Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Unveils Open Source Exploit Finder

Posted by Soulskill on from the solutions-looking-for-problems dept.

Houston 2600 sends this excerpt from the Register about an open-source security assessment tool Microsoft presented at CanSecWest: "Microsoft on Friday released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it's still under development. As its name suggests, !exploitable Crash Analyzer (pronounced 'bang exploitable crash analyzer') combs through bugs that cause a program to seize up, and assesses the likelihood of them being exploited by attackers. Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a 'game changer' because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk."

8 of 310 comments (clear)

  1. I'm feeling quite dizzy... by Anonymous Coward · · Score: 4, Funny

    Microsoft has released an open source product that detects security flaws in code... my irony detector just exploded. :)

  2. Things that make you go hmmm... by Anonymous Coward · · Score: 5, Funny

    Could Microsoft be purposely trying to confuse people and associate the terms "open source" and exploits?

  3. It's nice to see... by rlanctot · · Score: 3, Funny

    Microsoft releasing their internal tools finally. I myself am waiting for their '!MakePortedAppsSuck' and '!CrushAllResistance' apps with baited breath...

    1. Re:It's nice to see... by Quothz · · Score: 3, Funny

      with baited breath...

      Speaking of Microsoft and security, I think you've picked up a worm.

  4. interesting excerpt from bang source code by Anonymous Coward · · Score: 5, Funny


    int assess_severity( struct* bug )
    {
        string vendor = get_application_vendor( bug );
        if ((vendor == "Google") ||
            (vendor == "Adobe") ||
            (vendor == "Mozilla"))
              return MAJOR_RISK_UNINSTALL_IMMEDIATELY;
        else if (vendor == "Microsoft")
              return TRIVIAL_SECURITY_RISK;
        else
              return MODERATE_SECURITY_RISK;
    }

  5. Re:Bang exploitable by NeverVotedBush · · Score: 4, Funny

    I think this might explain some of Microsoft's buggy code issues.

    Every time they see "!=" they interpret is as "bang equals". That sounds like definitely equals, doesn't it? Like, dude, those are so equal it's not even funny, equal.

    No wonder they have all those buffer overflow exploits. Their logic checks that include the not modifier are all wrong.

  6. Rules of Open Source club by CarpetShark · · Score: 4, Funny

    1. Fork the project
    2. Change the name

  7. Re:There's already proof that this can't work by Paradise+Pete · · Score: 5, Funny

    And just like anti-virus software, it will lull people into a false sense of security that can easily result in catastrophe

    Exactly. That's why I'm also against railroad crossing gates, smoke detectors, and those silly "Bridge Out" warning signs.