Microsoft elevates Teams’ importance by offering top-dollar bug bounties

There’s nothing like $30,000 to show that an app has made it to the big time.

Microsoft last week underscored the importance of Teams to its current and future strategic planning by inaugurating a new bug bounty program that will offer up to $30,000 — twice the maximum of any Office application — to security researchers for reporting previously-unknown vulnerabilities.

Out the gate, the new program, carrying the prosaic label “Microsoft Applications Bounty Program,” focused exclusively on the Teams desktop client. Other applications will be brought into the program, Microsoft said, though no timeline was given.

In an online document that detailed the new bug bounty program, Microsoft listed five specific scenarios — “high-impact,” the company said — that came with rewards from $6,000 to $30,000. The largest bounty was for vulnerabilities described as “remote code execution (native code in the context of the current user) with no user interaction.”

Flaws in Teams that led to an “ability to obtain authentication credentials for other users*(note: does not include phishing)” would rate a maximum of $15,000.

A rate sheet of general bugs — from remote code execution vulnerabilities to spoofing or tampering — was also included, with rewards ranging from $500 to $15,000, depending on the severity of the flaw, and the quality and thoroughness of the finder’s reporting.

Copyright © 2021 IDG Communications, Inc.

Source link