Microsoft debuts Azure Security Lab, doubles top bug bounty to $40K

computer lock
Microsoft ups its cloud security game with Azure Security Lab. (Pixabay)

At Black Hat 2019 this morning, Microsoft doubled down on cloud security by announcing its Azure Security Lab, which is designed to let security experts test its cloud security in safe environments.

Microsoft also announced it was doubling the top bounty reward for security researchers who find bugs in Azure to $40,000, according to a blog post by Kymberlee Price, Microsoft's security community manager.

Security hacking challenges have been a vital mainstay for cybersecurity over the years, as companies invite hackers to find and disclose vulnerabilities before they are used for harm. Microsoft has issued $4.4 million in bounty rewards over the past year.

The Azure Security Lab is a set of dedicated cloud hosts for security experts to make attacks against infrastructure-as-a-service scenarios. The Lab is a sandbox-like environment that allows the attacks to take place in locations that are isolated from Azure customers.

RELATED: Misconfiguration vulnerability the culprit for Capital One data loss - WSJ

In addition to the secure testing space, the lab program will also allow participating researchers to work directly with Microsoft Azure security experts. In order to take part in the Azure Security Lab, applicants need to first apply. Those with access to the Azure Security Lab may attempt the scenario-based challenges with top awards of $300,000.

Once they are accepted, security researchers can take part in quarterly campaigns for targeted scenarios with added incentives, as well as recognition and "exclusive swag," according to Price.

"We work hard to earn your trust in the cloud, but we don’t do it alone," Price said. "Partnerships are core to our security strategy, and one of our key partners is the global community of security researchers. By identifying and reporting vulnerabilities to Microsoft through coordinated vulnerability disclosure, security researchers have repeatedly demonstrated that working together helps protect customers."

Microsoft also announced on Tuesday that it had formalized its two-decade Safe Harbor commitment, which includes principles to ensure that the security researchers receive recognition for their work.