Case Study: Microsoft strengthens vulnerability hunting with Semmle QL

Microsoft - Customer Case Study

Microsoft Corporation, the world’s leading platform and productivity company, faced a major software security challenge: identifying all variants of critical vulnerabilities across its large and complex codebase. Security researchers at Microsoft’s Security Response Center needed a scalable way to perform variant analysis so they could find related issues quickly and reduce the risk of exploitable code being missed.

To address this, Microsoft implemented Semmle QL from Semmle for variant analysis across multiple codebases. The solution helped Microsoft’s security researchers find and investigate vulnerability variants more efficiently, scaling their efforts over time and improving software security. While no specific numeric results were provided, Semmle enabled Microsoft to respond more effectively to serious code issues and reduce the chance of variants remaining unpatched.

Microsoft Corporation