Microsoft has open sourced its tool for sniffing out Windows 10 bugs

(Image credit: Shutterstock)
Audio player loading…

Microsoft (opens in new tab) has open sourced its internal fuzzing tool - Project OneFuzz - which is designed to automatically detect software security (opens in new tab) vulnerabilities, the company has revealed.

The fuzz testing framework is built for Azure and has been used by the firm to interrogate various products, including Windows 10 (opens in new tab), Microsoft Edge (opens in new tab) and more.

The release of Project OneFuzz delivers on promises made earlier this year to transition away from the Microsoft Security Risk Detection (MSRD) service and towards an automated, open-source equivalent.

In a blog post (opens in new tab), the Redmond giant confirmed the tool is available immediately, for any development team that might want to use it.

Windows 10 bug hunt

According to Microsoft, advancements in the world of compilers has made fuzz testing code for vulnerabilities far cheaper and more accessible than ever before.

The company credits Google’s pioneering work in the space, which has served to streamline engineering tasks such as crash detection, coverage tracking and input harnessing.

“Fuzz testing is a highly effective method for increasing the security and reliability of native code - it is the gold standard for finding and removing costly, exploitable security flaws,” explained Justin Campbell and Mike Walker of Microsoft Security.

“Traditionally, fuzz testing has been a double-edged sword for developers: mandated by the software development lifecycle, highly effective in finding actionable flaws, yet very complicated to harness, execute and extract information from.” 

According to the pair, making the Project OneFuzz framework widely available will mean bugs are discovered earlier in the development process and allow security staff to actively hunt down vulnerabilities.

The tool can reportedly be used to launch fuzz tasks, “ranging in size from a few virtual machines to thousands of cores”, with just a single line of code.

Project OneFuzz is available to download immediately via GitHub, published under the highly permissive MIT license, and will continue to receive regular updates from Microsoft.

  • Here's our list of the best antivirus (opens in new tab) services around
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.