Microsoft Adds AzureDevOps Bug Bounty, Offers $20K Rewards
January 18, 2019 / Jessica Lyons Hardcastle
Microsoft added a new bug bounty program that pays hackers to find security flaws in its software. This latest move targets Azure DevOps, Microsoft’s cloud platform for collaborating on code development. The program will pay between $500 and $20,000 for found eligible vulnerabilities in Azure DevOps online services and the latest release of Azure DevOps server. This eligibility requirement means submissions have to identify a previously unreported vulnerability in Azure DevOps online services or products, and they must include steps that Microsoft engineers can take to reproduce and fix the flaw. The $20,000 bug bounties will go to researchers who uncover critical remote code execution (RCE) vulnerabilities. Microsoft will also pay rewards for submissions related to elevation of privilege, information disclosure, spoofing, and tampering.