Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Microsoft Launches Azure DevOps Bug Bounty Program

Microsoft announces new Azure DevOps bounty program

Microsoft announces new Azure DevOps bounty program

Microsoft of Thursday announced the launch of a new bug bounty program targeting Azure DevOps, a cloud service that allows users to collaborate on code development.

The tech giant is prepared to offer between $500 and $20,000 for vulnerabilities found in DevOps online services and the latest versions of DevOps Server and Team Foundation Server.

Bug bounty hunters have been invited to submit their findings to secure(at) Eligible vulnerabilities include cross-site scripting (XSS), cross-site request forgery (CSRF), cross-tenant data tampering or access, insecure direct object reference, injections, server-side code execution, deserialization bugs, security misconfigurations not caused by the user, and the use of components with known vulnerabilities.

The highest rewards have been offered for critical remote code execution vulnerabilities that are disclosed via a high-quality report. Privilege escalation flaws can earn researchers between $1,000 and $8,000 depending on their severity and the quality of the report. Information disclosure weaknesses are also worth up to $8,000.

“The researcher community plays an essential role in keeping our customers secure, and we will review every submission and recognize your efforts according to our program criteria. If your submission isn’t eligible for bounty but still helps us fix or improve our product, we’ll offer public thanks and recognition for your contribution,” Microsoft said.

Microsoft currently runs nine other bug bounty programs. The highest rewards have been offered for vulnerabilities in Hyper-V (up to $250,000), Microsoft Identity (up to $100,000), and bypasses for anti-exploitation techniques in Windows (up to $100,000).

Related: Microsoft Launches Windows Bug Bounty Program

Related: Microsoft Temporarily Doubles Bounty Payouts for Online Services Bugs

Related: Microsoft Extends Edge Bounty Program Indefinitely

Related: Microsoft Makes Hyper-V Debugging Symbols Public

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.