Some major projects have come out of Microsoft's Ignite conference today, and among them is the preview of “Project Springfield.” The tool has origins in Microsoft Research, and focuses primarily on finding security vulnerabilities.
It does this through so-called “fuzz-testing.” Software is given unexpected inputs so that developers can find gaps in security. However, this is nothing new – it's the project's use of AI that sets it apart.
Use of AI in Project Springfield
According to senior content manager Alison Linn, Microsoft is utilizing an idea she calls “white box fuzz testing:”
“It uses artificial intelligence to ask a series of “what if” questions and make more sophisticated decisions about what might trigger a crash and signal a security concern,” Linn explains, “Each time it runs, it gathers data to hone in on the areas that are most critical.”
The result is a tool that can find vulnerabilities other software misses, and Microsoft has had plenty of success with it so far. A core component of the project is SAGE, a tool the company has been using since Windows 7.
SAGE accounted for one-third of all bugs found in the OS, and Microsoft published several research papers on the approach. However, until now the Redmond giant hasn't been able to offer it to the public.
Project Springfield is essentially a bundle of fuzz testing tools, including SAGE, in a simple interface. The goal is to make it more accessible to people outside of the security industry.
In addition, the project runs in the Azure cloud, so clients don't need huge data centers to run it. It's a powerful tool that's now in the hands of anybody who needs it. In fact, a number of organizations are using it already, including Ernst & Young and Deschutes Brewery.
“I actually view it as a collaboration,” says Peter Lee, vice president of Microsoft Researcher New Experiences and Technologies division.“In my mind, we're doing the research together.”
That research will only grow with the expansion of the tool, and according to Lee, this is the key to staying ahead of attackers. As a result, Project Springfield is open for sign up today.
You can find out more about the project on the official website.