Microsoft is offering hackers up to $100,000 if they can break the security of the company’s custom Linux OS. The software giant built a compact and custom version of Linux last year for its Azure Sphere OS, which is designed to run on specialized chips for its Internet of Things (IoT) platform. The OS is purpose-built for this platform, ensuring basic services and apps run isolated in a sandbox for security purposes.
Azure Sphere is designed to help take much of the risk out of the IoT equation, and that’s why Microsoft has announced, May 5, a new phase in its Azure Sphere Security Research Challenge.
This new challenge will only run for a three-month period starting June 1. However, to apply to take part in the hacking bounty program, security researchers will need to submit their applications before May 15.
The 50 hackers who are accepted into the challenge pool will get all the resources they need to take on the scenario-based vulnerability discovery test. Resources that will include full access to the Azure Sphere development kit as well as to other Microsoft products and services that could be used during their research.
Find a vulnerability that would enable code execution on Secure World, situated below the custom Linux kernel, and where only Microsoft-supplied code should be able to run courtesy of the Security Monitor, and there’s another potential $100,000.
“Security is a team sport,” Sylvie Liu, the security program manager at the Microsoft Security Response Center, said, “and security researchers are so important to making technology as secure as possible.”
