Search results for: Microsoft bug bounty


Microsoft announces limited Azure Sphere bug bounty program

Microsoft has announced a new security research / bug bounty program aimed at testing and improving the security of Azure Sphere, its comprehensive IoT security solution. The challenge will start on June 1, 2020 and will last three months. Aspiring participants must apply by May 15, 2020. What is Azure Sphere? “Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices,” Microsoft explains. It consists of a secured, … More


Microsoft invites gamers and researchers to new Xbox bug bounty program

Gamers, security researchers, and technologists have been invited to identify security vulnerabilities in Xbox network and services and report them to Microsoft. Bounty rewards will range from $500 to $20,000 USD. Why? Microsoft runs a number of bug bounty programs and has now decided that their Xbox offerings need extra attention from security researchers. “The bounty program supplements our existing investments in security development and testing to uncover and remediate vulnerabilities which have a direct … More

Microsoft Azure

Microsoft launches Azure DevOps bug bounty program

Microsoft has launched yet another bug bounty program and is urging security researchers to look into the security of Azure DevOps, its cloud service for collaborating on code development. About the program The services and products that are in scope of this new bug bounty program are: Azure DevOps Services (formerly Visual Studio Team Services) The latest publicly available versions of Azure DevOps Server and Team Foundation Server. Researchers can earn between $500 and $20,000 … More


Microsoft kicks off bounty program for speculative execution bugs

Microsoft wants security researchers to search for and report speculative execution side channel vulnerabilities (a hardware vulnerability class that affects CPUs from multiple manufacturers), as well as bugs that can be misused to bypass Windows and Azure Spectre and Meltdown mitigations. For their successful efforts, the company is ready to pay out as much as $250,000. A new bug bounty The bounty program for speculative execution side channel vulnerabilities was announced on Wednesday and will … More

Microsoft expands Bug Bounty programs, increases rewards

Microsoft is continually tweaking its Bug Bounty programs, and the latest step in this evolution has been announced on Wednesday at Black Hat USA 2015.“We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD,” Jason Shirk of the Microsoft Security Response Center noted, and explained that the company is eager to “reward the novel defender equally for their research.”The Online Services bug bounty has also been expanded to include vulnerabilities in … More

Microsoft launches bug bounty program for Online Services

Microsoft has launched another bug bounty program, and this one will focus on its Online Services. Bug hunters are urged to submit vulnerabilities affecting the following services: Office 365, Outlook (only as it regards Office 365 business services), Microsoft Online Services, Sharepoint, Lync, Yammer, and several others. The company is looking for XSS and CSRF bugs, injection and authentication flaws, server-side code execution and privilege escalation vulnerabilities, misconfiguration holes, insecure direct object references and vulnerabilities … More

Microsoft and Facebook start Internet-wide bug bounty program

Dubbed The Internet Bug Bounty, it is sponsored by the two Internet giants and is aimed at anyone who discovers vulnerabilities in a series of open source programming languages, web apps, software, app frameworks, HTTP servers, as well as the OpenSSL implementation, Chrome, IE, Adobe Reader and Flash sandboxes, and the “Internet” in general. To participate, the hackers / submitters will have to create an account that will require them to enter a name (or … More

Microsoft widens pool of submitters to its bug bounty programs

Microsoft might have been a late starter when it comes to bug bounties, but they are continually making changes aimed at making its bug bounty program as accessible, as rewarding, and as successful it can be. The latest change makes it possible for more people, such as forensic experts and responders, to submit new mitigation bypass techniques and defensive ideas. “We are going from accepting entries from only a handful of individuals capable of inventing … More

Microsoft Azure

Microsoft sets up isolated environment for bug hunters to test attacks against Azure

Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, but has also created an isolated testing environment that will allow researchers to try to exploit them. The Azure Security Lab “The Azure Security Lab is a set of dedicated cloud hosts for security researchers to test attacks against IaaS scenarios, and which is isolated from Azure … More


Google increases bounties for Chrome, Google Play bugs

Bug hunters searching for security flaws in Google’s offerings are now vying for higher bounties. Microsoft has launched a new bug bounty program. Google’s changes Since 2010, when Google started the Chrome Vulnerability Reward Program to reward security researchers who invest their time and effort to discover bugs in Chrome and Chrome OS, the company has raised the offered bounty amounts a number of times. Nine years ago, the rewards ranged from $500 to $1337 … More

Microsoft logo

Microsoft offers bug bounties for holes in its identity services

Microsoft is asking security researchers to look for and report technical vulnerabilities affecting its identity services and OpenID standards implementations, and is offering bug bounties that can reach as high as $100,000. “Microsoft has invested heavily in the security and privacy of both our consumer (Microsoft Account) and enterprise (Azure Active Directory) identity solutions. We have strongly invested in the creation, implementation, and improvement of identity-related specifications that foster strong authentication, secure sign-on, sessions, API … More


The Internet Bug Bounty offers rewards for bugs in data processing libraries

The Internet Bug Bounty (IBB), a project aimed at finding and fixing vulnerabilities in core internet infrastructure and free open source software, has announced that it will be giving out rewards for critical vulnerabilities in core infrastructure data processing libraries. The software packages in scope are: Libav LIBcap ImageMagick LIBPNG GraphicsMagick libcurl tcpdump For the moment, bug bounties will be given out only for reports that flag “vulnerabilities that demonstrate unambiguous remote code execution,” the … More