Microsoft opens IoT bug bounty program

2020-05-11 09:27

The company has launched a $100,000 bug bounty for people who can break into Azure Sphere, its security system for IoT devices.

The latest, the Sphere Security Research Challenge, lets bug hunters talk directly to Microsoft's technical team as they try to break into Sphere.

It communicates with the third part, which is a Sphere security service running in the Azure cloud that manages security across a fleet of connected devices.

IoT manufacturers can build the chip and the Sphere OS into their own devices or they can connect existing IoT hardware through a Sphere-based gateway module that Microsoft developed.

Sphere challenge also lists several attacks that won't win the $100,000 prize but which will trigger payouts under Microsoft's existing bug bounty program for Azure, with bonus payments of up to 20%. These include running code on networkd, spoofing device authentication, or unexpected elevation of privilege.

News URL

https://nakedsecurity.sophos.com/2020/05/11/microsoft-opens-iot-bug-bounty-program/

#bounty #bugbounty #IOT #microsoft

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		699	800	4628	4391	3688	13507

News URL

Related news

Related vendor