Microsoft has announced the release of the tool to detect and correct errors that has served to strengthen Windows 10, Project OneFuzz.
This tool, capable of automatically detecting software security vulnerabilities, has been used by Redmond both to monitor their star operating system and to review other creations such as the Microsoft Edge browser.
The move assumes that the company keeps his promise moving from Microsoft Security Risk Detection to an equivalent and automated open source utility, Project OneFuzz, made earlier this year.
Project OneFuzz available now
Project OneFuzz It is immediately available on GitHub, as they have communicated, so that any development team can start using it in their projects.
The fuzz testing carried out by this tool consists of carrying out vulnerability scan tests using random data and, Microsoft says, it is a very effective method to increase the security and reliability of native code, and is also the gold standard for finding and eliminating costly and exploitable security flaws.
“Traditionally, ‘fuzz testing’ has been a double-edged sword for developers: constrained by the software development life cycle, highly effective at finding actionable bugs, but very difficult to exploit, execute, and squeeze. That complexity has required dedicated security engineering teams to build and operate ‘fuzz testing’, which made it very useful but costly. Allowing developers to perform these tasks shifts vulnerability discovery to an earlier stage in the development life cycle and simultaneously , frees up security engineering teams to do proactive work. “
With only single line of code, the tool is capable of starting this type of task in a few virtual machines or in thousands of cores.
Share Microsoft releases its tool to detect and correct errors in Windows 10