Bug bounty programs are a good way of uncovering flaws that you may not have thought about…:
Azure Sphere was unveiled in April 2018 as a means to improve security for devices connected to the Internet of Things (IoT). It’s made up of three parts: connected microcontrollers, a Linux-based OS and custom kernel to power them, and a security service to protect the connected devices. Azure Sphere hit general availability in February 2020, and now Microsoft is opening it to researchers.
The Azure Sphere Security Research Challenge builds on an earlier initiative, Azure Security Lab, which Microsoft debuted at Black Hat USA last summer. A group of researchers was invited to test attacks against Internet-as-a-service (IaaS) scenarios using a set of dedicated cloud hosts isolated from Azure customers. At the time, Microsoft doubled the top bounty reward for Azure flaws to $40,000.
The latest research challenge is application-only and will span three months, starting on June 1 and ending on August 31. Researchers must apply before May 15. Microsoft has invited researchers from industry partners participating in the program and will select a total of 50 people, says Sylvie Liu, security program manager at the Microsoft Security Response Center.