Microsoft Application Inspector: Check open source components for unwanted features

2020-01-17 12:59

Want to know what's in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted features - or backdoors.

"At Microsoft, our software engineers use open source software to provide our customers high-quality software and services. Recognizing the inherent risks in trusting open source software, we created a source code analyzer called Microsoft Application Inspector to identify 'interesting' features and metadata, like the use of cryptography, connecting to a remote entity, and the platforms it runs on," Guy Acosta and Michael Scovetta, security program managers at Customer Security and Trust, Microsoft, explained the Inspector's genesis.

"Basically, we created Application Inspector to help us identify risky third party software components based on their specific features, but the tool is helpful in many non-security contexts as well," the developers explained.

"Knowing what is in your software is the first step to making key choices about what actions are appropriate before allowing it to be deployed in your own or to customer environments. Our tool includes hundreds of default identifying patterns for detecting general features like frameworks used, file I/O, OS API's as well as the ability to detect key security and privacy features of a component," the developers concluded.

Microsoft Application Inspector is open source and available for download from GitHub.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/cOBmboeOo-M/

#microsoft #opensource

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		725	810	4726	4731	3648	13915