Share this article

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft’s Project Springfield is a new cloud-based bug detector

3 min. read

Published onSeptember 26, 2016

published onSeptember 26, 2016

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Identifying security vulnerabilities in software is an important aspect of quality control. The numerous recent examples of massive data breaches of personal information are a testament to the important of enhancing cloud security. Given Microsoft’s transition to the “cloud-first, mobile-first” productivity solutions company, security has thus been placed front and center.

Today, Microsoft announced over at the official Microsoft blog the availability of apreview of a new cloud-based bug detector codenamed Project Springfield. The stakes are high, as Microsoft indicates:

Microsoft is making available to its customers one of the most sophisticated tools it has for rooting out potential security vulnerabilities in software including Windows, Office and other products.

The offering is code named Project Springfield, and up until now, the team that built it has thought of it as the million-dollar bug detector.

That’s because every time the system finds a potentially serious bug proactively, before a piece of software is released, it is saving a developer the costly effort of having to release a patch reactively, once the product is already public. With widely used software such as an operating system or productivity suite, deploying those patches can cost as much as $1 million, the researchers say.

Project Springfieldincludes technology that Microsoft has been using since the mid-2000’s, specifically the SAGE tool for conducting what’s called “fuzz testing.” But Project Springfield goes farther in finding errors in code:

Broadly speaking, fuzz testing works like this: The system throws random, unexpected inputs at a piece of software to look for instances in which those unforeseen actions cause the software to crash, signaling a security vulnerability.

Project Springfield builds on that idea with what it calls “white box fuzz testing.” It uses artificial intelligence to ask a series of “what if” questions and make more sophisticated decisions about what might trigger a crash and signal a security concern. Each time it runs, it gathers data to hone in on the areas that are most critical. This more focused, intelligent approach makes it more likely that Project Springfield will find vulnerabilities other fuzzing tools might miss.

Now, Microsoft is combining SAGE with other fuzz testing resources and adding in a dashboard to make the tools more accessible to users who are not necessarily security experts. Project Springfield runs on Azure as a cloud-based systems, providing data-center-scale resources to individual clients.

One of Microsoft’s goals with Project Springfield is shared by researchers across the company:

Project Springfield also has been developed at a time in which Microsoft researchers are getting more aggressive about quickly translating their groundbreaking research into tools customers can use.

With Project Springfield, Peter Lee, the corporate vice president in charge of Microsoft Research’s New Experiences and Technologies organization, said the team was determined to make sure it was “literally rubbing elbows” with the clients who were participating in an early preview of the system, having regular, face-to-face meetings to make sure it would meet their security needs.

“I actually view it as a collaboration,” he said. “In my mind, we’re doing the research together.”

You can learn more about Project Springfield, including organizations that are using the new technology, at the blog post. In the meantime, let us know in the comments below if this kind of cloud-based tool is a valuable next step in making software more secure and bug-free.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Microsoft’s Project Springfield is a new cloud-based bug detector#