Microsoft Security Risk Detection

成立时间:January 1, 2015

The Microsoft Security Risk Detection Service (MSRD) was discontinued effective June 25, 2020. This service from Microsoft Research provided users with a premium software testing experience, searching for vulnerabilities in native code with the power of MSR‘s Scalable Automated Guided Execution (SAGE) tool. As the security industry shifts from gate-driven audits by professional testers to automated testing by developers, we’re also shifting our approach to open source. In ISOCpp‘s 2020 annual survey, 37% of developers are now using sanitizers and fuzzing in concert in a continuous deploy setup. Modern fuzzing is driven by open source sanitizers that bake instrumentation and test case generation into software at compile time; Microsoft will adopt this paradigm.

Microsoft Research has replaced the MSRD fuzzing service with an open source self-hosted developer fuzzing platform for Azure. OneFuzz is currently being developed and tested as a partnership with many of Microsoft’s core product teams. This fuzzing platform integrates sanitizers and allow for adaptive, learning fuzz tests built into CI/CD pipelines that grow over time with software projects. OneFuzz was released open source on github in 2020 in collaboration with partners to bring Azure-powered fuzzing to developers everywhere.

人员

Cheick Keita的肖像

Cheick Keita

Senior Software Engineer

Marina Polishchuk的肖像

Marina Polishchuk

Software Engineer

Ram Nagaraja的肖像

Ram Nagaraja

Principal Program Manager

William Blum的肖像

William Blum

Research Engineer

Stas Tishkin的肖像

Stas Tishkin

Senior Software Engineer

Dave Tamasi的肖像

Dave Tamasi

Program Manager

Marc Greisen的肖像

Marc Greisen

Principal Development Manager