Semmle at Microsoft: Vulnerability hunting


Software - Infrastructure

Company size:

Redmond, WA

Semmle product(s):

Microsoft is the world’s leading platform and productivity company. With their products and services being used by billions of people and millions of companies every day, software security is of paramount importance. Security researchers in Microsoft’s security response team use Semmle QL to find variants of critical problems, allowing them to identify and respond to serious code problems and prevent incidents.


When security researchers at Microsoft identify the root cause of a vulnerability that they have identified or has been reported externally, they perform variant analysis to find and investigate any variants of the vulnerability.

This is critical. Failure by Microsoft to find and patch all variants at the same time as the original vulnerability increases the risk of code being exploited in the wild.

Microsoft leverages Semmle QL to perform variant analysis, scaling their variant finding over time and across multiple codebases and securing their software. 

Read how security researchers at the Microsoft Security Response Center (MSRC) use Semmle QL in a series of blog posts, written by Steven Hunter, Security Software Engineer at MSRC. 

Vulnerability hunting with Semmle QL, part 1

Book a demo

Learn how Semmle lets you create reliable and trustworthy code without slowing down.

Enter your info below, and we will contact you shortly to book a convenient time.

Name *


Email *


Company *


Number of


We will store the information you provide in this form so that we can send you tailored information about our products and services. For more information, see our privacy notice

Please check the form for errors marked with “!”.

Request demo