At Black Hat conference in Las Vegas, Microsoft today announced that it is doubling down on Azure security. First, Microsoft is encouraging more security researchers to exploit Azure by doubling the top bounty reward for Azure vulnerabilities to $40,000. Second, Microsoft is making it easier for security researchers to aggressively test Azure in a closed environment. Microsoft is inviting a select group of security individuals to emulate criminal hackers in a cloud environment called the Azure Security Lab.
Think of Azure Security Lab as a play ground for security researchers. Trying to hack a live Azure project may affect customers and may even cause legal hurdles. The Azure Security Lab is a set of dedicated cloud hosts for security researchers and it is isolated from Azure customers. Also, the participating researchers can engage directly with Microsoft Azure security experts.
The isolation of the Azure Security Lab allows us offer something new: researchers can not only research vulnerabilities in Azure, they can attempt to exploit them. Those with access to the Azure Security Lab may attempt the scenario-based challenges with top awards of $300,000.
Microsoft mentioned that accepted applicants will have access to quarterly campaigns for targeted scenarios with added incentives, and also regular recognition as well as exclusive swag.