Tech giant Microsoft is launching a bug bounty program for hackers to crack its custom Linux OS. Hackers can bag as much as $100,000.
Since last year, Microsoft has been busy building its compact and custom version of Linux OS. The main purpose of the project is to implement it its massive Azure Sphere OS.
Microsoft is building its Azure Sphere OS using specialized processors. The tech giant is designing it to be its primary platform for Internet of Things or IoT. Because of this the operating system should specially designed for this designated purpose, hence the decision to use Linux.
Custom Linux OS up to the test
Microsoft is putting up $100,000 for hackers who can breach its Pluton security subsystem, also known as Secure World Sandbox. This new bug bounty program is part of the company’s research challenge which will run from June to August.
In a statement. Microsoft Security Response Center program manager Sylvie Liu says:
“We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period.”
Microsoft also has a running bug bounty program for its Azure cloud systems. The new program is for hackers to specifically target the Azure Sphere OS which is a custom Linux OS.
Inside the Azure Sphere platform is Normal World which functions as the Linux equivalent of user mode. Underneath it is Secure World, which is underneath the custom Linux kernel and hosts the Security Monitor.
Scope of the hack
Microsoft says that the company will invite hacker groups and security companies to participate in the program. The tech giant adds that physical attacks are not part of the bug bounty program.
— Open at Microsoft (@OpenAtMicrosoft) May 2, 2020
Microsoft says that it will provide researchers who gets approval with an Azure Sphere development it. Additionally, they will also receive access to some of the company’s products and services, product documentation, and direct channels of communication to Microsoft.
Aside from hackers and security researchers, Microsoft is also inviting several security firms and notable companies in the iOT industry. Among them are McAfee, Baidu International Technology, Avira, Cisco, ESET, HackerOne, and Palo Alto Networks.
Security researchers who are interested in joining the program can send an application to Microsoft before May 15. Microsoft says it will review the applications and notify the researchers if they can participate.
Microsoft is putting a lot of faith into its Azure Sphere custom Linux OS. Nevertheless, a bug bounty program is always a great way to make a system secure.
Image courtesy of Sai Kiran Anagani/Unsplash