14 DAY TRIAL // Microsoft has announced the so-called Azure Security Lab, a new project that allows hackers worldwide to look for security vulnerabilities in the company’s cloud platform, test their attacks, and then make money out of them.
In a blog post where the emphasis is put on “Azure is exceptionally secure,” Kymberlee Price, Principal Security PM Manager MSRC Community & Partner Engagement Programs, explains that Microsoft is embracing a series of changes that are supposed to help improve the cloud solution in this regard.
In addition to doubling the top bounty reward for vulnerabilities found in Azure, Microsoft is also introducing the Azure Security Labs to let researchers look for flaws in Azure, exploit them, and try scenario-based challenges that could bring them no less than $300,000.
“The Azure Security Lab is a set of dedicated cloud hosts for security researchers to test attacks against IaaS scenarios, and which is isolated from Azure customers,” Price explains.
Safe Harbor
“As well as offering a secure testing space, the lab program will enable participating researchers to engage directly with Microsoft Azure security experts. Accepted applicants will have access to quarterly campaigns for targeted scenarios with added incentives, as well as regular recognition and exclusive swag.”
Researchers who want to be part of the program can send their application using this form.
Also today, Microsoft announced it has formalized the commitment to the principle of Safe Harbor, which means that those who participate in the company’s bounty programs and look for security vulnerabilities are fully protected as far as the local laws are concerned.
“To encourage research and responsible disclosure of security vulnerabilities, we will not pursue civil or criminal action, or send notice to law enforcement for accidental or good faith violations of Microsoft Bug Terms and Conditions,” Microsoft explains in the Safe Harbor terms.
You can read more information about Microsoft’s Safe Harbor program here.