The Microsoft Security Risk Detection Service ( MSRD ) will be discontinued effective June 25, 2020. This service from Microsoft Research provided users with a premium software testing experience, searching for vulnerabilities in native code with the power of MSR ‘s Scalable Automated Guided Execution ( SAGE ) tool. As the security industry shifts from gate-driven audits by professional testers to automated testing by developers, we’re also shifting our approach to open source. In ISOCpp ‘s 2020 annual survey, 37% of developers are now using sanitizers and fuzzing in concert in a continuous deploy setup. Modern fuzzing is driven by open source sanitizers that bake instrumentation and test case generation into software at compile time; Microsoft will adopt this paradigm.

Microsoft Research will replace the MSRD fuzzing service with an open source self-hosted developer fuzzing platform for Azure. This platform is currently being developed and tested as a partnership with many of Microsoft’s core product teams. This fuzzing platform will integrate sanitizers and allow for adaptive, learning fuzz tests built into CI /CD pipelines that grow over time with software projects. We look forward to an open source release of this platform in 2020 and collaboration with partners to bring Azure-powered fuzzing to developers everywhere.