The Microsoft team is racing to catch the Bug

Microsoft

The Microsoft team is racing to catch the Bug

Patch Tuesday updates from Microsoft usually include solutions for serious flaws, including those that attackers around the globe are now using.

The business already has the necessary teams to find vulnerabilities in its code (the “red team”) and create defenses against them (the “blue team”). However, that structure has recently changed once again to encourage more interdisciplinary and collaborative work to identify even more errors and weaknesses before things spiral out of control. Microsoft Offensive Research & Security Engineering, also known as Morse, is the department that combines the red team, blue team, and alleged green team. The green team is responsible for identifying flaws or taking weaknesses that the red team has identified and addressing them more systemically by making adjustments to how things are carried out within an organization.

An open-source Azure testing framework called OneFuzz enables Microsoft engineers to continuously and automatically bombard their code with various odd usage cases to find bugs that could go undetected if the program were only used as intended.

Additionally, the combined team has led the charge in urging the usage of safer programming languages (like Rust) throughout the organization. Additionally, they have argued for the inclusion of security analysis tools right inside the actual software compiler used in the business’ production process.

Proactive security has resulted in significant advancement. Because so much of the Windows codebase was created before these enhanced security checks, a recent example of Morse members’ work was reviewing historical software. Morse uncovered an exploitable weakness that would have given attackers access to targets’ devices when looking at how Microsoft developed Transport Layer Security 1.3, the fundamental cryptographic standard used across networks like the internet for secure communication.

More To Explore