Microsoft crashes in with open-source security tool

gallery

Microsoft’s security team has released a new open-source program that will examine crash data – information gathered when an application stops performing – without the aid of a security expert.

The interestingly named !exploitable Crash Analyser tool (pronounced bang exploitable) is aimed at streamlining the process of finding security vulnerabilities while software it is still in development.

Importantly, developers and testers, who aren’t necessarily trained in the security issues which dog application development, should be able to use the tool to identify the unique issues which caused the crash on Microsoft platforms.

The !exploitable Crash Analyser could also be used by security researchers to create more secure products and services.

Microsoft said in a statement: “The tool narrows down the list of issues that cause a crash so users can focus on just the unique issues.

“In addition, the information collected using the tool helps developers and security researchers create more secure products and services.”

According to security researcher Dan Kaminsky, speaking to the Register, the tool is a "game changer", which allows developers to sort through thousands of bugs and identify those which created the most risk.

He said: “Microsoft has taken years of difficulties with security and really condensed that experience down to a repeatable tool that takes a look at the crash and says ‘You better take a look a this'."

The !exploitable Crash Analyser is available on Microsoft's website.

Web developers also received a new free software tool from HP, intended to help those working with Flash to protect their websites against security flaws, and reduce the risk of hackers accessing sensitive data.

The HP SWFScan is available here.

Email to a friend

Print this page