Skip to main content

Announcing the Microsoft Azure DevOps Bounty program

The Microsoft Security Response Center (MSRC) is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities in Azure DevOps online services and the latest release of Azure DevOps server.

Animated cloud

Azure DevOps is a cloud service for collaborating on code development, spanning the breadth of the development lifecycle to help developers ship software faster and with higher quality.

The researcher community plays an essential role in keeping our customers secure, and we will review every submission and recognize your efforts according to our program criteria. If your submission isn’t eligible for bounty but still helps us fix or improve our product, we’ll offer public thanks and recognition for your contribution. Please submit your vulnerabilities to

Interested in learning more about Azure DevOps? Here are a few links to get you started.

Happy Hacking! Jarek Stanley Senior Program Manager MSRC

All Microsoft Bug Bounty Programs are subject to the terms and conditions outlined here.

The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For more than twenty years, we have been engaged with security researchers working to protect customers and the global online community. For more information, please visit our website at and follow our Twitter page at@msftsecresponse*.*

Related Posts

How satisfied are you with the MSRC Blog?


Feedback * (required)

Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters.

Thank you for your feedback!

We'll review your input and work on improving the site.