Category: Microsoft|Apr 4, 2021 | Author: Admin

Microsoft elevates Teams' importance by offering top-dollar bug bounties

Share on

The company has launched a new bug bounty program for Teams that offers as much as $30,000 to security researchers for previously-unknown vulnerabilities. It's a sign of the software's growing importance.

There's nothing like $30,000 to show that an app has made it to the big time.

Microsoft last week underscored the importance of Teams to its current and future strategic planning by inaugurating a new bug bounty program that will offer up to $30,000 — twice the maximum of any Office application — to security researchers for reporting previously-unknown vulnerabilities.

Out the gate, the new program, carrying the prosaic label "Microsoft Applications Bounty Program," focused exclusively on the Teams desktop client. Other applications will be brought into the program, Microsoft said, though no timeline was given.

In an online document that detailed the new bug bounty program, Microsoft listed five specific scenarios — "high-impact," the company said — that came with rewards from $6,000 to $30,000. The largest bounty was for vulnerabilities described as "remote code execution (native code in the context of the current user) with no user interaction."

Flaws in Teams that led to an "ability to obtain authentication credentials for other users*(note: does not include phishing)" would rate a maximum of $15,000.

A rate sheet of general bugs — from remote code execution vulnerabilities to spoofing or tampering — was also included, with rewards ranging from $500 to $15,000, depending on the severity of the flaw, and the quality and thoroughness of the finder's reporting.


In comparison, Microsoft's bounties in its "Office Insider Builds on Windows" program max out at $15,000. The only other application for which Microsoft cuts bounty checks as large as $30,000 is its Edge browser. (Microsoft also listed $30,000 as the maximum for vulnerabilities in the Windows Defender Application Guard, which isn't an app per se, but a security feature within Windows.)

One can get a broad idea of the importance Microsoft places on the various parts of its software ecosystem by eyeing the rate sheets for its numerous bounty programs. While the new Teams rewards are top-tier for an application, they're dwarfed by the $100,000 maximums for Windows and its identity services.


A complete list of all Microsoft's bounty programs can be found here.

Sponsored Ads:

Comments:


Now everyone can test the new from Apple!

Category: Apple|Jul 16, 2024 | Author: Admin

Google reportedly is close to buying cybersecurity company Wiz for $23 billion

Category: Google|Jul 15, 2024 | Author: Admin

OpenAI whistleblowers ask SEC to investigate alleged restrictive non-disclosure agreements

Category: IT|Jul 14, 2024 | Author: Admin

Norwegian Vivaldi reaches out to Google

Category: IT|Jul 13, 2024 | Author: Admin

Soon, Apple fans may flee Google, and the other way around

Category: IT|Jul 12, 2024 | Author: Admin

Apple's iPhone change is fantastic for Norwegians - Vipps rejoices

Category: Apple|Jul 11, 2024 | Author: Admin

iPhone gets it five years after Android

Category: Google|Jul 10, 2024 | Author: Admin

This cannot continue - COMMENT

Category: IT|Jul 9, 2024 | Author: Admin

Major camera improvements in free update

Category: IT|Jul 8, 2024 | Author: Admin

The beginning of the end for Blu-ray

Category: IT|Jul 7, 2024 | Author: Admin

"We have won the battle against floppy disks!"

Category: IT|Jul 6, 2024 | Author: Admin

33 million mobile numbers leaked

Category: IT|Jul 5, 2024 | Author: Admin

This is great iPhone 16 news

Category: Apple|Jul 4, 2024 | Author: Admin

Pixel gets exclusive "Google AI"

Category: Google|Jul 3, 2024 | Author: Admin

Who shops them?

Category: IT|Jul 2, 2024 | Author: Admin
more