Microsoft launches bug bounty programme for Teams

The programme will award bug hunters up to $30,000 for the most severe exploits

The Microsoft Teams app logo displayed on a smartphone

Microsoft has launched a bug bounty reward programme for its Teams desktop client with potential rewards of up to $30,000.

The reward scheme falls under the new Microsoft Applications Bounty Programme, which so far only covers Microsoft Teams but will be expanded to include others in the near future.

Lynn Miyashita, programme manager at Microsoft Security Response Centre (MSRC), said: “Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely.

“Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration.”

The programme includes scenario-based bounty awards for vulnerabilities that have the highest potential impact on customer privacy and security. The rewards for this range between $6,000 to $30,000.

There are also general bounty rewards for other valid vulnerability reports for the Teams desktop client, with the rewards ranging from $500 to $15,000. Microsoft will also accept submissions for Teams online services, but those will be rewarded under the Online Services Bounty Program, where rewards are between $500 to $20,000.

Valid reports for Microsoft Teams research are also eligible for a 2x bonus multiplier under the Research Recognition Programme, the company has confirmed. These points contribute to a researcher’s eligibility for the annual MSRC Most Valuable Security Researcher list.

In August 2020, it emerged that Microsoft paid out $13.7m (£10.5m) across 15 bounty programmes during the last 12 months, over three times the amount paid to researchers in the same period during 2018/2019. The biggest single reward was $200,000, with 1,226 eligible vulnerability reports being filed during the period.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021