Microsoft has launched a bug bounty reward programme for its Groups desktop client with possible rewards of up to $30,000.
The reward scheme falls underneath the new Microsoft Apps Bounty Programme, which so significantly only covers Microsoft Teams but will be expanded to include other people in the around long run.
Lynn Miyashita, programme manager at Microsoft Security Reaction Centre (MSRC), mentioned: “Partnering with the security investigation neighborhood is an essential part of Microsoft’s holistic tactic to defending versus security threats. As substantially of the earth has shifted to functioning from residence in the last yr, Microsoft Groups has enabled individuals to keep related, structured, and collaborate remotely.
“Microsoft and security scientists throughout the earth continue to companion to enable protected shoppers and the systems we use for distant collaboration.”
The programme contains state of affairs-primarily based bounty awards for vulnerabilities that have the highest opportunity influence on client privacy and security. The rewards for this assortment among $6,000 to $30,000.
There are also basic bounty rewards for other legitimate vulnerability stories for the Groups desktop client, with the benefits ranging from $500 to $15,000. Microsoft will also take submissions for Groups on the net providers, but those people will be rewarded below the On-line Companies Bounty Plan, wherever rewards are in between $500 to $20,000.
Legitimate studies for Microsoft Groups exploration are also suitable for a 2x reward multiplier beneath the Research Recognition Programme, the business has confirmed. These factors lead to a researcher’s eligibility for the once-a-year MSRC Most Valuable Security Researcher listing.
In August 2020, it emerged that Microsoft paid out $13.7m (£10.5m) throughout 15 bounty programmes all through the final 12 months, around a few periods the sum paid out to scientists in the similar period throughout 2018/2019. The greatest solitary reward was $200,000, with 1,226 qualified vulnerability reports being filed through the period of time.
Some elements of this post are sourced from: