What you need to know
- Microsoft announced a bounty awards program for Microsoft Teams.
- The program can pay out up to $30,000 for certain issues.
- Microsoft is mostly looking for security and vulnerability issues within Teams.
Microsoft has utilized bug bounty programs for years to help find issues with its software. The concept is pretty straightforward. If you spot an issue that qualifies as big enough for Microsoft to care about, you can get paid. The new Microsoft Applications Bounty Program extends that concept to specific apps from Microsoft. Microsoft Teams is the first in-scope application that's part of the new program.
Depending on the issue that you discover, you could make up to $30,000. Microsoft outlines two areas that are part of the program in a blog post and clarifies other details:
- Scenario-Based Bounty Awards: This new program includes 5 scenario-based awards for vulnerabilities that have the highest potential impact on customer privacy and security. Rewards for these scenarios range from $6,000 to $30,000 USD.
- General Bounty Awards: In addition, we offer bounty awards for other valid vulnerability reports for the Teams desktop client that do not qualify for the scenario-based awards. Rewards for these reports range from $500 to $15,000 USD.
- Teams Online: Submissions for Teams online services will continue to be awarded under the Online Services Bounty Program.
- Researcher Recognition Program Points: Valid reports for Microsoft Teams research are now eligible for a 2x bonus multiplier under the Researcher Recognition Program. Points earned contribute toward your eligibility for the annual MSRC Most Valuable Security Researcher list.
It appears that Microsoft is focusing on security and vulnerability issues for its bounty program.
Microsoft Teams allows you to collaborate with colleagues, upload files, send messages, and chat through video. It integrates with Office 365 and several other cloud services.
