Skip to main content
MSRC

Bounty

Azure Sphere Security Research Challenge Now Open

Tuesday, May 05, 2020

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution delivering end to end security across hardware, OS and the cloud.

Calling for security research in Azure Sphere, now generally available

Monday, February 24, 2020

Today, Microsoft released Azure Sphere into General Availability (GA). Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. Azure Sphere is an end-to-end solution for securely connecting existing equipment and for creating new IoT devices with built-in security. The solution includes hardware, OS, and a cloud service, as well as ongoing security and OS updates to help ensure devices remain secured as threats evolve over time.

Announcing the Xbox Bounty program

Thursday, January 30, 2020

We are pleased to announce the launch of the Xbox Bounty program today. The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.

Microsoft Identity Bounty Improvements

Wednesday, October 23, 2019

Microsoft is continually improving our existing bounty programs. Today we’re happy to share the latest updates to the Microsoft Identity Bounty. Originally launched in July 2018, the Microsoft Identity bounty program has helped build a partnership with the security research community to improve the security of customer and enterprise identity solutions across Azure, Windows, and OpenID standards.

Introducing the ElectionGuard Bounty program

Friday, October 18, 2019

Today we are launching the [ElectionGuard Bounty program](«http://www.microsoft.com/msrc/bounty-electionguard> >). In May 2019, we announced the release of ElectionGuard, a free open-source SDK to make voting more secure, transparent, and accessible. ElectionGuard enables end-to-end verification of elections, open results to third-party organizations for secure validation, and allows individual voters to confirm their votes were correctly counted.

Announcing the Microsoft Edge Insider Bounty

Tuesday, August 20, 2019

This week, we released the first Beta preview of the next version of Microsoft Edge. Alongside this, Microsoft is excited to announce the launch of the Microsoft Edge Insider Bounty Program. We welcome researchers to seek out and disclose any high impact vulnerabilities they may find in the next version of Microsoft Edge, based on Chromium, and offer rewards up to US$30,000 for eligible vulnerabilities in Dev and Beta channels.

Azure Security Lab: a new space for Azure research and collaboration

Monday, August 05, 2019

Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented individuals to come and do their worst to emulate criminal hackers in a customer-safe cloud environment called the Azure Security Lab.

Recognizing Q4 Top 5 Bounty Hunters

Thursday, July 26, 2018

We have tabulated the results from April-June 2018. The Top 5 Bounty Hunters for Q4 are now in. As with our list from Q3, we want to recognize both the leaders in payouts and in number of successful submissions. We appreciate the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft’s products and services over our fourth quarter.