Microsoft’s machine learning model can tell the difference between security and non-security software bugs with 99 percent precision. It can also identify critical, high-priority security bugs 97 percent of the time, according to the company's latest blog post.
Microsoft set out to build a machine learning model to support software engineers and bug hunters, who were frequently overburdened. The firm trained its machine learning model on a data set of 13 million work items and bugs identified by its 47,000 developers.
Security experts provided the ML system with the training data, which was encoded into so-called “feature vectors”. First, the system learned to classify security and non-security bugs, and then began to distinguish between critical, important, and low-impact bugs.
“The process didn’t end once we had a model that worked. To make sure our bug modelling system keeps pace with the ever-evolving products at Microsoft, we conduct automated re-training," explained the company.
"The data is still approved by a security expert before the model is retrained, and we continuously monitor the number of bugs generated in production," it added.
The tech giant has pledged to open-source the methodology to GitHub later this year, also providing examples and other important resources.
Hunting for bugs is an important part of every development process, and many companies offer large bounties to anyone able to uncover software vulnerabilities.