A lock with a force field around it, protected from incoming arrows

Microsoft Security Risk Detection

Sign up now for the Windows or Linux free trial

What is Microsoft Security Risk Detection?

Security Risk Detection is Microsoft's unique fuzz testing service for finding security critical bugs in software. Security Risk Detection helps customers quickly adopt practices and technology battle-tested over the last 15 years at Microsoft.


A drawing of a dollar sign with wavy lines emanating from it

"Million dollar" bugs

Security Risk Detection uses "Whitebox Fuzzing" technology which discovered 1/3rd of the "million dollar" security bugs during Windows 7 development.

The Windows logo with a block of ones and zeroes next to it

Battle tested tech

The same state-of-the-art tools and practices honed at Microsoft for the last decade and instrumental in hardening Windows and Office — with the results to prove it.

Drawn depiction of a computer in a cloud

Scalable fuzz lab in the cloud

One click scalable, automated, Intelligent Security testing lab in the cloud.

The Windows logo next to the Linux penguin logo

Cross-platform support

Linux Fuzzing is now available. So, whether you're building or deploying software for Windows or Linux or both, you can utilize our Service.

How does Microsoft Security Risk Detection work?

Ones and zeroes

1. Upload binaries

One-time configuration and sample inputs
The customer logs into a secure web portal. Security Risk Detection provides a Virtual Machine (VM) for the customer to install the binaries of the software to be tested, along with a "test driver" program that runs the scenario to be tested, and a set of sample input files called "seed files" to use as a starting point for fuzzing.

An illustration showing a sphere besieged by onrushing arrows.

2. Run multiple fuzzers

Get data on every run
Security Risk Detection will continuously fuzz test using multiple methods, including Microsoft whitebox fuzzing technology.

Drawing of a magnifying glass revealing a bug

3. Identify high-value bugs

Report actionable test cases
Security Risk Detection reports security vulnerabilities in real time on the secure web portal. Customers can download actionable test cases to reproduce the issue.

An icon of a bug selected for deletion, as on a smartphone

4. Fix bugs

Review report and take action
Customer can prioritize and fix bugs. Then re-test to ensure the effectiveness of the fix.

The Security Risk Detection Value Proposition

Be empowered with data to make the right decisions across a variety of software scenarios.

A drawing of a shield


Drive security quality testing into your development process, resulting in software that's reliable and resilient to attack.

A drawing of a person behind a shield, which has a check mark on it


Assess the security-related technical debt of software products you're thinking about buying, whether it's an off-the-shelf product or IP from a pending acquisition or merger.

A drawing of a lock superimposed upon a cloud

Transforming applications

Make well-informed cloud migration decisions based on assessed quality of existing legacy applications.

A drawing of a network diagram


Make well-informed Architectural decisions based on the Security Quality of your existing Applications.

What's New

Now open for Linux free trial!

We’re excited to open our massively scalable and cutting edge fuzzing technology for Linux for a free trial