Microsoft has launched a bug bounty program for 365 applications, with its video-conferencing software Teams being the only target for now. This move was made because of the rising popularity of Microsoft Teams in the ‘work from home’ period. The company under its Bug Bounty Program will pay out bounty payments between $500 and $30,000 for valid security vulnerabilities.
What comes under the Bug Bounty Program?
The Microsoft Teams desktop client is the first that comes under the company’s new Bug Bounty Program. However, it does not comprise Microsoft Teams’ native mobile apps for Android and Apple iOS as well as for desktop browsers. As of now it only covers:
- Scenario-Based Bounty Awards: Under this comes 5 scenario-based awards for vulnerabilities that may have the highest probable impact on client privacy and security. Rewards for this range from $6,000 to $30,000.
- General Bounty Awards: The company will also be offering additional bounties for reports that do not qualify for scenario-based awards. Rewards for this range from $500 to $15,000.
- Teams Online: Other submissions for Microsoft Teams online services will proceed under the Bug Bounty Program.
- Researcher Recognition Program Points: The credible reports will now be eligible for a 2x bonus multiplier under the Researcher Recognition Program. Points received under this are evaluated and are recorded in Microsoft Security Response Center’s (MSRC) Most Valuable Security Researcher list.
“Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely,” said MSRC program manager Lynn Miyashita. Miyashita also added: “Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration.”
Microsoft as of now hasn’t indicated when other Microsoft 365 applications, such as PowerPoint, Outlook, and OneDrive would be taken under the Bug Bounty Program. Microsoft Teams also announced a rise of 50% with around 115 million day-to-day active users in the six months after Covid-19 was declared a pandemic.
