Microsoft announces new tool to find, fix bugs at scale

0

Microsoft has introduced a new tool on its open source repository GitHub that will further help developers and security researchers find and remove critical bugs.

Called Project OneFuzz, it is an extensible fuzz testing framework for Azure Cloud.

Available through GitHub as an open-source tool, the testing framework used by Microsoft Edge, Windows, and teams across the company is now available to developers around the world.

“Fuzz testing is a highly effective method for increasing the security and reliability of native code — it is the gold standard for finding and removing costly, exploitable security flaws,” said Justin Campbell Principal Security Software Engineering Lead, Microsoft Security.

“Enabling developers to perform fuzz testing shifts the discovery of vulnerabilities to earlier in the development lifecycle and simultaneously frees security engineering teams to pursue proactive work”.

Earlier this year, Microsoft announced that it would replace the existing software testing experience known as Microsoft Security and Risk Detection with an automated, open-source tool as the industry moved toward this model.

The global release of Project OneFuzz, said Microsoft, is intended to help harden the platforms and tools that “power our daily work and personal lives to make an attacker’s job more difficult”.

Project OneFuzz is available now on GitHub under an MIT license.

–IANS

LEAVE A REPLY

Please enter your comment!
Please enter your name here