Security News > 2020 > September > Microsoft open-sources fuzzing tool it uses in-house to keep Windows so very secure

Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities.

The tool Microsoft has released is called "OneFuzz" and the company says it is "The testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world."

"OneFuzz has already enabled continuous developer-driven fuzzing of Windows that has allowed Microsoft to proactively harden the Windows platform prior to shipment of the latest OS builds,"said Microsoft Security principal security software engineering lead Justin Campbell and senior director for special projects management Mike Walker.

The tool's been open-sourced because: "Microsoft's goal of enabling developers to easily and continuously fuzz test their code prior to release is core to our mission of empowerment."

The pair promise that the tool offers a single command line capable of launching "Fuzz jobs ranging in size from a few virtual machines to thousands of cores." Visual Studio is adding support for that sort of thing and other features in the tool.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/16/microsoft_open_sources_fuzzing_tool/