A lock with a force field around it, protected from incoming arrows

Microsoft Security Risk Detection

Microsoft Security Risk Detection will be discontinued June 25, 2020

The Microsoft Security Risk Detection Service (MSRD) will be discontinued effective June 25, 2020. This service from Microsoft Research provided users with a premium software testing experience, searching for vulnerabilities in native code with the power of MSR‘s Scalable Automated Guided Execution (SAGE) tool. As the security industry shifts from gate-driven audits by professional testers to automated testing by developers, we’re also shifting our approach to open source. In ISOCpp‘s 2020 annual survey, 37% of developers are now using sanitizers and fuzzing in concert in a continuous deploy setup. Modern fuzzing is driven by open source sanitizers that bake instrumentation and test case generation into software at compile time; Microsoft will adopt this paradigm.

Microsoft Research will replace the MSRD fuzzing service with an open source self-hosted developer fuzzing platform for Azure. This platform is currently being developed and tested as a partnership with many of Microsoft’s core product teams. This fuzzing platform will integrate sanitizers and allow for adaptive, learning fuzz tests built into CI/CD pipelines that grow over time with software projects. We look forward to an open source release of this platform in 2020 and collaboration with partners to bring Azure-powered fuzzing to developers everywhere.