Microsoft launches bug bounty program for Teams

Get a free Techzine subscription!

The Teams-specific bug bounty program shows how important the platform has become.

The COVID-19 pandemic has led to many collaboration and remote working platforms to gain new prominence. One such platform is Microsoft Teams. Microsoft has launched a “bug bounty” program that rewards researchers who find security flaws in the Teams software. The scheme Is a move that reflects the growing importance of the Teams offering.

Specifically, Microsoft is offering up to $30,000 to security researchers in its Teams bug bounty scheme. The biggest rewards are for “scenario-based awards for vulnerabilities”. meaning they have a big impact on customer privacy and security. The reward levels start at $6,000 for even minor bugs.

Microsoft is partnering with the research community

The Microsoft Security Response Center published a blog post this week detailing the program. In the post, MSRC’s Lynn Miyashita explained the overall philosophy behind the program. “Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats,” she writes.

“As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely. Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration,” she added.

Miyashita said that Microsoft is expanding their partnership with the research community. Specifically, they are introducing bounty awards for Teams desktop client security research under a new Microsoft Applications Bounty Program.

Microsoft offers researchers several ways to cash in

Highlighting the program are 5 scenario-based awards for vulnerabilities that have the highest potential impact on customer privacy and security. Rewards for these scenarios range from $6,000 to $30,000 USD.

There are also General Bounty Awards. These are forr other valid vulnerability reports for the Teams desktop client that do not qualify for the scenario-based awards. Rewards for these reports range from $500 to $15,000 USD.

Researchers can also benefit from additional rewards and multipliers available under the Online Services Bounty Program and the Researcher Recognition Program.