Microsoft Security Risk Detection (SRD) leverages artificial intelligence to root out bugs in software before released. Microsoft is rolling out SRD, a cloud-based tool built to catch software vulnerabilities before companies release or use it.
SRD aims to eliminate the headache of handling bugs, crashes, and attack response by automating fuzz testing. Businesses traditionally hire security experts to conduct fuzz testing, if they do it at all. Fuzzing seeks out vulnerabilities that could potentially enable threat actors to launch cyberattacks or crash systems. Based on results, developers can use other tools to fix the bugs.
The tool will use several methods to continuously fuzz the software. SRD uses artificial intelligence to ask a series of questions to figure out what might cause a crash and prompt a security concern.
Users can download test cases to reproduce problems and learn where/when they occurred so they know how to prioritize and fix issues then re-test to ensure the flaws are gone.
The service designed for organizations that build their own software, modify off-the-shelf software, or license open-source offerings. SRD doesn’t require source code. Users can input anything open-source.
SRD powered by two big breakthroughs. One is time-travel debugging, which lets users go back through their software to see where and when flaws occurred. The other is constraint-solving technology, which informs the direction of the probe hunting vulnerabilities.
SRD augments the work developers already do by using AI to automate the same reasoning process that people use to find bugs, and scale it through the cloud. It’s for teams that don’t have security talent, and those that may not have security talent to scale out.
Microsoft is also launching a preview of SRD for Linux after users said they needed to write code on multiple different platforms. Molnar anticipates the tool will continue to expand.