Microsoft has launched a three-month, application-only security research challenge, offering hackers up to $100,000 if they can break the security of Azure Sphere.
With the new Azure Sphere Security Research Challenge, Microsoft hopes to spark new high impact security research in Azure Sphere — an IoT security solution delivering end-to-end security across hardware, OS and the cloud.
This research challenge runs from June 1, 2020 through August 31, 2020 for researchers accepted through open application. However, to apply for the hacking bounty program, Microsoft wants security researchers to submit their applications before May 15, 2020.
The company said it will review applications on a weekly basis and also notify accepted researchers via email.
“We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period,” the company said.
Microsoft also clarified, “This research challenge is focused on the Azure Sphere OS. Vulnerabilities found outside the research initiative scope, including the Cloud portion, may be eligible for the public Azure Bounty Program awards. Physical attacks are out of scope for this research challenge and the public Azure Bounty Program.”
For the uninitiated, Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. It comprises a secured, connected, crossover microcontroller unit (MCU), a custom high-level Linux-based operating system (OS), and a cloud-based security service that provides continuous, renewable security.