Microsoft paid $374 to security researchers in the Azure Sphere Security Research Challenge, which lasted for three months. During the study, the experts were able to find 300 important security vulnerabilities that were fixed in the releases of updates 20, 20.07 and 20.08. A total of 20.09 researchers from 70 countries took part in the competition.
As part of the study, Microsoft invited the world's leading cybersecurity experts, as well as security solution providers, to try to compromise devices using the types of attacks most commonly used by attackers. Contestants were provided with a development kit, direct communication with the OS security team, email support, and publicly available operating system kernel code.
The aim of the competition was to focus the attention of researchers on what has the greatest impact on customer safety. Therefore, the experts were given six study scenarios with an additional reward of up to 20% on top of the standard Azure Bounty reward (up to $40), as well as $000 for two high-priority scenarios.
Several contributors helped discover potentially dangerous vulnerabilities in Azure Sphere. A total of 40 submissions were received during the competition, 30 of which resulted in product improvements. Sixteen of them were eligible for the award, which totaled $374.
The study was conducted in partnership with Avira, Baidu International Technology, Bitdefender, Bugcrowd, Cisco Systems Inc (Talos), ESET, FireEye, F-Secure Corporation, HackerOne, K7 Computing, McAfee, Palo Alto Networks and Zscaler.
Source: habr.com