skip to content
Go back Go back

Searching for Solorigate: How CodeQL empowered the search for malicious code

CodeQL is transforming how Microsoft does security response. This talk will discuss how features unique to CodeQL have empowered Microsoft to build out semantic search capabilities across its products and services, and how those capabilities have changed the Microsoft playbook with respect to reactively assessing its code for newly discovered vulnerability classes and variants.

During this 30-minute session, there will be details on how CodeQL was used as one of the response tools to Solorigate (http://aka.ms/solorigate)—Microsoft’s name for the incident resulting from the compromise of the company SolarWinds, providing unique analysis capability that would have been challenging to replicate via other methods. CodeQL has enabled Microsoft to analyze billions of lines of code for novel new patterns in days or often mere hours, and has notably changed our approach to response.