Microsoft to Unveil Open-Source Security Analyzer for Application Developers

Microsoft is launching a free tool to help enterprises prioritize program bugs that cause application crashes. The company is unveiling the open-source tool at the CanSecWest conference March 20.

Microsoft is releasing an open-source tool to help application developers examine the causes behind program crashes.

Microsoft plans to unveil the tool, called the !exploitable Crash Analyzer, on CodePlex March 20 at the CanSecWest conference in Vancouver, British Columbia. A Windows debugger extension, the heuristics-based tool is aimed at not only helping developers assess what is causing crashes, but also ranking the seriousness of a bug.

The program works by examining crash data-information gathered when an application stops performing its expected function-to identify the unique issues that caused the crash. From there, the program provides guidance on how exploitable the crash is, and can be used by third-party developers to then prioritize the problem.

"As a tool, it can save developers time and effort," said Roger Kay, president of tech industry analyst group Endpoint Technologies Associates. "A number of apparently different crashes can actually be caused by the same code. The analyzer isolates the offending block and essentially says, -Here, all these different crashes are actually the same failure, and it's an important one that you ought to fix right away because it presents an open attack surface.'"

The tool will be available starting March 20 as a free download on the Microsoft Security Engineering Center Website.