Microsoft opens up bug bounty programme for online services

The rewards users receive will be based on the "detail, quality and complexity" of the discovered vulnerability, says Microsoft

Microsoft is to offer rewards to anyone who discovers bugs within many of its online services.

Dubbed the 'Microsoft Online Services Bug Bounty Program', the company kicked off the scheme earlier this week, saying anyone submitting a bug is eligible for a minimum payment of $500 (340).

According to the post on Technet, bugs can include any vulnerabilities discovered in its Office, Outlook 365 and Office 365 for business email services applications, Sharepoint, Lync, Yammer and other services that belong to Microsoft.

Bounties will be paid out to anyone discovering cross site scripting (XSS), cross site request forgery (CSRF), unauthorised cross-tenant data tampering or access (for multi-tenant services), insecure direct object references, injection and authentication flaws, server-side code execution, privilege escalation and significant security misconfiguration vulnerabilities.

A number of vulnerabilities have, however, been blacklisted including bugs that only affect unsupported browsers and plugins and those that would not necessarily pose a risk to people using its services in a regular way. Microsoft will also not pay out if a Denial of Service (DoS) attack is discovered.

Microsoft encourages those who wish to mine for bugs to set up test accounts for security testing rather than use live ones. 

Depending on the severity of the bug, Microsoft will vary its payments, but the company says the minimum paid out will be $500 (340). However, the "detail, quality, and complexity of the vulnerability" will also be considered in determining the level of payment.

Some of the biggest tech companies around the world already offer rewards to researchers or regular users who uncover bugs or vulnerabilities. Twitter recently announced it would pay around $140 (85) for every security flaw its users find, while Yahoo came under fire for offering just $12.50 (7.65) in its scheme.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

Big data is 'giving us an edge over hackers' for the first time, says Microsoft CISO
Security

Big data is 'giving us an edge over hackers' for the first time, says Microsoft CISO

17 Sep 2020
Nokia simplifies Microsoft Azure integration
business communications

Nokia simplifies Microsoft Azure integration

16 Sep 2020
MFA bypass allows hackers to infiltrate Microsoft 365
cloud security

MFA bypass allows hackers to infiltrate Microsoft 365

15 Sep 2020
Microsoft retrieves underwater data centre after two years
data centres

Microsoft retrieves underwater data centre after two years

15 Sep 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google takes on Zoom with launch of Meet hardware
video conferencing

Google takes on Zoom with launch of Meet hardware

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020