Microsoft launches its Online Services Bug Bounty Program to boost Office 365 security

Fahad Al-Riyami

Microsoft launches its Online Services Bug Bounty Program to boost Office 365 security

It’s never a good thing when you hear that a service you rely on has been hacked and your personal and credit card information may or may not be in the hands of an attacker. It wouldn’t be such a big deal if say your Facebook account got hacked (your friends do that anyways) compared to say your PayPal or your business account. It’s not a situation anyone wants to be in, especially when responsibility usually falls into the hands of service providers.

Microsoft has as a result, launched its new Online Services Bug Bounty program today to “reward and recognize security researchers by offering a bounty for qualifying security vulnerabilities”. According to the software giant, the program was created for three main reasons; (1) Microsoft takes security vulnerabilities seriously, (2) customers asked for it, and (3) it’s the right thing to do to drive Office 365 adoption forward, making for a more secure software package.

Microsoft has also released the program terms that define the types of vulnerabilities that are and are not eligible for submission. There is a minimum payment of $500 for all qualified submissions, with no limit on the number of submissions per person, and anyone over the age of 14 can participate, provided you are not in any US sanctioned countries such as Cuba, Iran, North Korea, Sudan, and Syria.

Programs like these are good ways to in a sense, quench the thirst of hackers, giving them an incentive to hack and not face legal ramifications, only if they submit the vulnerabilities to Microsoft of course. It’s a first-come, first-serve scheme so participants are not encouraged to hold on to vulnerabilities. Microsoft requires all participants to register test accounts and are discouraged from using the program as an attempt to attack Microsoft.

You can read the fine print of the terms via the source link below, so if you meet the requirements and are good at searching for vulnerabilities, sign up! You could make big money as well as help keep a service that millions of people are using safe.