Find a bug for Microsoft, Microsoft will pay you as part of Bug Bounty Program
Microsoft has launched a new bug bounty program for the Azure DevOps cloud service with rewards of up to $20,000 on offer for interested researchers.
On Thursday, Microsoft revealed the bug bounty scheme is now open for researchers willing to help improve the security of Azure DevOps, a cloud-based platform used for code development collaboration purposes.
Azure DevOps is utilized by engineers worldwide to take a shot at code-related undertakings and incorporates test pipelines, private Git repo access, bundle and curio creation, and testing instruments.
Bug bounty awards range from $500 to $20,000. The most serious bugs resulting in remote code execution (RCE) are eligible for the maximum award but depending on severity — ranked as “high,” “medium,” and “low” — payouts are pegged at $10,000, $15,000, or $20,000.
In addition to RCE vulnerabilities, Microsoft is also awarding researchers for bug reports relating to privilege escalation, information disclosure, spoofing, and system tampering.
Cross-site scripting (XSS) blemishes, cross-site ask for fraud (CSRF), cross-occupant information altering and access, uncertain direct item references, unreliable deserialization, infusion bugs, server-side code execution, and any “noteworthy” security misconfigurations uncovered by bug abundance seekers are on the whole adequate under the terms of the program,
Be that as it may, forswearing of-benefit bugs have been regarded out of degree and won’t be remunerated.
The full payout list is beneath:
Researchers must provide a write-up or video documenting their findings, a description of the vulnerability, and proof-of-concept (PoC) code which will permit engineers to replicate the bug and potential attacks.