Microsoft opens up bug bounty programme for online services
The rewards users receive will be based on the "detail, quality and complexity" of the discovered vulnerability, says Microsoft
Microsoft is to offer rewards to anyone who discovers bugs within many of its online services.
Dubbed the 'Microsoft Online Services Bug Bounty Program', the company kicked off the scheme earlier this week, saying anyone submitting a bug is eligible for a minimum payment of $500 (340).
According to the post on Technet, bugs can include any vulnerabilities discovered in its Office, Outlook 365 and Office 365 for business email services applications, Sharepoint, Lync, Yammer and other services that belong to Microsoft.
Bounties will be paid out to anyone discovering cross site scripting (XSS), cross site request forgery (CSRF), unauthorised cross-tenant data tampering or access (for multi-tenant services), insecure direct object references, injection and authentication flaws, server-side code execution, privilege escalation and significant security misconfiguration vulnerabilities.
A number of vulnerabilities have, however, been blacklisted including bugs that only affect unsupported browsers and plugins and those that would not necessarily pose a risk to people using its services in a regular way. Microsoft will also not pay out if a Denial of Service (DoS) attack is discovered.
Microsoft encourages those who wish to mine for bugs to set up test accounts for security testing rather than use live ones.
Depending on the severity of the bug, Microsoft will vary its payments, but the company says the minimum paid out will be $500 (340). However, the "detail, quality, and complexity of the vulnerability" will also be considered in determining the level of payment.
Some of the biggest tech companies around the world already offer rewards to researchers or regular users who uncover bugs or vulnerabilities. Twitter recently announced it would pay around $140 (85) for every security flaw its users find, while Yahoo came under fire for offering just $12.50 (7.65) in its scheme.
Unlocking collaboration: Making software work better together
How to improve collaboration and agility with the right techDownload now
Four steps to field service excellence
How to thrive in the experience economyDownload now
Six things a developer should know about Postgres
Why enterprises are choosing PostgreSQLDownload now
The path to CX excellence for B2B services
The four stages to thrive in the experience economyDownload now