Microsoft is making a cloud service that uses artificial intelligence to track down bugs in software generally available, and it will begin offering a preview version of the tool for Linux users as well. Microsoft Security Risk Detection, previously known as Project Springfield, is a cloud-based tool that developers can use to look for bugs and other security vulnerabilities in the software they are preparing to release or use. The tool is designed to catch the vulnerabilities before the software goes out the door, saving companies the heartache of having to patch a bug, deal with crashes or respond to an attack after it has been released.
Fuzz testing is one of many security measures experts recommend for keeping systems safe. It looks for vulnerabilities that could allow bad actors to launch malicious attacks or simply crash the system. Fuzz testing is designed to find the vulnerabilities; developers can then use other tools to fix the bugs, mitigate the risk or explore another solution. The Microsoft Security Risk Detection service is unique in that it uses artificial intelligence to ask a series of “what if” questions to try to root out what might trigger a crash and signal a security concern. Each time it runs, it hones in on the areas that are most critical, looking for vulnerabilities that other tools that don’t take an intelligent approach might miss.