Microsoft previews Project Springfield AI software testing tool to identify flaws in developers' code

Microsoft has 'battle tested' Project Springfield with Windows since Windows 7

Project Springfield, a Microsoft-developed cloud-based tool to help developers identify major bugs in their Windows applications has been previewed for the first time this week at the company's Ignite developer conference in Atlanta, Georgia.

The aim of Project Springfield is to save developers the "costly effort" of having to release patches once a piece of software is already public.

Instead, the Azure-based service is intended to help developers find bugs in their work by combining 'fuzz testing', an automated way of testing code by throwing semi-random inputs at it, with artificial intelligence (AI). The aim is to learn which parts of the code might be most critically affected by harmful inputs.

This, claims Microsoft, involves asking a series of 'what if' questions and can make more sophisticated decisions about triggering a crash, enabling it to find vulnerabilities other fuzz-testing tools miss.

The company says that Project Springfield, which it has been testing with a small number of customers and collaborators, is ideal for 'battle testing' apps that allow users to upload documents and other file types that may not be trustworthy.

Microsoft has used a part of Project Springfield, called SAGE, to find bugs in Windows and Office since the mid-2000s, and claims that one-third of the "million dollar" bugs in Windows 7 were found using this "whitebox fuzzing" technology.

Now Microsoft aims to offer it in the cloud as a tool for organisations to use to test their own code.

"Project Springfield works on binaries, with no source code or private symbols needed," Microsoft claimed.

"You need to be able to install the software you deploy on a virtual machine that runs in Azure, provide a 'test driver' that exercises your software, and a set of sample inputs. Project Springfield uses these to create many test cases for exercising your program."

Once signed up, binaries can be uploaded to Project Springfield, which can test the software in the Azure cloud. It'll then notify users when it has found a bug and will grant access to test cases for reproducing the issue and understanding what might be wrong.

The company hasn't said when it'll publicly launch the service, but users can sign up now to test-drive the preview.