Security Risk Detection is Microsoft’s unique fuzz testing service for finding security critical bugs in software, previously known as Project Springfield, is a cloud-based tool.
The tool is designed to catch the vulnerabilities before the software goes out the door, saving companies the heartache of having to patch a bug, deal with crashes or respond to an attack after it has been released.
Risk-detection service can act as a sort of additional helper, augmenting the work developers already do by using artificial intelligence to look for security problems.
What is fuzz testing?
Fuzz testing is one of many security measures experts recommend for keeping systems safe. It looks for vulnerabilities that could allow bad actors to launch malicious attacks or simply crash the system. Fuzz testing is designed to find the vulnerabilities; developers can then use other tools to fix the bugs, mitigate the risk or explore another solution.
Roots in Microsoft’s own security testing
Microsoft itself has been using a key component of Microsoft Security Risk Detection, called SAGE, since the mid-2000s, starting with versions of Windows, Office and other products. The risk detection tool is currently being used by several product teams as part of the Microsoft Security Development Lifecycle.
Microsoft Risk Detection Service bundles SAGE with other fuzzing tools, and adds a user-friendly dashboard and other tools. It runs on the Microsoft Azure cloud.
Developers can sign up to learn more about the Windows version or Linux preview on the Microsoft Security Risk Detection website.