Saturday, April 10, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft launches Azure DevOps bug bounty program, $20,000 rewards on offer

January 18, 2019
in Internet Security
Microsoft launches Azure DevOps bug bounty program, $20,000 rewards on offer
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft has launched a new bug bounty program for the Azure DevOps cloud service with rewards of up to $20,000 on offer for interested researchers.  

On Thursday, Microsoft revealed the bug bounty scheme is now open for researchers willing to help improve the security of Azure DevOps, a cloud-based platform used for code development collaboration purposes.

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

Azure DevOps is used by developers worldwide to work on code-related projects and includes test pipelines, private Git repo access, package and artifact creation, and testing tools.

See also: Windows 10 19H1: Microsoft pushes its services with ‘Make Windows even better’ prompt

According to Jarek Stanley, Microsoft Security Response Center (MSRC) Senior Program Manager, the new program is “dedicated to providing rock-solid security for our DevOps customers.”

Bug bounty awards range from $500 to $20,000. The most serious bugs resulting in remote code execution (RCE) are eligible for the maximum award but depending on severity — ranked as “high,” “medium,” and “low” — payouts are pegged at $10,000, $15,000, or $20,000.

In addition to RCE vulnerabilities, Microsoft is also awarding researchers for bug reports relating to privilege escalation, information disclosure, spoofing, and system tampering.

CNET: Apple’s Tim Cook calls for new regulations to protect your personal data

Cross-site scripting (XSS) flaws, cross-site request forgery (CSRF), cross-tenant data tampering and access, insecure direct object references, insecure deserialization, injection bugs, server-side code execution, and any “significant” security misconfigurations unearthed by bug bounty hunters are all acceptable under the terms of the program,

However, denial-of-service bugs have been deemed out of scope and will not be rewarded.

The full payout list is below:


Microsoft

Researchers must provide a write-up or video documenting their findings, a description of the vulnerability, and proof-of-concept (PoC) code which will permit engineers to replicate the bug and potential attacks.

Microsoft is not the only major tech vendor choosing to expand their bug bounty programs. In February last year, Intel opened up its program to the public and dangled rewards of up to $250,000 for high-severity flaws with side channel vulnerabilities of particular interest.

TechRepublic: How to connect to VNC using SSH

Google then chose to expand its bug bounty program in August to include external attack techniques and vectors which threat actors could exploit to bypass abuse and fraud protection systems.

Facebook now awards up to $40,000 for account takeover vulnerabilities and will also reward hunters for reports of user token exposure problems.

The European Union has also recently become involved in the bug bounty industry by promising to fund bug bounty programs for open-source projects including KeePass, 7-zip, VLC Media Player, Drupal, and FileZilla. 

Previous and related coverage

Credit: Source link

Previous Post

Journey to the Center of the DrugBank XML Database - part 1

Next Post

JUMP Session demo

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post

JUMP Session demo

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
IBM releases Qiskit modules that use quantum computers to improve machine learning
Machine Learning

IBM releases Qiskit modules that use quantum computers to improve machine learning

April 10, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021
Data Science

5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021

April 10, 2021
One-stop machine learning platform turns health care data into insights | MIT News
Machine Learning

One-stop machine learning platform turns health care data into insights | MIT News

April 10, 2021
Machine learning: is there a limit to technological patents in Brazil?
Machine Learning

Disclosing AI Inventions – Part I: Identifying the Unique Disclosure Issues

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison April 10, 2021
  • IBM releases Qiskit modules that use quantum computers to improve machine learning April 10, 2021
  • Hackers Tampered With APKPure Store to Distribute Malware Apps April 10, 2021
  • 5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021 April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates