Microsoft was released a new open source security tool called Project OneFuzz, a testing framework (testing framework) for Azure which has many software security testing tools to automate the debugging process which could be security issues.
Google's open source bots have helped detect thousands of bugs in its software and other open source software programs. Now Microsoft is releasing its answer for software developers.
Project OneFuzz is available on GitHub with an open source MIT license, like other Microsoft open source projects such as Visual Studio Code, .NET Core, and the TypeScript JavaScript programming language.
Microsoft describes Project OneFuzz as an "scalable fuzz framework for Azure."
Fuzzing "works" on a piece of random code in the software until it crashes, possibly revealing security issues as well as performance issues.
Google has been a major supporter of this techniques, pushing developers and security researchers into utilities and techniques. Open source fuzzers include OSS-Fuzz and Cluster Fuzz.
OSS-Fuzz is available for developers to download from GitHub and can use it in their own code. It is also available as a cloud service for selected open source projects.
Microsoft has announced that it will replace the existing software testing tools also known as Microsoft Security and Risk Detection with the automated open source fuzzing tool.
The Redmond-based company also says the tools offer a different and precise challenge for all businesses that use software developers, and credits Google with pioneering this. technology.
OneFuzz is the same test framework that Microsoft uses to detect bugs in Edge, Windows, and other company products.