Microsoft Gives Away Free Fuzzer, Secure Development Tool

Microsoft Gives Away Free Fuzzer, Secure Development Tool
Microsoft Gives Away Free Fuzzer, Secure Development Tool 

By Kelly Jackson Higgins
Sept 16, 2009 

Microsoft continued efforts to spread its own secure software 
development program with today's release of a free fuzzer and tool for 
analyzing binary code.

The software giant last year began opening up its Security Development 
Lifecycle (SDL) for all third-party application developers and 
enterprises as a way to write cleaner, more secure code. As part of its 
SDL-sharing strategy, Microsoft has released several free tools for 
developers, including the SDL Threat Modeling Tool, the !exploitable 
(pronounced "bang exploitable") Crash Analyzer, an add-on to Microsoft's 
Windows debugger fuzzing tool; and the SDL Process Template, which 
integrates Microsoft's SDL directly into third-party and enterprise 
development environments.

Microsoft's latest tools -- BinScope Binary Analyzer and Mini-Fuzz File 
Fuzzer -- support the verification stage of the SDL process. "This is 
the testing phase," says David Ladd, principal security program manager 
for Microsoft's SDL team. Microsoft also released a white paper on how 
to manually integrate the SDL Process Template into its existing Visual 
Studio Team System development projects.

Along with iSEC Partners, the company also released a new report on how 
to measure the ROI of an SDL program. The report, which includes data 
from NIST studies and anecdotal data from iSEC, demonstrates how to use 
metrics to calculate an ROI: "The earlier you can find bugs, the cheaper 
it's going to be for development organizations," Ladd says.


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods