Security News > 2020 > October > Microsoft pays over $370,000 for Azure Sphere bug reports
Microsoft awarded over $370,000 in bounties to security researchers for 16 bounty eligible reports of vulnerabilities submitted through the Azure Sphere Security Research Challenge IoT-focused research program.
Azure Sphere Security Research Challenge is a 3-month expansion to the Azure Security Lab bounty program Microsoft announced last year at Black Hat 2019.
"Many of the vulnerabilities found during the research challenge were novel and high impact, and led to major security improvements for Azure Sphere in their 20.07, 20.08, and the latest 20.09 updates, which have been automatically pushed to Azure Sphere devices that are connected to the internet to help secure Azure Sphere customers," Microsoft said.
Researchers can still submit any Azure Sphere high impact vulnerabilities as part of the Microsoft Azure Bounty Program, with qualified submissions bein eligible for awards up to $40,000.
We are excited to share the result of the 3-month Azure Sphere Security Research Challenge: researchers surfaced 20 Critical and Important severity security vulnerabilities, with Microsoft awarding $374,300 for 16 bounty eligible reports.
News URL
Related news
- It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure (source)
- Microsoft to start enforcing Azure multi-factor authentication in July (source)
- Azure Service Tags tagged as security risk, Microsoft disagrees (source)
- Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation (source)
- Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers (source)