Microsoft recently announced its bug bounty program “The Azure Sphere Research Challenge,” which offers security researchers up to $100,000 bounty to break into its Azure Sphere Linux IoT OS platform and discover vulnerabilities.
Linux IoT OS is a custom made and compact version of Linux built by the technology giant last year for its Azure Sphere OS. It was designed to run on specialized chips for IoT devices. The Azure Sphere Research Challenge is an extension of Azure Security Lab, which was announced at Black Hat USA in August 2019, with a reward of $40,000.
The duration of the Azure Sphere Research Challenge is three months (from June 1 to August 31, 2020), and security researchers are required to execute codes on Azure Pluton and Azure Secure World. Interested ethical hackers/security professionals can register for the project by May 15, 2020.
Microsoft provides eligible security researchers with the necessary resources to support their research, including:
- Azure Sphere development kit (DevKit)
- Access to Microsoft products and services for research purposes
- Azure Sphere product documentation
- Direct communication channels with the Microsoft team
Commenting on the bug bounty program, Microsoft said, “This new research challenge aims to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution delivering end to end security across hardware, OS and the cloud. While Azure Sphere implements security upfront and by default, Microsoft recognizes security is not a one-and-done event. Risks need to be mitigated consistently over the lifetime of a constantly growing array of devices and services. Engaging the security research community to research for high-impact vulnerabilities before the bad guys do is part of the holistic approach Azure Sphere is taking to minimize the risk.”
Most large organizations usually conduct bug bounties for finding potential vulnerabilities in their systems, which can be fixed before attackers can exploit them. The bug bounties offer fiscal rewards to hackers for finding technical flaws, making it a win-win situation for both. Earlier, Microsoft paid around $4.4 million to researchers as bug bounties at the Black Hat USA 2019 security event in Las Vegas.