There’s nothing like $30,000 to indicate that an app has made it to the large time.
Microsoft final week underscored the significance of Groups to its present and future strategic planning by inaugurating a brand new bug bounty program that can provide as much as $30,000 — twice the utmost of any Workplace utility — to safety researchers for reporting previously-unknown vulnerabilities.
Out the gate, the brand new program, carrying the prosaic label “Microsoft Purposes Bounty Program,” centered solely on the Groups desktop shopper. Different purposes will likely be introduced into this system, Microsoft mentioned, although no timeline was given.
In a web based doc that detailed the brand new bug bounty program, Microsoft listed 5 particular situations — “high-impact,” the corporate mentioned — that got here with rewards from $6,000 to $30,000. The most important bounty was for vulnerabilities described as “distant code execution (native code within the context of the present consumer) with no consumer interplay.”
Flaws in Groups that led to an “potential to acquire authentication credentials for different customers*(observe: doesn’t embody phishing)” would price a most of $15,000.
A price sheet of common bugs — from distant code execution vulnerabilities to spoofing or tampering — was additionally included, with rewards starting from $500 to $15,000, relying on the severity of the flaw, and the standard and thoroughness of the finder’s reporting.
Compared, Microsoft’s bounties in its “Workplace Insider Builds on Home windows” program max out at $15,000. The one different utility for which Microsoft cuts bounty checks as massive as $30,000 is its Edge browser. (Microsoft additionally listed $30,000 as the utmost for vulnerabilities within the Home windows Defender Utility Guard, which is not an app per se, however a safety function inside Home windows.)
One can get a broad thought of the significance Microsoft locations on the assorted components of its software program ecosystem by eyeing the speed sheets for its quite a few bounty packages. Whereas the brand new Groups rewards are top-tier for an utility, they’re dwarfed by the $100,000 maximums for Home windows and its id providers.
An entire listing of all Microsoft’s bounty packages might be discovered right here.