Fuzzers are increasingly being used to search for flaws in software. A fuzzer sends randomised data to a program and looks for unexpected results that might indicate a vulnerability.
According to his Blog posting, HD Moore started using his own fuzzers to search for flaws in web browsers a few months ago, and he is now publishing the results as the Month of Browser Bugs Project.
Microsoft has criticised Moore's apparent failure to engage in what the company calls a "responsible disclosure of vulnerabilities." Moore has also drawn criticism from a Russian criminal who objected to the disclosure of the vulnerability he had been exploiting.
Microsoft’s claim appears weak, given that they claimed to be investigating the flaws reported to them by Moore in April.