Microsoft Security Risk Detection is a cloud-based bug detection tool, available in both a Windows version and a Linux version. The tool uses whitebox fuzzing technology to continuously detect security vulnerabilities and bugs in software. Usually outside consultants are used to test new software, but now Microsoft Security Risk Detection can determine if there are problems before software released. This prevents having to patch the problems later.
Microsoft Security Risk Detection uses artificial intelligence to focus on critical areas of new software that could be vulnerable to attack. It asks “What if?” questions to determine what parts of the software are weak.
A test version of the tool was released by Microsoft last year and developers can try it out here.
One of the first companies to volunteer to test the service was a company specializing in automated electronic signatures. Microsoft Security Risk Detection showed promising results by helping Docusign detect bugs with minimal false positives. False positives need to be kept to a minimum because they require a company to spend a great deal of time tracking down problems that don't exist. This takes away time and resources that could be spent investigating legitimate vulnerabilities.
A key-component of this service is Sage, which has been used by Microsoft since the mid-2000s. Sage has been used to test various versions of Windows, Office, and other Microsoft products. Several product teams at Microsoft actually use this particular service in the Microsoft Security Development Lifecycle.
Microsoft Security Risk Detection is beneficial because it gives software developers access to security testing measures that they previously had no access to. Microsoft suggests that this service offers higher security when running multiple Windows applications, while at the same time demonstrating its cloud and artificial intelligence capabilities. Using these resources, security services are taken to a whole new level and can react to new security deficits faster than with traditional solutions.