2 min read

Yesterday, the Microsoft Security Response Center (MSRC) announced the launch of the Azure DevOps Bounty program. This is a program launched to solidify the security provided to Azure DevOps customers. They are offering rewards up to US$20,000 if you can find eligible vulnerabilities in Azure DevOps online and Azure DevOps server.

The bounty rewards range from $500 to $20,000 US. The reward will depend on Microsoft’s discretion on the severity and impact of a vulnerability. It will also depend on the quality of the submission subject to their bounty terms and conditions. Products in focus of this program are Azure DevOps services which was previously known as Visual Studio Team Services and the latest versions of Azure DevOps Server and Team Foundation Server.

The goal of the program is to find any eligible vulnerabilities that may have a direct security impact on the customer base. For a submission to be eligible, it should fulfil the following criteria:

  • Identifying a previously unreported vulnerability in one of the services or products.
  • The web application vulnerabilities must impact supported browsers for Azure DevOps server, services, or plug-ins.
  • The submission should have documented steps that are clear and reproducible. It can be text or video.
  • Any necessary information to quickly reproduce and understand the issue can result in faster response and higher rewards.

Any submissions that Microsoft thinks are not eligible in this criteria may be rejected. You can send your submissions to [email protected] with the help of bug submission guidelines. Participants are requested to use the Coordinated Vulnerability Disclosure when reporting the vulnerabilities. Note that there are no restrictions on how many vulnerabilities you can report or the rewards for it. When there are multiple submissions, the first one will be chosen for the reward.

For more details about the eligible vulnerabilities and the Microsoft Azure DevOps bounty program, visit the Microsoft website.

Read next

8 ways Artificial Intelligence can improve DevOps

Azure DevOps outage root cause analysis starring greedy threads and rogue scale units

Microsoft open sources Trill, a streaming engine that employs algorithms to process “a trillion events per day”

Data science enthusiast. Cycling, music, food, movies. Likes FPS and strategy games.