Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Microsoft Offering Up to $100,000 for Vulnerabilities in Azure Sphere

Microsoft launches Azure Sphere security research challenge

Microsoft launches Azure Sphere security research challenge

Microsoft on Tuesday announced a new security research challenge that encourages white hat hackers to find and responsibly disclose vulnerabilities in the company’s Azure Sphere solution.

Azure Sphere is an IoT security solution designed to provide end-to-end security across hardware, operating system and the cloud.

In an effort to identify potentially serious vulnerabilities in Azure Sphere, Microsoft has decided to run a three-month application-only challenge.

Hackers can apply for the Azure Sphere Research Challenge until May 15, and the challenge will run between June 1 and August 31. Researchers whose applications have been accepted will receive an email from Microsoft.

This new initiative, an expansion of the Azure Security Lab project announced last year, invites researchers to find vulnerabilities that would allow them to execute code on the Pluton security subsystem, which is the hardware-based secured root of trust for Azure Sphere, or in the Secure World operating environment of the Azure Sphere application platform. Microsoft is prepared to pay out up to $100,000 for these types of exploits.

While this research focuses on the Azure Sphere OS, vulnerabilities in other components could still receive a reward through the public Azure bug bounty program.

For the Azure Sphere Research Challenge, Microsoft has teamed up with several cybersecurity solutions providers, including Avira, Baidu, Bitdefender, Bugcrowd, Cisco, ESET, FireEye, F-Secure, HackerOne, K7 Computing, McAfee, Palo Alto Networks and Zscaler.

“While Azure Sphere implements security upfront and by default, Microsoft recognizes security is not a one-and-done event. Risks need to be mitigated consistently over the lifetime of a constantly growing array of devices and services. Engaging the security research community to research for high-impact vulnerabilities before the bad guys do is part of the holistic approach Azure Sphere is taking to minimize the risk,” Microsoft said.

Advertisement. Scroll to continue reading.

Related: Microsoft Launches Azure DevOps Bug Bounty Program

Related: Microsoft Offers Up to $300,000 in New Azure Security Lab

Related: Microsoft Paid $2,000,000 in Bounty Rewards in 2018

Related: Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.