Tech giant Microsoft has announced a new bug bounty programme under which security researchers can earn up to $100,000 for hacking its Linux-based Azure Sphere IoT operating system.
Announced at last year’s Build developer conference, Azure Sphere OS is a customized high-level Linux-based OS that Microsoft has built for its Internet of Things (IoT) end-to-end security platform.
The bug bounty programme called “Azure Sphere Security Research Challenge” is a three-month, application-only security research challenge that starts from June 1, 2020, and ends on August 31, 2020. The deadline to submit an application to take part in the challenge is May 15, 2020.
“This new research challenge aims to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution delivering end to end security across hardware, OS and the cloud,” said Sylvie Liu, a security programme manager at Microsoft’s Security Response Center.
“Engaging the security research community to research for high-impact vulnerabilities before the bad guys do is part of the holistic approach Azure Sphere is taking to minimize the risk,” Liu added.
Microsoft says it’s particularly looking for hacks that would allow hackers to breach the Pluton Security Subsystem or on Secure World Sandbox. Those who are able to find a vulnerability that would enable code execution on Pluton and on Secure World will be rewarded with $100,000.
“We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period,” Microsoft said.
“This research challenge is focused on the Azure Sphere OS. Vulnerabilities found outside the research initiative scope, including the Cloud portion, may be eligible for the public Azure Bounty Program awards. Physical attacks are out of scope for this research challenge and the public Azure Bounty Program.”
Applications will be reviewed on a weekly basis and accepted researchers will be notified via email. Then, the top 50 applications will be accepted into the programme and they will be offered resources to support research, including:
- Azure Sphere development kit (DevKit)
- Access to Microsoft products and services for research purposes
- Azure Sphere product documentation
- Direct communication channels with the Microsoft team
According to Microsoft, keeping Azure exceptionally secure for their customers is a top priority. Additionally, it said that its partnership with the global security community is key to keeping the customers secure.
If you want to participate in the Microsoft Azure Sphere Security Research Challenge, you can click here to submit your application before May 15th.
For more information about the challenge, you can also check out Microsoft’s official blog.