September 25, 2020

Microsoft launched a bug bounty program focused on Internet of Things

2 min read

To improve security, Microsoft announced a new bounty hunter program for the Azure Sphere, a comprehensive IoT security solution delivering end to end security across hardware, OS, and the cloud. to incentivize security researchers to find vulnerabilities. Microsoft said that if researchers can find valuable vulnerabilities in the solution, the company can provide researchers with a maximum award of $100,000. Microsoft Azure Sphere is a cloud-based application management platform, in which IoT solutions are mainly for communication services provided by IoT devices.

The launch of this bounty hunter program is naturally to improve the security of products because more and more companies choose Microsoft as a cloud provider, so security is particularly important.

In order to facilitate security researchers to actively search for potential security vulnerabilities, Microsoft also said that the company will provide a variety of research resources for the participating researchers.US Air Force bug bounty

This includes the free provision of the Azure Sphere development kit, access to Microsoft products and services for research purposes, and documentation on IoT solutions.

At the same time, Microsoft said that it will arrange a special team to contact the researchers. If the researchers find problems or encounter problems during the research, they can directly contact the support team.

Microsoft will provide researchers with rewards according to the vulnerability level, of which a maximum of 100,000 US dollars can be provided.

Interested security researchers must submit their applications here before May 15th. After approval, the research challenge will be held from June 1st to August 31st.

Researchers can submit any discovered vulnerabilities to Microsoft during the three-month challenge, in which container code execution vulnerabilities can receive the highest reward.

This vulnerability challenge is mainly aimed at the Azure Sphere OS platform, but if researchers find other vulnerabilities in Microsoft Cloud, they may also receive rewards.