View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 17, 2019

Microsoft Bug Bounty Programme Expands to Azure DevOps

Rewards of up to $20k

By CBR Staff Writer

Crowd-sourced security is all the rage (albeit increasingly controversially in some quarters). Bug bounty hunters, who can get paid for submitting vulnerabilities they have discovered, will be pleased to note a fresh opportunity to earn cash however, with Microsoft adding a tenth product to its range of active bug bountry programmes.

Microsoft Azure DevOps bug bounty, launching today, comes with rewards of up to $20,000 for high quality submissions. It spans eligible vulnerabilities in Azure DevOps online services and the latest release of Azure DevOps server.

(Azure DevOps is a cloud service for collaborating on code development, spanning the breadth of the development lifecycle to help developers ship software faster.)

Open Microsoft Bug Bounty Programmes

It joins bug bounty programmes open for Microsoft Identity, Windows Insider Preview, Windows Defender Application Guard, Microsoft Hyper-V, Microsoft Edge on Windows Insider Preview, Mitigation Bypass and Bounty for Defense, Office Insider, Microsoft .NET Core and ASP.NET Core.

Security researchers wanting a chance to earn serious money, however, may want need to focus on Microsoft Identity (bounties of up to $100,000) and Hyper-V, where critical remote code execution, information disclosure and denial of services vulnerability submissions have a chance of winning them up to $250,000.

See also: The Bug Bounty Bonanza: Pay Outs Surge and Interest Soars

Microsoft’s Jarek Stanley said: “The researcher community plays an essential role in keeping our customers secure, and we will review every submission and recognize your efforts according to our program MSRC criteria. If your submission isn’t eligible for bounty but still helps us fix or improve our product, we’ll offer public thanks and recognition for your contribution.”

Read this: NCSC Vulnerability Reporting: Hack the Gov’t, Get a Pat on the Back


Content from our partners
Signs your accounting software is no longer fit for your growing business
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy