Microsoft puts up US$20,000 bounty for Azure DevOps bugs

By on
Microsoft puts up US$20,000 bounty for Azure DevOps bugs

Microsoft has introduced a new bug bounty program offering up to US$20,000 for anyone that can find vulnerabilities in Azure DevOps.

The program extends to bugs discovered in Azure DevOps online services as well as the latest release of Azure DevOps server.

Previously known as Visual Studio Team Services, Azure DevOps allows developers to collaborate on code development.

Microsoft senior program manager Jarek Stanley wrote in a blog post that if the submission isn't eligible for a bounty but still helped the company to fix or improve a product, submitters would be offered public thanks and recognition. He added that well-written reports and functional exploits were more likely to result in their authors receiving payment.

"The researcher community plays an essential role in keeping our customers secure, and we will review every submission and recognize your efforts according to our program criteria," Stanley added.

Microsoft has been generous with its bug bounty programs in the past, the most recent being focused on discovering vulnerabilities in its identity services. Microsoft offers anywhere between US$500 and up to US$100,000 for high-quality submissions that report issues with identity services.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?