Free Security Analyser from Microsoft

Microsoft to launch open-source security analyser for application developers.

Today at the CanSecWest conference in Vancouver, Microsoft is releasing an open-source tool to help application developers examine the causes behind program crashes.

Microsoft plans to unveil the tool, called the !exploitable Crash Analyser, on CodePlex 20 March at the conference. A Windows debugger extension, the heuristics-based tool is aimed at not only helping developers assess what is causing crashes, but also ranking the seriousness of a bug.

The program works by examining crash data – information gathered when an application stops performing its expected function – to identify the unique issues that caused the crash. From there, the program provides guidance on how exploitable the crash is, and can be used by third-party developers to then prioritise the problem.

“As a tool, it can save developers time and effort,” said Roger Kay, president of tech industry analyst group Endpoint Technologies Associates. “A number of apparently different crashes can actually be caused by the same code. The analyser isolates the offending block and essentially says, ‘Here, all these different crashes are actually the same failure, and it’s an important one that you ought to fix right away because it presents an open attack surface.’”

The tool will be available 20 March as a free download on the Microsoft Security Engineering Centre Website.