At its Ignite conference in Atlanta, Microsoft announced a preview of Project Springfield, a cloud-based tool designed to help developers detect bugs in their Windows-based applications.
The main component in Project Springfield is SAGE, a fuzz testing tool that Microsoft used to uncover security flaws in Windows 7. The company says that the cost of deploying patches for majorly distributed software like OSes can go up to a million dollars each; SAGE helped surface a third of all the vulnerabilities that would’ve cost Microsoft that much to fix.
Project Springfield bundles SAGE with a bunch of other tools for fuzz testing and an Azure cloud-based setup, as well as an interface that Microsoft says is easy to use, even without a background in software security.
The company says that Project Springfield is ideal for battle-testing apps that allow users to upload documents and other file types that may not be trustworthy. Fuzz testing sees the tool throwing random inputs at your software to look for instances in which those unforeseen actions cause it to crash.
In addition, Project Springfield uses artificial intelligence to learn which parts of your software are most critically affected by harmful inputs.
Once you’ve signed up to use it, you can upload your binaries to Project Springfield so it can test your software in the cloud. It’ll then notify you when it’s found a bug and will grant you access to test cases for reproducing the issue and understanding exactly what’s wrong.