Money for Bugs: Office 365 Added to Microsoft's Bounty Program

Microsoft has added Office 365 to its list of bounty programs.

Rod Trent

September 24, 2014

1 Min Read
Money for Bugs: Office 365 Added to Microsoft's Bounty Program

Microsoft has long offered hackers and researchers payouts for locating bugs, vulnerabilities and exploits in its products. These have normally been focused on installable, locally executed applications. But, with increasing usage of Microsoft's Cloud-based products, the company is unveiling its first Bug Bounty program for online services.

The program, "Online Services Bug Bounty," is commencing with Office 365 online services as the initial emphasis, including outlook.com, office365.com, sharepoint.com, yammer.com, and windows.net, among other URL deviations.

The program is for anyone 14 years of age or older and the payout is a minimum of $500 USD for eligible and qualified submissions. Microsoft provides a list of eligible submissions that include vulnerabilities like cross site scripting, injection flaws, privilege escalation, cross site requires forgery, and others, and it also provides a list of submissions it will not accept.

Full program information can be found on the terms page: Online Services Bug Bounty Terms

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like