MICROSOFT HAS ANNOUNCED the first preview of Project Springfield, a cloud-based tool designed to help devs spot "million dollar bugs" in Windows applications before they go public.
The aim of Project Springfield is to save developers the "costly effort" of having to release patches once a piece of software is already public.
Instead, the Azure-based service helps devs find bugs in their apps by combining fuzz testing, an automated way of testing code by throwing semi-random input at it, with artificial intelligence (AI) to learn which parts of the software are most critically affected by harmful inputs.
This AI, Microsoft claimed, can ask a series of 'what if' questions and make more sophisticated decisions about triggering a crash, allowing it to find vulnerabilities other fuzz testing tools miss.
The company said that Project Springfield, which it has been testing with a small number of customers and collaborators using it on a smaller scale than Windows and Office, is ideal for battle-testing apps that allow users to upload documents and other file types that may not be trustworthy.
Microsoft has used a part of Project Springfield called SAGE to find bugs in Windows and Office since the mid-2000s, and claimed that a third of the "million dollar" bugs in Windows 7 were found using this "whitebox fuzzing" technology.
Now a fully-fledged offering will become available for other organisations to use, and companies won’t need to run it on their own infrastructure.
"Project Springfield works on binaries, with no source code or private symbols needed," said Microsoft.
"You need to be able to install the software you deploy on a virtual machine that runs in Azure, provide a 'test driver' that exercises your software, and a set of sample inputs. Project Springfield uses these to create many test cases for exercising your program."
Once you've signed up, you can upload your binaries to Project Springfield so it can test your software in the cloud. It’ll then notify you if it's found a bug and grant access to test cases for reproducing the problem and understanding exactly what’s wrong.
The company hasn't said when it'll publicly launch the service, but you can sign up now to try the preview. µ
Slack, hack and crack
A flaw in the protocol affects iOS, macOS and Windows 10
Wig wearer has issue with non-wig-wearer