Microsoft is looking for testers for a new bug-detection service that will run on Azure.
Credit: Microsoft That service, codenamed "Project Springfield" -- developed internally by Microsoft Research in the mid 2000s -- was designed as a white-box fuzzing technology for preemptively finding and swatting bugs in Microsoft's own products.
Bug catching activities beneficial, but obstacles exist
Rewarding security researchers to spot Web site bugs and loopholes a "positive" endeavor, but safeguarding data privacy and negotiating different regulatory regimes may prove challenging, observers note.
Microsoft Research's NExT group now is looking to commercialize Springfield in the form of an Azure-hosted service. (The NExT arm of Microsoft Research, which is in the midst of becoming part of a new combined AI and research group , aims to develop research technologies that ultimately will be commercialized.)
"This (service) is about finding really deep bugs that are hard to find with conventional testing," said Vikram Dendi, chief product officer with Microsoft Research NExT. "It's like time-travel debugging because it provides the ability to 'rewind' and understand better what's going on."
Starting last year, Springfield was available to select customers and partners as part of a non-disclosure preview program. But as of this week, Microsoft is providing a link where interested customers and partners can sign up and, if approved, get access to a preview of the new service.
A number of Microsoft teams, including the Windows 7 team, have been using Springfield (which internally was known as SAGE) for years. It currently works with Windows binaries, with support for Linux coming in the future.