Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Unveils Open Source Exploit Finder

Posted by Soulskill on from the solutions-looking-for-problems dept.

Houston 2600 sends this excerpt from the Register about an open-source security assessment tool Microsoft presented at CanSecWest: "Microsoft on Friday released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it's still under development. As its name suggests, !exploitable Crash Analyzer (pronounced 'bang exploitable crash analyzer') combs through bugs that cause a program to seize up, and assesses the likelihood of them being exploited by attackers. Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a 'game changer' because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk."

3 of 310 comments (clear)

  1. Things that make you go hmmm... by Anonymous Coward · · Score: 5, Funny

    Could Microsoft be purposely trying to confuse people and associate the terms "open source" and exploits?

  2. interesting excerpt from bang source code by Anonymous Coward · · Score: 5, Funny


    int assess_severity( struct* bug )
    {
        string vendor = get_application_vendor( bug );
        if ((vendor == "Google") ||
            (vendor == "Adobe") ||
            (vendor == "Mozilla"))
              return MAJOR_RISK_UNINSTALL_IMMEDIATELY;
        else if (vendor == "Microsoft")
              return TRIVIAL_SECURITY_RISK;
        else
              return MODERATE_SECURITY_RISK;
    }

  3. Re:There's already proof that this can't work by Paradise+Pete · · Score: 5, Funny

    And just like anti-virus software, it will lull people into a false sense of security that can easily result in catastrophe

    Exactly. That's why I'm also against railroad crossing gates, smoke detectors, and those silly "Bridge Out" warning signs.