Crowd-sourced security is all the rage (albeit increasingly controversially in some quarters). Bug bounty hunters, who can get paid for submitting vulnerabilities they have discovered, will be pleased to note a fresh opportunity to earn cash however, with Microsoft adding a tenth product to its range of active bug bountry programmes.
Microsoft Azure DevOps bug bounty, launching today, comes with rewards of up to $20,000 for high quality submissions. It spans eligible vulnerabilities in Azure DevOps online services and the latest release of Azure DevOps server.
(Azure DevOps is a cloud service for collaborating on code development, spanning the breadth of the development lifecycle to help developers ship software faster.)
Open Microsoft Bug Bounty Programmes
It joins bug bounty programmes open for Microsoft Identity, Windows Insider Preview, Windows Defender Application Guard, Microsoft Hyper-V, Microsoft Edge on Windows Insider Preview, Mitigation Bypass and Bounty for Defense, Office Insider, Microsoft .NET Core and ASP.NET Core.
Security researchers wanting a chance to earn serious money, however, may want need to focus on Microsoft Identity (bounties of up to $100,000) and Hyper-V, where critical remote code execution, information disclosure and denial of services vulnerability submissions have a chance of winning them up to $250,000.
See also: The Bug Bounty Bonanza: Pay Outs Surge and Interest Soars
Microsoft’s Jarek Stanley said: “The researcher community plays an essential role in keeping our customers secure, and we will review every submission and recognize your efforts according to our program MSRC criteria. If your submission isn’t eligible for bounty but still helps us fix or improve our product, we’ll offer public thanks and recognition for your contribution.”
Read this: NCSC Vulnerability Reporting: Hack the Gov’t, Get a Pat on the Back