IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft launches $20,000 Azure DevOps bug bounty programme

Critical remote code execution flaws are the highest-paid, while denial-of-service attacks earn nothing

Microsoft Azure

Security researchers who discover flaws in Microsoft's Azure DevOps platform could earn themselves up to $20,000, after the company announced its latest bug bounty programme.

The Microsoft Azure DevOps Services Bounty is the company's tenth concurrent bug bounty programme and covers Redmond's suite of cloud-based DevOps tools. Previously known as Visual Studio Team Services, these include continuous integration and continuous delivery (CI/CD) tools, Git repos, kanban boards, testing tools and more.

"Security has always been a passion of mine," said Microsoft's director of engineering for Azure DevOps, Buck Hodges, "and I see this program as a natural complement to our existing security framework. We'll continue to employ careful code reviews and examine the security of our infrastructure. We'll still run our security scanning and monitoring tools. And we'll keep assembling a red team on a regular basis to attack our own systems to identify weaknesses."

Rewards range from $500 all the way up to $20,000 at the top end, with payouts affected by a number of different factors. The quality of the report itself (meaning how easy the report makes it for Microsoft's engineers to understand, reproduce and fix the problem) is graded as either high, medium or low, with different bounties for each.

Different levels of compensation are also awarded based on the severity of the bug, but only 'critical' or 'important' bugs will qualify for a reward - disclosures of any other category of bug will merely earn a public acknowledgement from Microsoft, should the report lead to a fix.

Finally, the impact of the bug itself will be taken into consideration too. Remote code execution flaws are, understandably, the most valuable, followed by privilege escalation and information leaking, while tampering flaws are eligible only for a limited payout, and denial of service vulnerabilities are not rewarded at all.

Bug bounties are becoming an increasingly common security measure among large companies, with the idea being to make it more valuable to responsibly disclose the flaw to the victim than to exploit it for personal gain.

Major organisations like Facebook, Apple, and Google all offer their own bug bounty programmes, and the practice is touted as a good way to ensure that fewer flaws and exploits appear in the wild.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Microsoft blocking Tutanota users from Teams registration, claims fix unfeasible
Business operations

Microsoft blocking Tutanota users from Teams registration, claims fix unfeasible

8 Aug 2022
Microsoft wins five-year digital transformation deal with Australia’s largest telco
digital transformation

Microsoft wins five-year digital transformation deal with Australia’s largest telco

26 Jul 2022
Slack Connect vs Microsoft Teams Connect: Better than email?
collaboration

Slack Connect vs Microsoft Teams Connect: Better than email?

20 Jul 2022
Microsoft announces simulator for autonomous aircraft development
Cloud

Microsoft announces simulator for autonomous aircraft development

20 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022