. home.aspx

NEWS

home.aspx
   


Microsoft Adds AzureDevOps Bug Bounty, Offers $20K Rewards

January 18, 2019 / Jessica Lyons Hardcastle

Microsoft added a new bug bounty program that pays hackers to find security flaws in its software. This latest move targets Azure DevOps, Microsoft’s cloud platform for collaborating on code development. The program will pay between $500 and $20,000 for found eligible vulnerabilities in Azure DevOps online services and the latest release of Azure DevOps server. This eligibility requirement means submissions have to identify a previously unreported vulnerability in Azure DevOps online services or products, and they must include steps that Microsoft engineers can take to reproduce and fix the flaw. The $20,000 bug bounties will go to researchers who uncover critical remote code execution (RCE) vulnerabilities. Microsoft will also pay rewards for submissions related to elevation of privilege, information disclosure, spoofing, and tampering. “If your submission isn’t eligible for bounty but still helps us fix or improve our product, we’ll offer public thanks and rec...