Microsoft To Offer Open Source Security App For Developers - InformationWeek
Software // Operating Systems
07:05 PM
Connect Directly

Microsoft To Offer Open Source Security App For Developers

The company said its upcoming !exploitable Crash Analyzer software is a heuristics-based tool that improves with additional collaboration.

In 2001, Microsoft CEO Steve Ballmer famously referred to open source software, specifically the GPL, as intellectual property cancer.

These days, Microsoft has moderated its stance. "Open source is neither an industry fad, nor a magic bullet," the company explains on the open source section of its Web site. "Rather, the development methods commonly encompassed by the term open source have provided customers and developers with additional options among many in the technology ecosystem."

So it is that on Friday, Microsoft's Security Science team plans to announce the release of an open source crash analysis tool at the CanSecWest security conference in Vancouver, British Columbia.

And as if to assure the world that its hip to this whole open source thing, the company has bestowed upon its software a "l33t" name: the !exploitable Crash Analyzer. It's an endearing effort, sort of like watching a parent trying on Heelys. With any luck, Yahoo! will feel flattered by Microsoft's move on its exclamation point rather than litigious.

The program is a Windows Debugger extension that identifies crashes that occur during application development and testing and attempts to group them and highlight their security implications.

Microsoft is releasing it to help developers write more secure code. It plans to make the application available as a free download though the Microsoft Security Engineering Center Web site on Friday.

Asked why the company chose to make its !exploitable Crash Analyzer open source, a company spokesperson explained, "Microsoft is committed to providing a more secure computing experience and realizes this can only be done through industry collaboration. As always, Microsoft is open to new ways of pursuing its goals of a more secure Internet, and in contexts where it makes sense, open source code helps achieve this goal. The tool is a heuristics-based tool that improves with additional collaboration, therefore the open source release allows developers, testers, and security researchers throughout the industry to work together to create a more secure computing environment."

Roger Kay, founder and president of consulting firm Endpoint Technologies Associates, explains that while Microsoft wants to make its own software secure, the security of its software is often affected by the security of its partners' software.

"Microsoft necessarily has to worry about other people's stuff because it sits on their stuff," he said. "If there's a vulnerability on someone else's app, all the trouble they have gone to secure their software may be for naught."

Just as Google actively tries to stop online malware to protect the environment in which its users operate, Microsoft also wants to keep computing worry free. "Microsoft sees security as a general good, something that should be spread around as widely as possible," Kay explained.

The !exploitable Crash Analyzer provides a way for Microsoft to do that. "The essence of it is they have figured out a way to understand the nature of a crash," explained Kay. "Lots of times, crashes look different but are actually governed by the same underlying process." Armed with that knowledge, a fix can be more effective.

The software also helps to prioritize crashes, so that developers know which problems need to be addressed immediately and which ones can wait.

Kay said that developers don't always have the resources or incentive to repair their software in a timely manner. The !exploitable Crash Analyzer, he said, "will help many developers figure out what's going on."

InformationWeek has published an in-depth report on Windows 7. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll