Microsoft announced today the launch of a new IoT-focused research program with awards of up to $100,000 for vulnerabilities found by security researchers in the Azure Sphere IoT security solution.
The new research challenge, dubbed Azure Sphere Security Research Challenge, is an expansion to the Azure Security Lab bounty program announced by Microsoft last year at Black Hat 2019.
Azure Security Lab’s first phase was announced on August 5, 2019, and it included a sandbox-like environment that allowed security researchers to test Azure’s security, featured an increase in Azure bug bounty rewards, as well as new scenario-based challenge rewards.
We are excited to announce a new IoT-focused research program, the Azure Sphere Security Research Challenge, with awards up to $100,000 USD! Deadline to apply is May 15, check out the blog post for more information: https://t.co/YGqcSqh6fy
With the Azure Sphere Security Research Challenge announcement, Redmond added to the incentives, support resources. and coordination framework to make Coordinated Vulnerability Disclosure (CVD) easier for researchers and to encourage further Azure Sphere research.
Microsoft will award bounties of up to $100,000 during this new research challenge to researchers who can demonstrate their ability to execute code on the Microsoft Pluton security subsystem or the Azure Sphere application platform’s Secure World.
Participants enrolled in Microsoft’s Azure Sphere Security Research Challenge will also have access to resources that will support them in their research, including:
• New bounties for Azure Sphere, up to $100K
• Access to Azure Sphere development kit
• Access to Microsoft products and services for research purposes
• Azure Sphere product documentation
• Direct communication channels with the Microsoft team
“This research challenge is focused on the Azure Sphere OS,” Microsoft explained. “Vulnerabilities found outside the research challenge scope, including the Cloud portion, may be eligible for the public Azure Bounty Program awards.
Also, “[p]hysical attacks are out of scope for this research challenge and the public Azure Bounty Program.”
To apply for this three-month application-only security research challenge, you will have to submit your application here before May 15, 2020, with the challenge to run between June 1, 2020, through August 31, 2020.
World news – GB – Microsoft launches IoT-focused bounty program with $100K awards