{"id":90903,"date":"2020-04-16T09:00:04","date_gmt":"2020-04-16T16:00:04","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90903"},"modified":"2023-05-15T23:28:18","modified_gmt":"2023-05-16T06:28:18","slug":"secure-software-development-lifecycle-machine-learning","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/","title":{"rendered":"Secure the software development lifecycle with machine learning"},"content":{"rendered":"<p>Every day, software developers stare down a long list of features and bugs that need to be addressed. Security professionals try to help by using automated tools to prioritize security bugs, but too often, engineers waste time on false positives or miss a critical security vulnerability that has been misclassified. To tackle this problem data science and security teams came together to explore how machine learning could help. We discovered that by pairing machine learning models with security experts, we can significantly improve the identification and classification of security bugs.<\/p>\n<p>At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn\u2019t just apply more people to the problem. However, large volumes of semi-curated data are perfect for machine learning. Since 2001 Microsoft has collected 13 million work items and bugs. We used that data to develop a process and machine learning model that correctly distinguishes between security and non-security bugs 99 percent of the time and accurately identifies the critical, high priority security bugs, 97 percent of the time. This is an overview of how we did it.<\/p>\n<h3>Qualifying data for supervised learning<\/h3>\n<p>Our goal was to build a machine learning system that classifies bugs as security\/non-security and critical\/non-critical with a level of accuracy that is as close as possible to that of a security expert. To accomplish this, we needed a high-volume of good data. In supervised learning, machine learning models learn how to classify data from pre-labeled data. We planned to feed our model lots of bugs that are labeled security and others that aren\u2019t labeled security. Once the model was trained, it would be able to use what it learned to label data that was not pre-classified. To confirm that we had the right data to effectively train the model, we answered four questions:<\/p>\n<ul>\n<li><strong>Is there enough data? <\/strong>Not only do we need a high volume of data, we also need data that is general enough and not fitted to a small number of examples.<\/li>\n<li><strong>How good is the data?<\/strong> If the data is noisy it means that we can\u2019t trust that every pair of data and label is teaching the model the truth. However, data from the wild is likely to be imperfect. We looked for systemic problems rather than trying to get it perfect.<\/li>\n<li><strong>Are there data usage restrictions?<\/strong> Are there reasons, such as privacy regulations, that we can\u2019t use the data?<\/li>\n<li><strong>Can data be generated in a lab?<\/strong> If we can generate data in a lab or some other simulated environment, we can overcome other issues with the data.<\/li>\n<\/ul>\n<p>Our evaluation gave us confidence that we had enough good data to design the process and build the model.<\/p>\n<h3>Data science + security subject matter expertise<\/h3>\n<p>Our classification system needs to perform like a security expert, which means the subject matter expert is as important to the process as the data scientist. To meet our goal, security experts approved training data before we fed it to the machine learning model. We used statistical sampling to provide the security experts a manageable amount of data to review. Once the model was working, we brought the security experts back in to evaluate the model in production.<\/p>\n<p>With a process defined, we could design the model. To classify bugs accurately, we used a two-step machine learning model operation. First the model learned how to classify security and non-security bugs. In the second step the model applied severity labels\u2014critical, important, low-impact\u2014to the security bugs.<\/p>\n<h3>Our approach in action<\/h3>\n<p>Building an accurate model is an iterative process that requires strong collaboration between subject matter experts and data scientists:<\/p>\n<p><strong>Data collection: <\/strong>The project starts with data science. We identify all the data types and sources and evaluate its quality.<\/p>\n<p><strong>Data curation and approval:<\/strong>\u00a0Once the data scientist has identified viable data, the security expert reviews the data and confirms the labels are correct.<\/p>\n<p><strong>Modeling and evaluation: <\/strong>Data scientists select a data modeling technique, train the model, and evaluate model performance.<\/p>\n<p><strong>Evaluation of model in production:<\/strong> Security experts evaluate the model in production by monitoring the average number of bugs and manually reviewing a random sampling of bugs.<\/p>\n<p>The process didn\u2019t end once we had a model that worked. To make sure our bug modeling system keeps pace with the ever-evolving products at Microsoft, we conduct automated re-training. The data is still approved by a security expert before the model is retrained, and we continuously monitor the number of bugs generated in production.<\/p>\n<h3>More to come<\/h3>\n<p>By applying machine learning to our data, we accurately classify which work items are security bugs 99 percent of the time. The model is also 97 percent accurate at labeling critical and non-critical security bugs. This level of accuracy gives us confidence that we are catching more security vulnerabilities before they are exploited.<\/p>\n<p>In the coming months, we will open source our methodology to GitHub.<\/p>\n<p>In the meantime, you can read a published academic paper, <a href=\"https:\/\/docs.microsoft.com\/security\/engineering\/identifying-security-bug-reports\" target=\"_blank\" rel=\"noopener noreferrer\">Identifying security bug reports based solely on report titles and noisy data<\/a>, for more details.<\/p>\n<p>Bookmark the\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0<a href=\"https:\/\/twitter.com\/@MSFTSecurity\">@MSFTSecurity<\/a> for the latest news and updates on cybersecurity. To learn more about our Security solutions visit our <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener noreferrer\">website<\/a>.