Security News > 2020 > May > Microsoft announces limited Azure Sphere bug bounty program
Microsoft has announced a new security research / bug bounty program aimed at testing and improving the security of Azure Sphere, its comprehensive IoT security solution.
Through the Azure Sphere Security Service, the MCU can securely connect to the cloud and web, and the service makes sure that the booted software is genuine, that OS security updates are downloaded and installed securely and automatically.
This new bug bounty program - or, as Microsoft calls it, security research challenge - is an expansion of the Azure Security Lab and will focus on the Azure Sphere OS. "Vulnerabilities found outside the research challenge scope, including the Cloud portion, may be eligible for the public Azure Bounty Program awards," the company noted.
"While Azure Sphere implements security upfront and by default, Microsoft recognizes security is not a one-and-done event," the MSRC team noted.
"Risks need to be mitigated consistently over the lifetime of a constantly growing array of devices and services. Engaging the security research community to research for high-impact vulnerabilities before the bad guys do is part of the holistic approach Azure Sphere is taking to minimize the risk."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/kAnF4xteUic/