Profile image
Story Views

Last Hour:
Last 24 Hours:

Microsoft Azure Cloud Opens up for Bug Hunting

Tuesday, October 4, 2016 2:44
% of readers think this story is Fact. Add your two cents.

Latest News

Microsoft has recently launched Project Springfield. This project allows for “fuzzing”, which I believed to revolutionize the way security is tested. Bug hunting on the Azure cloud is now open for business, and many people have already joined.

Microsoft is convinced that security testing can be revolutionized by “fuzzing” in the cloud. This is a statement that they made in 2010, and one that they have clearly been committed to ever since. They have now launched Project Springfield, which is a service based on Azure that by putting code to bad input automatically allows software flaws to be identified.

At the recent Microsoft Ignite conference, which was held in Atlanta, GA, the project was introduced and explained. Essentially, it has given developers the opportunity to continuously conduct tests of any binary files found on virtual machines that operate under Microsoft Azure. In so doing, they should be able to identify bugs and eliminate them.

According to Microsoft, the team currently sees Project Springfield as the best bug detector in the world (a “million dollar” one to be exact). This is because, if a bug is left, it may actually cost as much as a million dollars to fix it. Naturally, these costs vary depending on the nature of the bug and how long it is left.

The U.S. National Institute of Standards and Technology released a study in 2002 in which they estimated that between $22.2 billion and $59.5 billion is spent every year on software bugs. Considering this piece of research is quite old, it is estimated that it costs the U.S. economy closer to $79 billion per year now. As such, if it is possible to catch a software bug before it actually gets released to the public, then repair costs could be significantly decreased.

According to Microsoft, as much as 33% of their Windows 7 security bugs were found through the technology known as “whitebox fuzzing”. They changed the name from SAGE (scalable, automated, guided execution), with SAGE now being an integral part of Project Springfield instead.

Of course, Microsoft has also pointed towards the need for better artificial intelligence, which is the hot topic in Silicon Valley right now. According to the software giant, Microsoft’s new system uses artificial intelligence in order to ask questions while at the same time enabling it to make decisions that they believe will cause a crash in the code.

The whitebox fuzzing Microsoft algorithm executes code from a specific start input. In then develops further input data by looking at and understanding the conditional statements that it comes across along the way. This is very different from “blackbox fuzzing”, because this means malformed input data is actually sent without first checking that all the possible target paths have been reviewed. This means that blackbox fuzzing could possibly miss critical test conditions without anybody ever knowing about it.

Fuzzing is a fantastic tool within cloud computing. This is because software that can fuzz is also able to run multiple tests parallel to each other, using huge parts of the infrastructure that is available to them. However, the main benefit is that there is a shared cloud infrastructure, not that it has computational elasticity. This is something Microsoft already discussed in their 2010 research paper written by David Molnar and Patrice Godefroid.

A representative from, who was present at the conference, said: “It is really clever that they now host their security testing on their own cloud. This makes the whole process of getting information together so much easier. It also ensures improvements in future tools can be driven, updates can easily be rolled out, bills are more simplified, and more.”


We encourage you to Share our Reports, Analyses, Breaking News and Videos. Simply Click your Favorite Social Media Button and Share.

Report abuse


Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories



Top Global

Top Alternative



Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.