The Microsoft Security Response Center (MSRC) is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities in Azure DevOps online services and the latest release of Azure DevOps server.
Azure DevOps is a cloud service for collaborating on code development, spanning the breadth of the development lifecycle to help developers ship software faster and with higher quality.
The researcher community plays an essential role in keeping our customers secure, and we will review every submission and recognize your efforts according to our program criteria. If your submission isn’t eligible for bounty but still helps us fix or improve our product, we’ll offer public thanks and recognition for your contribution. Please submit your vulnerabilities to firstname.lastname@example.org.
Interested in learning more about Azure DevOps? Here are a few links to get you started.
- Introducing Azure DevOps
- Azure DevOps Blog
- Azure DevOps Documentation
- Azure DevOps Developer Community
Senior Program Manager
All Microsoft Bug Bounty Programs are subject to the terms and conditions outlined here.
The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For more than twenty years, we have been engaged with security researchers working to protect customers and the global online community. For more information, please visit our website at www.microsoft.com/msrc and follow our Twitter page at @msftsecresponse.