• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Microsoft Announces $100k Azure Security Bug Bounty Program

Microsoft Announces $100k Azure Security Bug Bounty Program

2020-05-06 by Michelle Dvorak

Microsoft Bug Bounty Program

Microsoft Announces Bug Bounty Program to Hack the Security of Azure Sphere its Custom Linux OS

Microsoft is offering a $100,000 bug bounty program to hack its custom Azure Sphere Linux operating system (OS). The Microsoft Azure Sphere Security Research Challenge gives white-hat hackers three months to test, find security flaws in, and improve the security of Azure Sphere. Two awards of $100,000 plus bonuses are available for the ability to hack into the OS. Azure Sphere provides cloud-based security service using Microsoft’s Linux-based operating system (OS).

The platform provides security for microcontroller unit (MCU) powered devices to securely connect to the internet. The application is intended for Internet of Things (IoT) devices like lighting, toys, appliances, and consumer devices.

Azure Overview - Image Credit: Microsoft

Participants must successfully execute code in the Pluton security subsystem or in Secure World mode to win an award. On top of the eligible vulnerability reports, additional awards are available for more elevated vulnerabilities such as the ability to spoof device authentication.

  • 20% additional awards for vulnerabilities rated Critical
  • 10% additional awards for vulnerabilities rated Important

To become eligible for this Azure Sphere Security Research Challenge participants must apply online and await approval. One accepted they will receive

How Hackers Make Money

What is Azure Sphere?

Azure Sphere is an application platform with built-in communication, control, and security features for internet-connected devices.  Microsoft explains, “An Azure Sphere MCU, along with its operating system and application platform, enables the creation of secured, internet-connected devices that can be updated, controlled, monitored, and maintained remotely.”

What is Bug Bounty?

Big bounty programs are official and legal programs to allow white-hack hackers help corporations, software developers, system administrators, and security researchers find vulnerabilities in their applications, software, hardware, and networks. This is one way a legal hacker can earn money from their computer skills. Many companies run continuous rewards programs that provide a conduit for cyber security professionals to help them earn money while helping the company secure their systems. Bug bounty programs use the information discovered by the hackers to secure their applications and environments.

The idea behind a bug bounty program is to get information related to all levels of security flaws fixed before they are exploited in the wild. When a security flaws is discovered, but not yet patched, it is known as a zero-day vulnerability. If a security flaw is serious or critical, it may be used to hack into accounts or systems before the developer implements a fix. Often details about a security flaw are not published until an update has spread to enough affected systems.

Information about known security bugs can be seen in official list of Common Vulnerabilities and Exposures.

Both Microsoft and Google each run a continuous bug bounty program offering cash rewards for those who find and report bugs.

The Azure Sphere Security Research Challenge starts on June 1, 2020 and lasts three months. Participants must apply by May 15, 2020. Although the Azure Sphere Security Research Challenge is only for the Azure Sphere operating system, other vulnerabilities may be eligible for the public Azure Bounty Program awards.

Filed Under: News Tagged With: Bug Bounty

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version