Microsoft Increases Bug Bounty Rewards By Up to $26,000 Per Bug

pcmag.com:

In a bid to entice more security researchers to find the most serious vulnerabilities in its software and services, Microsoft is increasing the cash rewards on offer by up to 30%.

The increases relate to new scenario-based vulnerabilities for Microsoft's Dynamics 365 and Power Platform Bug Bounty and its M365 Bug Bounty. Dynamics 365 and Power Platform relate to Microsoft's business-focused apps, but M365 is focused on Office 365 and Microsoft Accounts, which millions of Windows users rely on every day.

For the Dynamics Bug Bounty, it's now possible to earn a $20,000 rewards for a "Cross-tenant information disclosure" scenario. Such vulnerabilities allow a malicious individual to access the data and resources of other customers using Microsoft's services, which Microsoft obviously wants to avoid at all costs.

For the M365 Bug Bounty program, a range of vulnerabilities will see their maximum reward increased by between 15-30%. Remote code execution, cross-tenant, cross-identity, and "confused identity" vulnerabilities, which allow access to resources in a way that bypasses authentication, are all covered. It means a security researcher can earn up to $26,000 more per bug than they could previously.

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Your subscription has been confirmed. Keep an eye on your inbox!