Microsoft is calling on the security research community to help identify and fix high impact vulnerabilities in its Azure Sphere internet of things (IoT) security solution, which has been released into general availability.
“With general availability of Azure Sphere, we invite researchers from across the globe to research for high impact vulnerabilities in Azure Sphere as a part of our Microsoft Azure Bounty Program. Qualified submissions are eligible for awards up to U.S.$40,000,” Microsoft Security Response Centre security program manager Sylvie Liu said in a blog post.
“For innovation to deliver durable value, it must be built on a foundation of security. Security researchers continue to play an integral role in securing billions of customers by discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD),” Liu added.
The general availability of Azure Sphere comes nearly two years after its initial introduction and preview of the solution.
Announced at the 2018 RSA infosec conference, Microsoft Azure Sphere was described as a new solution to protect and power devices at the intelligent edge, and included three components: Azure Sphere certified microcontrollers (MCUs); the Azure Sphere operating system (OS); and the cloud-based Azure Sphere Security Service.
Broadly, Azure Sphere is designed as an end-to-end solution for securely connecting existing equipment and for creating new IoT devices with built-in security.
As well as an OS and a cloud service, it has ongoing security and OS updates to help ensure devices remain secured as threats evolve over time.
“General availability is an important milestone for our team and for our customers, demonstrating that we are ready to fulfill our promise at scale,” Azure Sphere principal group program manager Halina McMaster said in a blog post.
“For Azure Sphere, this marks a few specific points in our development. First, our software and hardware have completed rigorous quality and security reviews.
“Second, our security service is ready to support organisations of any size. And third, our operations and security processes are in place and ready for scale. General availability means that we are ready to put the full power of Microsoft behind securing every Azure Sphere device,” she added.