The Microsoft Team Is Racing to Catch the Bug

Patch Tuesday updates from Microsoft usually include solutions for serious flaws, including those that attackers around the globe are now using.

The business already has the necessary teams to find faults in its code (the “red team”) and create defences against them (the “blue team”). However, that structure has recently changed once again to let more interdisciplinary and collaborative work to identify even more errors and weaknesses before things spiral out of control. Microsoft Offensive Research & Security Engineering, or Morse, is the department that combines the red team, blue team, and alleged green team. The green team is responsible for finding flaws or taking weaknesses that the red team identifies and addresses them more systemically by making adjustments to how they carry out things in the organization.

An open-source Azure testing framework called OneFuzz enables Microsoft engineers to continuously and automatically bombard their code with various odd usage cases to find bugs that could go undetected if the program were only used as intended.

Additionally, the combined team has led the charge in urging the usage of safer programming languages (like Rust) throughout the organization. Additionally, they have argued for the inclusion of security analysis tools right inside the actual software compiler used in the business’ production process.

Proactive security made a significant advancement. Because programmers wrote so much of the Windows code before these security checks, a recent example of Morse members’ work was reviewing historical software. Morse uncovered a weakness that would have given attackers access to targets’ devices when looking at how Microsoft developed Transport Layer Security 1.3, the fundamental cryptographic standard used across networks like the internet for secure communication.