Microsoft is releasing a new tool that uses artificial intelligence to find and detect software bugs. The Microsoft Security Risk Detection tool, previously known as Project Springboard, will be available by the end of the summer.
“The tool is designed to catch the vulnerabilities before the software goes out the door, saving companies the heartache of having to patch a bug, deal with crashes or respond to an attack after it has been released,” the company wrote in a blog.
This type of software security strategy is called fuzz testing. According to the company, while companies have practiced fuzz testing in the past, today it is becoming too complex to do it manually. Microsoft Security Risk Detection acts as a helping hand to fuzz testing by asking “what if” questions to determine a crash or concern, Microsoft explained.
“We use AI to automate the same reasoning process that you or I would use to find a bug, and we scale it out with the power of the cloud,” said David Molnar, a Microsoft researcher.
The solution’s process involves: Uploading binaries, running multiple fuzzers, identifying high-value bugs, and fixing bugs.
DocuSign, an early adopter of the tool, used the tool to find potential problematic bugs. According to the senior director of software security at DocuSign, John Heasman, the risk detection tool made it easy to avoid potential attacks, and release high-quality software with assurance. The number one benefit for the team was that the solution rarely reported back false positives.