Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities.
Fuzzing is a way of testing software by feeding it random inputs in the hope it fails in revealing ways. The technique is widely admired because it gets results and can be automated.
The tool Microsoft has released is called “OneFuzz” and the company says it is “the testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world.”
“OneFuzz has already enabled continuous developer-driven fuzzing of Windows that has allowed Microsoft to proactively harden the Windows platform prior to shipment of the latest OS builds,”said Microsoft Security principal security software engineering lead Justin Campbell and senior director for special projects management Mike Walker.
Erm ... guys ... have you looked at recent patch counts? (We have: you issued 372 this quarter, 54 critical)