Microsoft has utilized bug bounty programs for years to help find issues with its software. The concept is pretty straightforward. If you spot an issue that qualifies as big enough for Microsoft to care about, you can get paid. The new Microsoft Applications Bounty Program extends that concept to specific apps from Microsoft. Microsoft Teams is the first in-scope application that’s part of the new program.
Depending on the issue that you discover, you could make up to $30,000. Microsoft outlines two areas that are part of the program in a blog post and clarifies other details:
- Scenario-Based Bounty Awards: This new program includes 5 scenario-based awards for vulnerabilities that have the highest potential impact on customer privacy and security. Rewards for these scenarios range from $6,000 to $30,000 USD.
- General Bounty Awards: In addition, we offer bounty awards for other valid vulnerability reports for the Teams desktop client that do not qualify for the scenario-based awards. Rewards for these reports range from $500 to $15,000 USD.
- Teams Online: Submissions for Teams online services will continue to be awarded under the Online Services Bounty Program.
- Researcher Recognition Program Points: Valid reports for Microsoft Teams research are now eligible for a 2x bonus multiplier under the Researcher Recognition Program. Points earned contribute toward your eligibility for the annual MSRC Most Valuable Security Researcher list.
It appears that Microsoft is focusing on security and vulnerability issues for its bounty program.
We may earn a commission for purchases using our links. Learn more.
This post was written by Sean Endicott and was first posted to WindowsCentral
Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.