Connect with us

Hi, what are you looking for?


Management & Strategy

Microsoft Launches Azure DevOps Bug Bounty Program

Microsoft announces new Azure DevOps bounty program

Microsoft announces new Azure DevOps bounty program

Microsoft of Thursday announced the launch of a new bug bounty program targeting Azure DevOps, a cloud service that allows users to collaborate on code development.

The tech giant is prepared to offer between $500 and $20,000 for vulnerabilities found in DevOps online services and the latest versions of DevOps Server and Team Foundation Server.

Bug bounty hunters have been invited to submit their findings to secure(at) Eligible vulnerabilities include cross-site scripting (XSS), cross-site request forgery (CSRF), cross-tenant data tampering or access, insecure direct object reference, injections, server-side code execution, deserialization bugs, security misconfigurations not caused by the user, and the use of components with known vulnerabilities.

The highest rewards have been offered for critical remote code execution vulnerabilities that are disclosed via a high-quality report. Privilege escalation flaws can earn researchers between $1,000 and $8,000 depending on their severity and the quality of the report. Information disclosure weaknesses are also worth up to $8,000.

“The researcher community plays an essential role in keeping our customers secure, and we will review every submission and recognize your efforts according to our program criteria. If your submission isn’t eligible for bounty but still helps us fix or improve our product, we’ll offer public thanks and recognition for your contribution,” Microsoft said.

Microsoft currently runs nine other bug bounty programs. The highest rewards have been offered for vulnerabilities in Hyper-V (up to $250,000), Microsoft Identity (up to $100,000), and bypasses for anti-exploitation techniques in Windows (up to $100,000).

Related: Microsoft Launches Windows Bug Bounty Program

Related: Microsoft Temporarily Doubles Bounty Payouts for Online Services Bugs

Advertisement. Scroll to continue reading.

Related: Microsoft Extends Edge Bounty Program Indefinitely

Related: Microsoft Makes Hyper-V Debugging Symbols Public

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...