For digital giants as well as the majority of companies working in the new technology sectors, it is common to attend bug-hunting programs commonly called Bug Bounty.
The objective is very simple, is to find security vulnerabilities or potential bug, by the intervention of hackers classified in the category of ethics, so that these vulnerabilities do not fall into the wrong hands. Indeed, actors hired for this work are paid when they discover them. In this similar context, redmond's giant, Microsoft is offering the $100,000 bounty to hackers who will succeed in hacking into its defense system that is supposed to protect its Azure Sphere infrastructure.
This article will also interest you: $100,000 to find a flaw in Valorant's anti-cheating system
The program began on June 1. Participate in this Bug Bounty, 50 hackers considered geniuses in the field. Nominations ended on May 15. The duration of the program is 3 months, where each hacker selected will have the task of hacking into Microsoft's defense system with the aim of earning the sum of 100 thousand dollars per vulnerability. "In the last few hours, hackers around the world have started to steal their weapons. Microsoft has just offered a cheque for $100,000 to those who manage to bypass all the firewalls of its Azure Sphere system, operating with the Linux operating system. Olivier Wurlod, a journalist for the Reuters news agency, commented.
As Microsoft knows, no system is invulnerable. The task of these 50 geniuses will be to prove it.
Using fault-hunting programs is an old practice. Especially for digital giants such as Google, Netflix, Apple and many others. Some companies have even specialized in connecting plaintiff companies with ethical hackers. These include HackerOne and YesWeHack. "These programs have the advantage of being able to identify the security vulnerabilities of a computer system in a controlled environment and therefore without real danger to the company under attack. "Reuters journalist points out.
In addition, Sylvie Liu, the head of the security program at Microsoft Security Response, noted that, apart from the selected hackers, seasoned computer security specialists such as BitDefender, McAfee or Avira will participate in the bug-finding program in order to implement a defense program that is as effective as possible. "Involving the security research community in the search for vulnerabilities before hackers do so is part of Azure Sphere's holistic approach to reducing risk," she wrote on her blog.
However, for those who follow this news, the premium offered by Microsoft to the tune of $100,000 seems literally not enough for them. Especially in a context where competitors such as Google or Apple often offer bonuses of up to $1 million. Indeed, only a few months ago, the Mountain View giant proposed the trifle of $1.5 million to the one who would succeed in compromising the security system proposed through the Titan M chips supposed to strengthen and the security of the smartphone range Pixels. Further afield, Google's highest cheque for a Bounty program is $161,337. So higher than the one proposed by Microsoft. And Google is not alone in this case. Indeed, more firms offer higher and higher premiums like Apple. In such a context, one wonders if the $100,000 proposed by Redmond's firm is able to effectively motivate program participants, when they know that elsewhere more is being offered.
Switzerland has decided to follow Microsoft's example in defending these infrastructures. Therefore, almost a year ago, the Post Office had then submitted its computer system developed for electronic voting to the assault of 2000 hackers. Even if on this side, the rewards never exceeded the $50,000 level. But fortunately for the authorities in charge of the program, the Bounty bug did attract local hackers and even some from outside the country. That money doesn't do everything. Maybe Microsoft reassured me.
Now access an unlimited number of passwords: