Information Technology News.


Detecting software flaws by subjecting the code to bad input?

Share on Twitter.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

September 27, 2016

Microsoft's understanding that 'blurring the cloud will somehow revolutionize security testing,' voiced in a research paper in 2010, has taken form with the start of Project Springfield-- an Azure-based service for detecting and identifying various software glitches by automatically subjecting the code to bad input.

To a lot of people, the concept is as controversial as it sounds. Originally introduced at the 2016 Ignite Conference in Atlanta, Georgia just yesterday, 'Project Springfield' offers software developers the ability to conduct continuous testing of binary files on VMs (virtual machines) running atop Microsoft Azure, in order to identify and eliminate software glitches that are so prevalent in the industry.

Allison Linn, a self-described technical writer for Microsoft, says that the company's research team in Redmund thinks about Project Springfield as a "million-dollar bug detector" because some software bugs cost that much to fix if left too long.

Case in point: a study released in 2002 by the U.S. National Institute of Standards and Technology estimated that on average, software glitches and coding errors cost the American economy between $22.2 and $59.5 billion annually (more like $79 billion in 2016 dollars).

Detecting and fixing software bugs before the product gets released can bring repair costs down significantly for most companies and various organizations.

Microsoft insists that about 30 to 35 percent of the million dollar security bugs in Windows 7 were found using its "whitebox fuzzing" technology, referred to internally as SAGE (scalable, automated, guided execution).

SAGE (not to be confused with the accounting software of the same name) is one of the components of Project Springfield.

Like other announcements echoing around Silicon Valley these days, AI (artificial intelligence) comes into play. For its part, Microsoft asserts that its system employs AI to ask questions and make better overall decisions about specific conditions that might cause code to crash in some applications.

Microsoft's whitebox fuzzing algorithm symbolically executes code from a starting input and develops subsequent input data based on various constraints from the conditional statements it encounters along the way.

MS' technology is distinct from blackbox fuzzing, which involves the sending of malformed input data without ensuring all the target paths have been explored.

So in essence, Blackbox Fuzzing thus has the potential to miss a critical test condition by chance, if that makes any sense.

Overall, the blurring lends itself to cloud computing because fuzzing software can run different tests in parallel using large amounts of available infrastructure.

However, Microsoft researchers Patrice Godefroid and David Molnar, in their 2010 research paper, argue that such computational elasticity matters less than the benefits of shared cloud infrastructure, although not everybody might agree on that claim.

"Hosting security testing in the cloud simplifies the process of gathering information from each enrolled application, rolling out updates, and driving improvements into future development," they asserted in their paper.

Source: Microsoft.


Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.