Microsoft Paid Out Over $374,000 for Azure Sphere Vulnerabilities

Microsoft announced Tuesday the results of a three-month research contest on security in the French Riviera, and the company said it had awarded more than $374,000 to participants.

The Azure Sphere Security Research Challenge, announced in May, invited security researchers to find vulnerabilities in Azure Sphere, Microsoft’s IoT security solution, which the technology giant has developed to provide end-to-end security on hardware, operating system and in the cloud.

Microsoft claimed to have received a total of 40 vulnerability reports, 30 of which resulted in improvements and 16 in a bug bonus. The highest reward was $48,000, the lowest was $3,300.

Microsoft has worked with several cybersecurity vendors to fight bugs in the Blue Globe, including Avira, Baidu, Bitdefender, Bugcrowd, Cisco, ESET, FireEye, F-Secure, HackerOne, K7 Computing, McAfee, Palo Alto Networks and Zscaler. However, as they say, Cisco and McAfee have found some of the most interesting vulnerabilities.

McAfee has issued a full report describing its findings, and the company has stated that it has won a total of $160,000 that it wants to donate to charity. The company’s researchers were able to get to the heart of the matter by linking six bugs, three of which turned out to be critical. One of McAfee’s findings is an as yet unknown vulnerability in the Linux kernel.

Cisco Talos also described the weaknesses identified by his researchers. They identified more than a dozen issues, including random code enforcement, Denial of Service (DoS), disclosure, and privilege escalation. Talos had already uncovered some of the weaknesses he had found in the Azure sphere in August.

This was our first expansion of the Azure Security Lab, an experiment designed to provide researchers with additional resources to launch new and highly effective research and to promote close cooperation between the security research community and Microsoft’s technical teams through weekly working hours and direct collaboration opportunities, said Sylvie Liu, Security Manager at Microsoft. We are confident that this challenge and the upcoming expansion of the Azure Security Lab will help further protect our cloud and azure atmosphere, and we look forward to increasing the resources available to security researchers to support highly effective research.

Microsoft has noted that bug hunters can still report vulnerabilities found in the Azure Bounty through the Azure Bounty program, which offers up to $40,000 in rewards.

That’s what it looks like: Last year, Microsoft paid out nearly 14 million U.S. dollars through error correction programs.

That’s what it looks like: Microsoft explains how it deals with vulnerability reports.

That’s what it looks like: Announcement of new security features for Microsoft 365, Azure

@EduardKovacs – Publisher of the Safety Week. He worked for two years as a high school computer science teacher before starting a career in journalism as a security reporter for Softpedia. Edouard has a bachelor’s degree in industrial computer sciences and a master’s degree in computer engineering for electrical engineering.

Previous chronicles of Eduard Kovacs :


Related Tags: