Security News > 2020 > May > Microsoft announces limited Azure Sphere bug bounty program
![Microsoft announces limited Azure Sphere bug bounty program](/static/build/img/news/alt/cost-stats-medium.jpg)
Microsoft has announced a new security research / bug bounty program aimed at testing and improving the security of Azure Sphere, its comprehensive IoT security solution.
Through the Azure Sphere Security Service, the MCU can securely connect to the cloud and web, and the service makes sure that the booted software is genuine, that OS security updates are downloaded and installed securely and automatically.
This new bug bounty program - or, as Microsoft calls it, security research challenge - is an expansion of the Azure Security Lab and will focus on the Azure Sphere OS. "Vulnerabilities found outside the research challenge scope, including the Cloud portion, may be eligible for the public Azure Bounty Program awards," the company noted.
"While Azure Sphere implements security upfront and by default, Microsoft recognizes security is not a one-and-done event," the MSRC team noted.
"Risks need to be mitigated consistently over the lifetime of a constantly growing array of devices and services. Engaging the security research community to research for high-impact vulnerabilities before the bad guys do is part of the holistic approach Azure Sphere is taking to minimize the risk."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/kAnF4xteUic/
Related news
- Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation (source)
- Adobe Adds Firefly and Content Credentials to Bug Bounty Program (source)
- It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure (source)
- Microsoft to start enforcing Azure multi-factor authentication in July (source)
- Azure Service Tags tagged as security risk, Microsoft disagrees (source)
- Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers (source)