Microsoft Fuzzing Botnet Finds 1,800 Office Bugs

CWmike writes "Microsoft uncovered more than 1,800 bugs in Office 2010 by tapping into the unused computing horsepower of idling PCs, a company security engineer said on Wednesday. Office developers found the bugs by running millions of 'fuzzing' tests, a practice employed by both software developers and security researchers, that searches for flaws by inserting data into file format parsers to see where programs fail by crashing. 'We found and fixed about 1,800 bugs in Office 2010's code,' said Tom Gallagher, senior security test lead with Microsoft's Trustworthy Computing group, who last week co-hosted a presentation on Microsoft's fuzzing efforts at the CanSecWest security conference. 'While a large number, it's important to note that that doesn't mean we found 1,800 security issues. We also want to fix things that are not security concerns.'"

Hmmm

[jocabergs]

Not sure if I buy the part about them trying to fix the non-security issue bugs... I think the proposed fix for bugs in 2007 is $300 for 2010, but its by no means a comprehensive fix.
(I'm coming from a bitter place, I've been stuck going through idiotic publisher files for the last 3 days and I'm certain it was designed by monkeys(or for them))

Re:No surprise, with that "format"!

[BitZtream]

i'm sorry, I must have missed something ...

Where is your example of some successful software product without backwards compatibility?

Contrary to popular belief, a 'complete rewrite' is almost universally a retarded idea, and any developer with more than a couple years experience knows this.

When you're programming to get something done, its a little different than sitting in mommies basement rewriting your python script because you don't actually have anything else to do.