Microsofts’ artificial intelligence (AI) powered cloud based tool called Microsoft Security Risk Detection, previously known as Project Springfield, helps to track down bugs in software is generally available.
The tool is designed for companies that build software themselves, modify off-the-shelf software or license open source offerings. It uses AI to ask a series of “what if” questions to try to root out what might trigger a crash and signal a security concern before the software release, saving companies of having to patch a bug, deal with crashes or respond to an attack after release, says David Molnar.
Each time it runs, “it hones in on the areas that are most critical, looking for vulnerabilities that other tools that don’t take an intelligent approach might miss.” It has proved especially helpful for companies going through a massive digital transformation, incorporating technology into processes that used to either be done manually or utilized much simpler technology, he said.
The tool is currently released for Windows, but Microsoft says, a preview version of the tool for Linux users will soon available as well.
He said, a key component of Microsoft Security Risk Detection, called ‘SAGE,’ is in use by Microsoft itself, since the mid-2000s, starting with versions of Windows, Office and other products. “The risk detection tool is currently being used by several product teams as part of the Microsoft Security Development Lifecycle,” said Molnar.
John Heasman of DocuSign, who is part of a small trial of the Windows version to the tool says, it helped them identify potential bugs they might not have otherwise found. Adding, he said, “it also was especially helpful because it almost never returned false positives, which are potential bugs that turn out not to be problematic.”
Developers interested can sign up to learn more about the Windows version or Linux preview on the Microsoft Security Risk Detection website.
The tool as Microsoft plans, will be offered to purchase in late summer through Microsoft Services.