The Microsoft Security Risk Detection Service (MSRD) was discontinued effective June 25, 2020. This service from Microsoft Research provided users with a premium software testing experience, searching for vulnerabilities in native code with the power of MSR‘s Scalable Automated Guided Execution (SAGE) tool. As the security industry shifts from gate-driven audits by professional testers to automated testing by developers, we’re also shifting our approach to open source. In ISOCpp‘s 2020 annual survey, 37% of developers are now using sanitizers and fuzzing in concert in a continuous deploy setup. Modern fuzzing is driven by open source sanitizers that bake instrumentation and test case generation into software at compile time; Microsoft will adopt this paradigm.
Microsoft Research has replaced the MSRD fuzzing service with an open source self-hosted developer fuzzing platform for Azure. OneFuzz is currently being developed and tested as a partnership with many of Microsoft’s core product teams. This fuzzing platform integrates sanitizers and allow for adaptive, learning fuzz tests built into CI/CD pipelines that grow over time with software projects. OneFuzz was released open source on github in 2020 in collaboration with partners to bring Azure-powered fuzzing to developers everywhere.
Personne
Cheick Keita
Senior Software Engineer
Marina Polishchuk
Software Engineer
Ram Nagaraja
Principal Program Manager
William Blum
Research Engineer
Stas Tishkin
Senior Software Engineer
Dave Tamasi
Program Manager
Marc Greisen
Principal Development Manager