Microsoft announces a new program of bug bounty (bug hunting) which invites security researchers to hack into his custom Linux operating system that powers Azure Sphere OS. The latter is designed to run on specialized chips for its Internet of Things (IoT) platform. The operating system has been specially designed for this platform, ensuring that basic services and applications run in isolation in a sandbox for security purposes.
The company contributes up to $ 100,000 to the Azure Sphere Security Research Challenge, which in turn is an extension of the Azure Security Lab. You must register for the research program before May 15 of this year, but the award program itself will be available from June 1 to August 31 for accepted applications.
Microsoft says it is specifically looking for hacks that would allow hackers to gain the ability toexecute code on the Pluto security subsystem and on the Secure World sandbox, and these exploits are rewarded with 100,000 dollars. ” This research challenge focuses on Azure Sphere OS. Vulnerabilities found outside the scope of the research initiative, including the Cloud part, may be eligible for public awards from the Azure Bounty Program. Physical attacks are beyond the scope of this challenge and the public Azure Bounty Program, ”said the company.
Microsoft relies heavily on bug bounty to improve the security of its software. So far, the company has launched similar programs for several key products, including Windows, Microsoft Edge browser and Microsoft Office.
Researchers receive bonuses of up to $ 30,000 for critical vulnerabilities in the Edge browser, and up to $ 15,000 if they find flaws in Insiders versions of Office. On the other hand, a critical RCE flaw in Microsoft Hyper-V is rewarded up to $ 250,000.
In the genes of society
” Microsoft recognizes that security is not a one-time event. Risks must be consistently mitigated over the lifespan of an ever-increasing range of devices and services. Engaging the security research community in the search for high-impact vulnerabilities before hackers do so is part of the holistic approach that Azure Sphere takes to minimize risk. Says the company. If you wish to participate in the new research program, you must submit your application on this page.
Satya Nadella, CEO of Microsoft, sees IoT devices as a key area for the company, describing her business in thecloudas Microsoft’s biggest hardware activity earlier this year. Azure Sphere is a key part of the mission to secure and manage these devices, and is part of Microsoft’s increased effort to gain a world beyond Windows that is increasingly moving towards thecloud.