Microsoft opens up bug bounty programme for online services

The rewards users receive will be based on the "detail, quality and complexity" of the discovered vulnerability, says Microsoft

Microsoft is to offer rewards to anyone who discovers bugs within many of its online services.

Dubbed the 'Microsoft Online Services Bug Bounty Program', the company kicked off the scheme earlier this week, saying anyone submitting a bug is eligible for a minimum payment of $500 (340).

According to the post on Technet, bugs can include any vulnerabilities discovered in its Office, Outlook 365 and Office 365 for business email services applications, Sharepoint, Lync, Yammer and other services that belong to Microsoft.

Bounties will be paid out to anyone discovering cross site scripting (XSS), cross site request forgery (CSRF), unauthorised cross-tenant data tampering or access (for multi-tenant services), insecure direct object references, injection and authentication flaws, server-side code execution, privilege escalation and significant security misconfiguration vulnerabilities.

A number of vulnerabilities have, however, been blacklisted including bugs that only affect unsupported browsers and plugins and those that would not necessarily pose a risk to people using its services in a regular way. Microsoft will also not pay out if a Denial of Service (DoS) attack is discovered.

Microsoft encourages those who wish to mine for bugs to set up test accounts for security testing rather than use live ones. 

Depending on the severity of the bug, Microsoft will vary its payments, but the company says the minimum paid out will be $500 (340). However, the "detail, quality, and complexity of the vulnerability" will also be considered in determining the level of payment.

Some of the biggest tech companies around the world already offer rewards to researchers or regular users who uncover bugs or vulnerabilities. Twitter recently announced it would pay around $140 (85) for every security flaw its users find, while Yahoo came under fire for offering just $12.50 (7.65) in its scheme.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021
Microsoft Surface Laptop 4 official with AMD and Intel CPU options
Laptops

Microsoft Surface Laptop 4 official with AMD and Intel CPU options

13 Apr 2021
Microsoft buys AI firm Nuance Communications for $19.7 billion
voice recognition

Microsoft buys AI firm Nuance Communications for $19.7 billion

12 Apr 2021
Microsoft Surface Pro 7+ review: More minus than plus
Hardware

Microsoft Surface Pro 7+ review: More minus than plus

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021