Microsoft on Tuesday shared the results of its three-month-long Azure Sphere Security Research Challenge and the company says it has paid out more than $374,000 to participants.
The Azure Sphere Security Research Challenge, announced in May, invited security researchers to find vulnerabilities in Azure Sphere, Microsoft’s IoT security solution, which the tech giant designed to provide end-to-end security across hardware, operating system and the cloud.
Microsoft said it received a total of 40 vulnerability reports, 30 of which led to improvements and 16 eligible for a bug bounty. The highest reward paid out was $48,000 and the lowest was $3,300.
Microsoft teamed up with several cybersecurity solutions providers for the Azure Sphere bug bounty challenge, including Avira, Baidu, Bitdefender, Bugcrowd, Cisco, ESET, FireEye, F-Secure, HackerOne, K7 Computing, McAfee, Palo Alto Networks and Zscaler. However, it says Cisco and McAfee found some of the most interesting vulnerabilities.
McAfee published a lengthy report detailing its findings and the company said it earned a total of $160,000, which it plans on donating to charity. The company’s researchers managed to gain root access by chaining six bugs, three of which were rated critical. McAfee’s findings also included a previously unknown vulnerability in the Linux kernel.
Cisco Talos has also described the vulnerabilities found by its researchers. They have identified over a dozen issues, including arbitrary code execution, denial-of-service (DoS), information disclosure, and privilege escalation flaws. Talos also disclosed back in August some of the vulnerabilities it found in Azure ..
Support the originator by clicking the read the rest link below.
