Tech giant Microsoft has reportedly emphasized the key role of its popular business communication platform, Teams, in its existing as well as future strategies by launching a new bug bounty program. The new program is expected to fetch cybersecurity researchers up to USD 30,000 for reporting vulnerabilities that were not known previously. Supposedly, this amount is twice the maximum of any MS Office application.
According to the company, this new program, labelled "Microsoft Applications Bounty Program", exclusively focuses on the Teams desktop client. The company is also expected to include other applications in the program. However, the timeline for the same has not been announced yet.
The company has mentioned five specific scenarios that come with the rewards ranging from USD 6,000 to USD 30,000. The largest bounty reportedly is for the vulnerabilities classified as remote code execution with no user interaction.
It has been reported that the glitches in Teams that gave the ability to access authentication credentials for other users (excluding phishing) would rate a maximum USD 15,000.
Microsoft has also provided a rate sheet of general bugs, right from the vulnerabilities of remote code execution to tampering or spoofing with rewards ranging between USD 500 and USD 15,000, based on the severity of the fault as well as the thoroughness and quality of the finder's report.
On the other hand, the company’s "Office Insider Builds on Windows" program offers reward of maximum USD 15,000. The only other application for which it provides the bounty as large as USD 30,000 is Edge browser.
The company has also allocated USD 30,000 as the maximum reward for the vulnerabilities in the Windows Defender Application Guard, which as such is not an app but a security feature in Windows.
These bounty programs by Microsoft indicates that it places great importance on several parts of its software ecosystem. Although the rewards for Teams are seemingly the top tier for an application, they are surpassed by the Windows and its identity services for which the company pays maximum USD 100,000.
Source credit: https://sg.channelasia.tech/article/687272/microsoft-elevates-teams-importance-by-offering-top-dollar-bug-bounties/