Security News > 2020 > April > Developers: This new tool spots critical security bugs 97% of the time

Developers: This new tool spots critical security bugs 97% of the time
2020-04-17 17:01

By pairing the system with human security experts, Microsoft said it was able to develop an algorithm that was not only able to correctly identify security bugs with nearly 100% accuracy, but also correctly flag critical, high priority bugs 97% of the time.

According to Microsoft, its team of 47,000 developers generate some 30,000 bugs every month across its AzureDevOps and GitHub silos, causing headaches for security teams whose job it is to ensure critical security vulnerabilities don't go missed.

To remedy this, Microsoft set to work building a machine learning model capable of both classifying bugs as security or non-security issues, as well as identifying critical and non-critical bugs "With a level of accuracy that is as close as possible to that of a security expert."

Once the production model had been approved, Microsoft set about programming a two-step learning model that would enable the algorithm to learn how to distinguish between security bugs and non-security bugs, and then assign labels to bugs indicating whether they were low-impact, important or critical.

"By applying machine learning to our data, we accurately classify which work items are security bugs 99 percent of the time. The model is also 97 percent accurate at labeling critical and non-critical security bugs."


News URL

https://www.techrepublic.com/article/microsoft-our-new-machine-learning-model-spots-critical-security-bugs-97-of-the-time/#ftag=RSS56d97e7