<\/p>\n<p>\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\"><div class=\"wp-block-msxcm-cta-block\" data-moray data-bi-an=\"CTA Block\">\n\t<div class=\"card d-block mx-ng mx-md-0\">\n\t\t<div class=\"row no-gutters\">\n\n\t\t\t\t\t\t\t<div class=\"col-md-4\">\n\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"240\" height=\"340\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/security-unlocked-podcast-new.png\" class=\"card-img img-object-cover\" alt=\"graphical user interface, application, Teams\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/security-unlocked-podcast-new.webp 240w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/security-unlocked-podcast-new-212x300.webp 212w\" sizes=\"(max-width: 240px) 100vw, 240px\" \/>\t\t\t\t<\/div>\n\t\t\t\n\t\t\t<div class=\"d-flex col-md\">\n\t\t\t\t<div class=\"card-body align-self-center p-4 p-md-5\">\n\t\t\t\t\t<h2>Listen to the Security Unlocked podcast<\/h2>\n\n\t\t\t\t\t<div class=\"mb-3\">\n\t\t\t\t\t\t<p>Hear more from the author of this blog on episode #16 of Security Unlocked. Subscribe for new episodes each week covering the latest in security news.<\/p>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"link-group\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/securityunlockedpodcast.com\/episodes\/judging-a-bug-by-its-title\" class=\"btn btn-link text-decoration-none p-0\" target=\"_blank\">\n\t\t\t\t\t\t\t\t<span>Listen now<\/span>\n\t\t\t\t\t\t\t\t<span class=\"glyph-append glyph-append-chevron-right glyph-append-xsmall\"><\/span>\n\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n<\/div>\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names. <\/p>\n","protected":false},"author":96,"featured_media":90904,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3664,3667],"products":[],"threat-intelligence":[],"tags":[3822],"coauthors":[2297,2298],"class_list":["post-90903","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-ai-and-machine-learning","topic-cloud-security","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Secure the software development lifecycle with machine learning | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure the software development lifecycle with machine learning\" \/>\n<meta property=\"og:description\" content=\"A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-16T16:00:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:28:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-BANNER.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Scott Christiansen, Mayana Pereira\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Secure the software development lifecycle with machine learning\" \/>\n<meta name=\"twitter:description\" content=\"A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-BANNER.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Scott Christiansen, Mayana Pereira\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/scott-christiansen-senior-security-program-manager\/\",\"@type\":\"Person\",\"@name\":\"Scott Christiansen\"},{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mayana-pereira-data-and-applied-scientist\/\",\"@type\":\"Person\",\"@name\":\"Mayana Pereira\"}],\"headline\":\"Secure the software development lifecycle with machine learning\",\"datePublished\":\"2020-04-16T16:00:04+00:00\",\"dateModified\":\"2023-05-16T06:28:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/\"},\"wordCount\":900,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-featured-image.png\",\"keywords\":[\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/\",\"name\":\"Secure the software development lifecycle with machine learning | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-featured-image.png\",\"datePublished\":\"2020-04-16T16:00:04+00:00\",\"dateModified\":\"2023-05-16T06:28:18+00:00\",\"description\":\"A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-featured-image.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-featured-image.png\",\"width\":440,\"height\":268,\"caption\":\"People holding a quick sync-up meeting.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure the software development lifecycle with machine learning\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure the software development lifecycle with machine learning | Microsoft Security Blog","description":"A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/","og_locale":"en_US","og_type":"article","og_title":"Secure the software development lifecycle with machine learning","og_description":"A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/","og_site_name":"Microsoft Security Blog","article_published_time":"2020-04-16T16:00:04+00:00","article_modified_time":"2023-05-16T06:28:18+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-BANNER.png","type":"image\/png"}],"author":"Scott Christiansen, Mayana Pereira","twitter_card":"summary_large_image","twitter_title":"Secure the software development lifecycle with machine learning","twitter_description":"A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-BANNER.png","twitter_misc":{"Written by":"Scott Christiansen, Mayana Pereira","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/scott-christiansen-senior-security-program-manager\/","@type":"Person","@name":"Scott Christiansen"},{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mayana-pereira-data-and-applied-scientist\/","@type":"Person","@name":"Mayana Pereira"}],"headline":"Secure the software development lifecycle with machine learning","datePublished":"2020-04-16T16:00:04+00:00","dateModified":"2023-05-16T06:28:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/"},"wordCount":900,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-featured-image.png","keywords":["Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/","name":"Secure the software development lifecycle with machine learning | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-featured-image.png","datePublished":"2020-04-16T16:00:04+00:00","dateModified":"2023-05-16T06:28:18+00:00","description":"A collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-featured-image.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/04\/Secure-Software-Development-featured-image.png","width":440,"height":268,"caption":"People holding a quick sync-up meeting."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/04\/16\/secure-software-development-lifecycle-machine-learning\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Secure the software development lifecycle with machine learning"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90903"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=90903"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90903\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/90904"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=90903"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=90903"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=90903"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=90903"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=90903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=90903"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=90903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}