Microsoft launches its Online Services Bug Bounty Program to boost Office 365 security

News

Reading time icon 2 min. read

Calendar icon Published on

by Radu Tyrsina 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Microsoft launches its Online Services Bug Bounty Program to boost Office 365 security

It’s never a good thing when you hear that a service you rely on has been hacked and your personal and credit card information may or may not be in the hands of an attacker. It wouldn’t be such a big deal if say your Facebook account got hacked (your friends do that anyways) compared to say your PayPal or your business account. It’s not a situation anyone wants to be in, especially when responsibility usually falls into the hands of service providers.

Microsoft has as a result, launched its new Online Services Bug Bounty program today to “reward and recognize security researchers by offering a bounty for qualifying security vulnerabilities”. According to the software giant, the program was created for three main reasons; (1) Microsoft takes security vulnerabilities seriously, (2) customers asked for it, and (3) it’s the right thing to do to drive Office 365 adoption forward, making for a more secure software package.

Microsoft has also released the program terms that define the types of vulnerabilities that are and are not eligible for submission. There is a minimum payment of $500 for all qualified submissions, with no limit on the number of submissions per person, and anyone over the age of 14 can participate, provided you are not in any US sanctioned countries such as Cuba, Iran, North Korea, Sudan, and Syria.

Programs like these are good ways to in a sense, quench the thirst of hackers, giving them an incentive to hack and not face legal ramifications, only if they submit the vulnerabilities to Microsoft of course. It’s a first-come, first-serve scheme so participants are not encouraged to hold on to vulnerabilities. Microsoft requires all participants to register test accounts and are discouraged from using the program as an attempt to attack Microsoft.

You can read the fine print of the terms via the source link below, so if you meet the requirements and are good at searching for vulnerabilities, sign up! You could make big money as well as help keep a service that millions of people are using safe.

Radu Tyrsina

Radu Tyrsina Shield

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.