Microsoft’s new Bug Bounty Program will pay up to $15,000 for finding security flaws
Microsoft has announced a new Bug Bounty Program for Office Insider Builds on Windows with a payout range of USD $6,000 to $15,000.
The bug bounty programs are used by many tech companies including Google, Facebook, Yahoo, Uber and Microsoft. These programs reward the hackers and researchers for reporting security vulnerabilities. Since 2013, Microsoft has offered a lot of cash prizes to the hackers who exploit the bugs and report them to the company. These bounty programs help Microsoft harness the collective intelligence and capabilities of security researchers to help protect customers.
Office Insider Builds give users early access to the latest Office capabilities and security innovation. This helps the company to find any issues prior to the broader release. The blog reads,
“We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high-security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our continuous internal engineering investments that include designing secure features through threat modeling, security in code reviews, security automation, and internal penetration testing.”
The kind of bugs for which Microsoft will pay out include:
- Elevation of privilege via Office Protected View
- Macro execution by bypassing security policies to block macros
- Code execution by bypassing Outlook automatic attachment block policies
Their details are listed in the Microsoft Office Insider Builds on Windows Bounty Program Terms.
Duration of Program & Payout range
The program duration is for three months from March 15 to June 15, 2017. Bounty payout ranges during this period will be $6,000 to $15,000 USD. You can send your findings to firstname.lastname@example.org.