Security News > 2020 > May > Microsoft Shells Out $100K for IoT Security

Microsoft has launched a bug-bounty program for its Azure Sphere offering, which is a security suite for the internet of things that encompasses hardware, OS and cloud elements.

Microsoft is offering various resources to program participants, including the Azure Sphere development kit; product documentation; direct communication channels with the Microsoft team; and other Microsoft products and services if needed.

"Microsoft recognizes security is not a one-and-done event," wrote Sylvie Liu, security program manager at the Microsoft Security Response Center, in announcing the challenge this week.

Microsoft continues to roll out bug-bounty programs.

Last year, the computing giant released a program designed to sniff out flaws in Azure DevOps; kicked off a program with payouts as high as $100,000 for holes in identity services and implementations of the OpenID standard, Microsoft Account and Azure Active Directory; and in the wake of the Meltdown and Spectre flaws, Microsoft started a new bug bounty program targeting speculative execution side-channel vulnerabilities that offered up to $250,000 for identifying new categories of speculative execution attacks that Microsoft and other industry partners are not yet aware of.

News URL

https://threatpost.com/microsoft-100k-iot-security-azure-sphere/155517/