Microsoft was released a new tool ασφάλειας ανοιχτού κώδικα που ονομάζεται Project OneFuzz, ένα πλαίσιο δοκιμών (testing framework) για το Azure που διαθέτει πολλά tools software security testing to automate the process of debugging what could be security issues.
Google's open source bots have helped detect thousands of bugs in its software and other open source software programs. Now Microsoft is releasing its answer for software developers.
Project OneFuzz is available on GitHub with an open source MIT license, like other Microsoft open source projects such as Visual Studio Code, .NET Core, and the TypeScript JavaScript programming language.
Microsoft describes Project OneFuzz as an "scalable fuzz framework for Azure."
Fuzzing "works" on a piece of random code in the software until it crashes, possibly revealing security issues as well as performance issues.
Google has been a major supporter of the technique, pushing developers and security researchers into utilities and techniques. Open source fuzzers include the OSS Fuzz and Cluster Fuzz.
OSS-Fuzz is available for developers to download from GitHub and can use it in their own code. It is also available as a cloud service for selected open source projects.
Microsoft has announced that it will replace the existing software testing tools also known as Microsoft Security and Risk Detection with the automated open source fuzzing tool.
The company from Redmond he also mentions that the tools offer a different and precise challenge for all businesses that use software developers and credits Google for pioneering this technology.
OneFuzz is the same testing framework that Microsoft uses for the detection bugs in Edge, Windows and other company products.