To improve the security of its Azure cloud computing service, Microsoft is launching a new lab as well as increasing bug bounty rewards.
At this year’s Black Hat USA security conference, the company unveiled its new Azure Security Lab which is made up of a set of dedicated cloud hosts that security professionals invited by the software giant will be able to use to test for vulnerabilities and exploits in Azure.
In order to prevent hacking attempts and tests from disrupting Azure’s day to day operations, the lab is isolated from the main Azure framework. Additionally, Microsoft’s own internal security team will be available to work with researchers on their findings.
- Microsoft Azure now lets you set up your own private servers
- Microsoft nets billion-dollar AT&T Azure cloud contract
- Microsoft ups cloud security with Azure Sentinel launch
The company explained the benefits of isolating its new lab from Azure in an announcement, saying:
“The isolation of the Azure Security Lab allows us to offer something new: researchers can not only research vulnerabilities in Azure, they can attempt to exploit them. Those with access to the Azure Security Lab may attempt the scenario-based challenges with top awards of $300,000.”
In addition to launching Azure Security Lab, Microsoft is also changing how the traditional Azure bug bounty program works.
Over the past 12 months, the company has awarded over $4.4m in bug bounty rewards and from today, security researchers will be able to earn up to $40,000 for sever Azure vulnerability reports.
Those looking for even bigger payouts need to look no further than the Microsoft Mitigation Bypass Bounty and the Bounty for Defense Programs where researchers can earn up to $100,000 for mitigation bypass reports and other severe vulnerabilities.
Microsoft has also now laid out Safe Harbor principles for security researchers where they can identify and report vulnerabilities and other security issues without the fear of legal repercussions.
- We’ve also highlighted the best cloud hosting services