New Online Services Bug Bounty Program |
Written by Sue Gee |
Friday, 26 September 2014 |
Microsoft has launched a bug bounty program covering its Online Services, starting with Office 365. Rewards for qualified submissions start at $500.
Microsoft already has an established Bug Bounty Program, including the Mitigation Bypass Bounty program which pays up to $100,000 USD for novel exploitation techniques against protections built into its newest operating systems and the BlueHat Bonus for Defense, an additional uo to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission. Now it is extending the idea of paying for vulnerability reports to its online service stating: Being ahead of the game by identifying the exploit techniques in our widely used services helps make our customer’s environment more secure. Qualified submissions for the Online Services Bug Bounty will be eligible for a minimum payment of $500 with the proviso Bounties will be paid out at Microsoft’s discretion based on the impact of the vulnerability. Eligible submissions include vulnerabilities of the following types:
The program is restricted to the following domains:
You also need to be aware of the rules governing the testing of the above bounty-eligible online services. The terms and conditions state: You must create test accounts, and test tenants, for security testing and probing. For Office 365 services, you can set up your test account here. In all cases, where possible, include the string "MSOBB" in your account name and/or tenant name in order to identify a tenant as being in use for the bug bounty program. Additionally all the following are prohibited:
So is $500 enough for going to so much trouble. Well it is a minimum and Microsoft has a record of paying substantial sums for critical bugs.
More InformationBug Bounty Evolution: Online Services Related ArticlesBounty Hunter Awarded $100,000 Microsoft Offers $100,000 For Novel Exploits Microsoft and Facebook Launch Internet Bug Bounty Scheme Google Offers Cash For Security Patches
To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin, or sign up for our weekly newsletter.
Comments
or email your comment to: comments@i-programmer.info |
Last Updated ( Friday, 26 September 2014 ) |