Microsoft’s Distributed Fuzzing Finds 1800 Office Bugs

Slashdot describes their approach as using a botnet. The project was undertaken by the software giant’s trusted computing group and the priority was finding security bugs. Fuzzing is a common security technique whereby failure modes for software are found by feeding it random inputs.

I guess since this was a security group inside Microsoft and fuzzing is usually employed to harden or hack software, that’s how the reporters justify calling what they did a botnet. That is misleading though as botnets consist of zombie PCs that are taken over through some sort of malicious attack, usually a trojan or some other flavor of malware. What they did is more closely related to Folding@Home. It is still a clever way to scale up a useful form of testing.

Not all 1800 bugs are security flaws, the researchers admit. They also don’t mention how many of the nearly 2000 flaws they fixed. I expect not a lot, again, since the focus of the exercise seemed to be using a novel approach for shaking loose bugs in the first place.

Leave a Reply

Your email address will not be published. Required fields are marked *