At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company’s customers at risk.
The new Azure Cloud host testing environment will allow security researchers to test attacks on infrastructure-as-a-service (IaaS) scenarios without affecting users.
With isolated hosts, researchers will have more flexibility to research. They can not only research vulnerabilities in Azure, but also attempt to exploit them.
Microsoft is inviting researchers to come forward and “do their worst” (read best) to emulate criminal hackers in a customer-safe cloud environment — the Azure Security Lab.
Microsoft Azure Bug Bounty Rewards Doubled
Microsoft has also doubled its top bug bounty to $40,000 for those who find Azure vulnerabilities. Earlier, the reward for sniffing out flaws in Azure DevOps was $20,000.
Azure DevOps is a cloud service that was launched back in 2018 to facilitate collaboration on code development across the entire development lifecycle.
So far, Microsoft has issued $4.4 million dollars in bounty rewards in the last 12 months across various programs.
If you ever wondered whether researching for bounty might be worth it, consider this: we paid 4.4 million in bounties over the past 12 months, with a top award of $200,000. You could use the Azure Security Lab to top that in the next 12. https://t.co/KxrDVbf6J8 pic.twitter.com/amIw5zziEf
— Security Response (@msftsecresponse) August 5, 2019
There are new scenario-based challenges in the Azure Security Lab with additional bounty awards of up to $300,000. Throughout the year, more than $2 million of scenario bounty rewards will be issued to Azure Security Lab participants.
Meanwhile, the Redmond giant has also made several changes to its security researcher reputation system.
It has improved the transparency of the recognition model, added reputation points, and established a tier-based system of rewards for the security researchers.