Microsoft’s new Bug Bounty Program will pay up to $15,000 for finding security flaws

By on
March 17, 2017
  -   Like us now!  
 

Microsoft has announced a new Bug Bounty Program for Office Insider Builds on Windows with a payout range of USD $6,000 to $15,000.

The bug bounty programs are used by many tech companies including Google, Facebook, Yahoo, Uber and Microsoft. These programs reward the hackers and researchers for reporting security vulnerabilities. Since 2013, Microsoft has offered a lot of cash prizes to the hackers who exploit the bugs and report them to the company. These bounty programs help Microsoft harness the collective intelligence and capabilities of security researchers to help protect customers.

Office Insider Builds give users early access to the latest Office capabilities and security innovation. This helps the company to find any issues prior to the broader release. The blog reads,

“We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high-security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our continuous internal engineering investments that include designing secure features through threat modeling, security in code reviews, security automation, and internal penetration testing.”

The kind of bugs for which Microsoft will pay out include:

  • Elevation of privilege via Office Protected View
  • Macro execution by bypassing security policies to block macros
  • Code execution by bypassing Outlook automatic attachment block policies

Their details are listed in the Microsoft Office Insider Builds on Windows Bounty Program Terms.

Duration of Program & Payout range

The program duration is for three months from March 15 to June 15, 2017. Bounty payout ranges during this period will be $6,000 to $15,000 USD. You can send your findings to secure@microsoft.com.

It is important to be noted that not all the vulnerabilities are eligible. You can check the list of what qualifies as an eligible submission here. You can sign up to be an Office Insider here.

 
Yet another iPhone exploded, this time in owner's hands
 
 
 
UBL inaugurates Pakistan’s first Digital Branch at IBA Karachi
 
Write your comments here