leverage a white-box fuzzing technology for finding security vulnerabilities in Windows, Office and other products.

Project Springfield was used by Microsoft engineers quite extensively for a long time. Several teams including the one working on Windows 7 has been using the project for years. The service uses fuzz testing to looks for vulnerabilities that could cause delays or crash the system or even give access to attackers for some serious malicious attacks.

“It uses artificial intelligence to ask a series of ‘what if’ questions and make more sophisticated decisions about what might trigger a crash and signal a security concern. Each time it runs, it gathers data to hone in on the areas that are most critical,” Microsoft Research’s NExT group writes in a blog post.

The NExT group is apparently finding potential ways to commercialise the original Project Springfield and bring it as an Azure-hosted service. Moreover, Microsoft is exploring verticals in AI research with the NExT team.

All this would offer a full-fledged bug detector to companies that are looking to save their time and money in protecting their existence from hackers.

Microsoft tested the preview version of Project Springfield with selected customers and partners last year. The Redmond company has now put up the link to sign up for preview access. It initially works with Windows binaries. However, its Linux support is also in the pipeline.