Crowd-sourced security is all the rage (albeit increasingly controversially in some quarters). Bug bounty hunters, who can get paid for submitting vulnerabilities they have discovered, will be pleased to note a fresh opportunity to earn cash however, with Microsoft adding a tenth product to its range of active bug bounty programs.
Microsoft Azure DevOps bug bounty, launching today, comes with rewards of up to $20,000 for high quality submissions. It spans eligible vulnerabilities in Azure DevOps online services and the latest release of Azure DevOps server.
(Azure DevOps is a cloud service for collaborating on code development, spanning the breadth of the development lifecycle to help developers ship software faster.)
Open Microsoft Bug Bounty programs
It joins bug bounty programs open for Microsoft Identity, Windows Insider Preview, Windows Defender Application Guard, Microsoft Hyper-V, Microsoft Edge on Windows Insider Preview, Mitigation Bypass and Bounty for Defense, Office Insider, Microsoft .NET Core and ASP.NET Core.
Security researchers wanting a chance to earn serious money, however, may want need to focus on Microsoft Identity (bounties of up to $100,000) and Hyper-V, where critical remote code execution, information disclosure and denial of services vulnerability submissions have a chance of winning them up to $250,000.
Microsoft’s Jarek Stanley said: “The researcher community plays an essential role in keeping our customers secure, and we will review every submission and recognize your efforts according to our program MSRC criteria. If your submission isn’t eligible for bounty but still helps us fix or improve our product, we’ll offer public thanks and recognition for your contribution.”