Microsoft was released a new open source security tool called Project OneFuzz, a testing framework (testing framework) for Azure that has several software security testing tools to automate the process of debugging what could be security issues.
Google's open source bots have helped detect thousands of bugs in its software and other open source software programs. Now Microsoft is releasing its answer for software developers.
Project OneFuzz is available on GitHub with an open source MIT license, like other Microsoft open source projects such as Visual Studio Code, .NET Core, and the TypeScript JavaScript programming language.
Microsoft describes Project OneFuzz as an "scalable fuzz framework for Azure."
Fuzzing "works" on a piece of random code in the software until it crashes, possibly revealing security issues as well as performance issues.
Google has been a major supporter of the technique, pushing developers and researchers ασφάλειας σε βοηθητικά προγράμματα και τεχνικές. Τα fuzzers ανοιχτού κώδικα περιλαμβάνουν τα OSS Fuzz and cluster Fuzz.
OSS-Fuzz is available for developers to download from GitHub and can use it in their own code. It is also available as a cloud service for selected open source projects.
Microsoft has announced that it will replace the existing software testing tools also known as Microsoft Security and Risk Detection with the automated open source fuzzing tool.
The company from Redmond also states that the tools offer a different and more expensive challenge for all companies that use software developers and gives credits to Google for pioneering this technology.
OneFuzz is the same test framework that Microsoft uses to detect bugs in Edge, Windows, and other company products.
