back to article Microsoft open-sources fuzzing tool it uses in-house to keep Windows so very secure

Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities. Fuzzing is a way of testing software by feeding it random inputs in the hope it fails in revealing ways. The technique is widely admired because it gets results and can be automated. The tool Microsoft has …

  1. Woza

    That explains it

    So Microsoft products are written using fuzzy logic?

  2. Anonymous Coward
    Anonymous Coward

    RE: That pedigree may not fill you with confidence ...

    "That pedigree may not fill you with confidence seeing as Microsoft’s September patch dump fixed 129 flaws"

    To be fair, it actually *does* inspire a little more confidence than you might otherwise expect. After all, presumably their tools have pro-actively uncovered most of these issues and are therefore of a decent quality.

    If they were *not* putting out patches and fixes, that's when I'd worry that the fuzzing tools were poor quality as they were finding nothing (obviously a fair number of the flaws are found by others and reported to Microsoft, but I'd expect most of them were discovered in-house).

    1. Anonymous Coward
      Anonymous Coward

      Re: RE: That pedigree may not fill you with confidence ...

      Fair enough, but I'd prefer if the flaws were uncovered *before* release, not after.

      I wonder if there's an overreliance on "the tool will find all the bugs for us" versus "hire hood programmers and testers, hive them the time, training, and tools they need".

      1. martynhare
        Thumb Up

        Re: RE: That pedigree may not fill you with confidence ...

        Their developers definitely have the time, training and tools. What they don't have is the luxury of being able to eliminate bad ideas through complete code rewrites. While they did separate their Native API from the Public (Win32) API, allowing them to change a lot of core code, they're committed to Win32 API stability to the point where VB6 code still works.

        In the land of GNU/Linux, volunteers can push forward better solutions and outright ditch bad ideas. In the fantasy world of Apple, the company forces developers to adopt better solutions in a uniform manner. In the world of Windows, developers just shrug off new solutions, knowing Microsoft must maintain the old ones to avoid upsetting enterprises dependent on old stuff.

        (Edit: That's Public, not Pubic)

  3. volsano

    Fuzzy Blue Screen of Death

    Not all of us need a new tool to crash Windows.

    Existing applications do the job very nicely.

    1. JCitizen Bronze badge

      Re: Fuzzy Blue Screen of Death

      Shoot if you want to brick a PC, just upgrade to Windows 10 v 2004 and you will enjoy the vagaries of crashworthiness!

  4. boatsman

    54 criticals in 92 days

    every 2 days a gaping hole in your roof would not qualify as secure from rain, i suppose....


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020