The company has announced it has asked White Hat Hackers to hunt for exploits in its Azure platform. Bloomberg reports: “Microsoft is planning to release what’s called a Safe Harbor statement giving researchers legal clearance to report a vulnerability.” Of course, Microsoft has held plenty of bug bounty programs in the past in an effort to shore up its various services. Kymberlee Price, head of the company’s Security Response Center programs says the bug bounty system is “just not getting as much activity as I would like to see.”
Safe Harbor
Microsoft says the difference here is White Hat Hackers will give hackers legal clearance to search for exploits and report on them. To ensure hackers can trust Microsoft’s intentions, the company will release a Safe Harbor statement. “We’ve always done that but we’ve never formally articulated it,” Price said. A formal policy will allow researchers to look for exploits without worrying they will break services or render them offline. Despite concerns over cloud security and many companies holding off on integration, Microsoft says on-premises attacks are still more likely. “The level of sophistication of the attackers and the interest in (attacking) the cloud just continues to grow as the cloud continues to grow,” said Azure Chief Technology Officer Mark Russinovich.