Microsoft is previewing a cloud-based bug detector, dubbed Project Springfield, that it calls one of its most sophisticated tools for finding potential security vulnerabilities.
Project Springfield uses “whitebox fuzzing,” which uncovered one-third of the “million dollar” security bugs during the development of Windows 7. Microsoft has been using a component of the project called SAGE since the mid-2000s to test products prior to release, including fuzzing both Windows and Office applications.
For this project, SAGE is bundled with other tools for fuzz testing, featuring a dashboard and other interfaces that enable use by people without an extensive security background. The tests are run using Microsoft’s Azure cloud.