Microsoft To Offer Open Source Security App For Developers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Operating Systems
News
3/18/2009
07:05 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft To Offer Open Source Security App For Developers

The company said its upcoming !exploitable Crash Analyzer software is a heuristics-based tool that improves with additional collaboration.

In 2001, Microsoft CEO Steve Ballmer famously referred to open source software, specifically the GPL, as intellectual property cancer.

These days, Microsoft has moderated its stance. "Open source is neither an industry fad, nor a magic bullet," the company explains on the open source section of its Web site. "Rather, the development methods commonly encompassed by the term open source have provided customers and developers with additional options among many in the technology ecosystem."

So it is that on Friday, Microsoft's Security Science team plans to announce the release of an open source crash analysis tool at the CanSecWest security conference in Vancouver, British Columbia.

And as if to assure the world that its hip to this whole open source thing, the company has bestowed upon its software a "l33t" name: the !exploitable Crash Analyzer. It's an endearing effort, sort of like watching a parent trying on Heelys. With any luck, Yahoo! will feel flattered by Microsoft's move on its exclamation point rather than litigious.

The program is a Windows Debugger extension that identifies crashes that occur during application development and testing and attempts to group them and highlight their security implications.

Microsoft is releasing it to help developers write more secure code. It plans to make the application available as a free download though the Microsoft Security Engineering Center Web site on Friday.

Asked why the company chose to make its !exploitable Crash Analyzer open source, a company spokesperson explained, "Microsoft is committed to providing a more secure computing experience and realizes this can only be done through industry collaboration. As always, Microsoft is open to new ways of pursuing its goals of a more secure Internet, and in contexts where it makes sense, open source code helps achieve this goal. The tool is a heuristics-based tool that improves with additional collaboration, therefore the open source release allows developers, testers, and security researchers throughout the industry to work together to create a more secure computing environment."

Roger Kay, founder and president of consulting firm Endpoint Technologies Associates, explains that while Microsoft wants to make its own software secure, the security of its software is often affected by the security of its partners' software.

"Microsoft necessarily has to worry about other people's stuff because it sits on their stuff," he said. "If there's a vulnerability on someone else's app, all the trouble they have gone to secure their software may be for naught."

Just as Google actively tries to stop online malware to protect the environment in which its users operate, Microsoft also wants to keep computing worry free. "Microsoft sees security as a general good, something that should be spread around as widely as possible," Kay explained.

The !exploitable Crash Analyzer provides a way for Microsoft to do that. "The essence of it is they have figured out a way to understand the nature of a crash," explained Kay. "Lots of times, crashes look different but are actually governed by the same underlying process." Armed with that knowledge, a fix can be more effective.

The software also helps to prioritize crashes, so that developers know which problems need to be addressed immediately and which ones can wait.

Kay said that developers don't always have the resources or incentive to repair their software in a timely manner. The !exploitable Crash Analyzer, he said, "will help many developers figure out what's going on."


InformationWeek has published an in-depth report on Windows 7. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll