
Microsoft previews Project Springfield, a cloud-based bug detector - Qworg
http://blogs.microsoft.com/next/2016/09/26/microsoft-previews-project-springfield-cloud-based-bug-detector/#sm.00001jhlwu88myf9hvdfgf8s2b4ui
======
jdp23
Here's the research paper, Automated Whitebox Fuzz Testing by Patrice
Godefroid, Michael Levin, and David Molnar:

"Our approach records an actual run of the program under test on a well-formed
input, symbolically evaluates the recorded trace, and gathers constraints on
inputs capturing how the program uses these. The collected constraints are
then negated one by one and solved with a constraint solver, producing new
inputs that exercise different control paths in the program. This process is
repeated with the help of a code-coverage maximizing heuristic designed to
find defects as fast as possible."

[https://www.microsoft.com/en-us/research/wp-
content/uploads/...](https://www.microsoft.com/en-us/research/wp-
content/uploads/2016/09/ndss2008.pdf)

------
ekzy
I usually scroll down for appealing infographics before I start reading the
post. But all we got here is people posing for their new Linkedin profile pic

~~~
sumitgt
Yeah, this was totally the wrong page to link. This seems more appropriate for
HN: [https://www.microsoft.com/en-
us/springfield/](https://www.microsoft.com/en-us/springfield/)

~~~
Qworg
You're 100% right - I didn't know if the actual site was up yet.

------
sandworm101
>> With widely used software such as an operating system or productivity
suite, deploying those patches can cost as much as $1 million, the researchers
say.

That is part of why so many people dislike Microsoft's attitude. Who cares
that it costs 1m to deploy a patch. Corporate customers are going to be
spending far more than a million installing that patch. Just think about how
many customers are out there who have to test and apply this patch. Fixing a
vulnerability prior to release is worth _billions of dollars to millions of
customers_. That should be the math, not how much MS must spend every other
Tuesday.

~~~
Veen
But catching bugs before release solves both problems, no?

