Microsoft launches bug bounty programme for Teams

The programme will award bug hunters up to $30,000 for the most severe exploits

The Microsoft Teams app logo displayed on a smartphone

Microsoft has launched a bug bounty reward programme for its Teams desktop client with potential rewards of up to $30,000.

The reward scheme falls under the new Microsoft Applications Bounty Programme, which so far only covers Microsoft Teams but will be expanded to include others in the near future.

Lynn Miyashita, programme manager at Microsoft Security Response Centre (MSRC), said: “Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely.

“Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration.”

The programme includes scenario-based bounty awards for vulnerabilities that have the highest potential impact on customer privacy and security. The rewards for this range between $6,000 to $30,000.

There are also general bounty rewards for other valid vulnerability reports for the Teams desktop client, with the rewards ranging from $500 to $15,000. Microsoft will also accept submissions for Teams online services, but those will be rewarded under the Online Services Bounty Program, where rewards are between $500 to $20,000.

Valid reports for Microsoft Teams research are also eligible for a 2x bonus multiplier under the Research Recognition Programme, the company has confirmed. These points contribute to a researcher’s eligibility for the annual MSRC Most Valuable Security Researcher list.

In August 2020, it emerged that Microsoft paid out $13.7m (£10.5m) across 15 bounty programmes during the last 12 months, over three times the amount paid to researchers in the same period during 2018/2019. The biggest single reward was $200,000, with 1,226 eligible vulnerability reports being filed during the period.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021