Microsoft Launches Apps Bug Bounty Program
Written by Kay Ewbank   
Friday, 26 March 2021

Microsoft has announced a bug bounty program for applications with awards of up to $30,000. The first app to be added to the program is Teams, its Office 365 business communications software that can be used for videoconferencing and workplace chat.

The overall program is the Microsoft Applications Bounty Program, and it has categories for a number of bugs, including a scenario-based bounty and a general bounty.

teams

 

The Scenario-Based Bounty is a program that has five:

"scenario-based awards for vulnerabilities that have the highest potential impact on customer privacy and security".

Rewards for these scenarios range from $6,000 to $30,000 USD. The General Bounty Awards are additional awards for other valid vulnerability reports for the Teams desktop client that don't qualify for the scenario-based awards. Rewards for these reports range from $500 to $15,000 USD.

Vulnerability submissions must identify a vulnerability that was not previously reported to Microsoft, and the vulnerability has to be of Critical or Important severity. It has to be reproducible on the latest version of Microsoft Teams desktop client running on the latest, fully patched version of Windows, Linux, or macOS.

The first app to be added to the program is the Teams desktop client. On the program website, Microsoft says "This list of in-scope apps reflects high priority, high-impact security research areas and will continue to evolve over time." While the desktop client falls under the new program, Microsoft says that vulnerabilities discovered in Teams Online should be submitted to (and will receive awards from) the pre-existing Online Services Bounty Program. They also say that developers who are trying to get onto the Microsoft Researcher Recognition Program will be eligible for a 2x bonus multiplier under the Researcher Recognition Program, and that the points earned contribute toward your eligibility for the annual MSRC Most Valuable Security Researcher list. 

teams 

 

More Information

Microsoft Apps Bounty Program Website

Related Articles

Over $21 Million In Google Bug Bounty

Bug Bounty Bonanza

Firefox Raises Bug Bounty Payouts

GitHub Security Bug Bounty Milestones 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Avi Wigderson Gains Turing Award
16/04/2024

Israeli mathematician and computer scientist, Avi Wigderson, is the recipient of the 2023 ACM A.M Turing Award which carries a $1 million prize with financial support from Google.


+ Full Story
Interact With Virtual Historic Computers
14/04/2024

Alan Turing's ACE computer is a legendary computer that is particularly special for I Programmer - our account of it was the first ever history article on the site when it launched in 2009. Now this i [ ... ]


+ Full Story
More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info