Microsoft has had 47,000 developers that are generating about 30,000 bugs in a month and these vulnerabilities are kept throughout 100 AzureDevOps and GitHub repositories to be able to quickly find critical bugs and be a step ahead of hackers.
Scott Christiansen, senior security programme manager at Microsoft said larger volumes of semi-curated data are just the right type for machine learning.
Microsoft has gathered 13 million work items and bugs, since 2001.
Christiansen said, “We used that data to develop a process and machine learning model that correctly distinguishes between security and non-security bugs 99 per cent of the time and accurately identifies the critical, high priority security bugs, 97 per cent of the time.”
This machine learning model is made to help developers precisely find and prioritize critical security issues that require a fix.
“Our goal was to build a machine learning system that classifies bugs as security/non-security and critical/non-critical with a level of accuracy that is as close as possible to that of a security expert,” a Microsoft executive said.
In order to achieve this goal, Microsoft gave its model a ton of bugs that are either tagged security and the others are not tagged security.
The model will then be trained to label data which had not been pre-classified.
There is a long list of features and bugs that software developers need to address.
In order to fight this issue, data science and security teams partner up to find out how machine learning will be able to help.
Christiansen also added, “We discovered that by pairing machine learning models with security experts, we can significantly improve the identification and classification of security bugs.”