Microsoft launches bug bounty programme for Teams
The programme will award bug hunters up to $30,000 for the most severe exploits
Microsoft has launched a bug bounty reward programme for its Teams desktop client with potential rewards of up to $30,000.
The reward scheme falls under the new Microsoft Applications Bounty Programme, which so far only covers Microsoft Teams but will be expanded to include others in the near future.
Lynn Miyashita, programme manager at Microsoft Security Response Centre (MSRC), said: “Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely.
“Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration.”
The programme includes scenario-based bounty awards for vulnerabilities that have the highest potential impact on customer privacy and security. The rewards for this range between $6,000 to $30,000.
There are also general bounty rewards for other valid vulnerability reports for the Teams desktop client, with the rewards ranging from $500 to $15,000. Microsoft will also accept submissions for Teams online services, but those will be rewarded under the Online Services Bounty Program, where rewards are between $500 to $20,000.
Valid reports for Microsoft Teams research are also eligible for a 2x bonus multiplier under the Research Recognition Programme, the company has confirmed. These points contribute to a researcher’s eligibility for the annual MSRC Most Valuable Security Researcher list.
In August 2020, it emerged that Microsoft paid out $13.7m (£10.5m) across 15 bounty programmes during the last 12 months, over three times the amount paid to researchers in the same period during 2018/2019. The biggest single reward was $200,000, with 1,226 eligible vulnerability reports being filed during the period.
Modern governance: The how-to guide
Equipping organisations with the right tools for business resilienceFree Download
Cloud operational excellence
Everything you need to know about optimising your cloud operationsWatch now
A buyer’s guide to board management software
Improve your board’s performance
The real world business value of Oracle autonomous data warehouse
Lead with a 417% five-year ROIDownload now