Bugs: AI to the rescue

Bugs. © iStock.

At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. Faced with such a volume of data, Microsoft found it difficult to quickly and efficiently rank bugs to prioritize the most serious ones, i.e. the security-related ones. To achieve this, Microsoft developed a process and machine learning model that correctly distinguishes between security and non-security bugs 99 percent of the time and accurately identifies the critical, high priority security bugs, 97 percent of the time. The model was trained using millions of data collected over 20 years. Microsoft has announced that it will be open sourcing its methodology to GitHub. A paper on the classification of security bug reports based solely on their title has already been published.

⇨ Microsoft Security Blog, Scott Christiansen, Mayana Pereira, “Secure the software development lifecycle with machine learning.”