The program includes five ‘scenario-based awards’ for vulnerabilities that may have the highest potential impact on the privacy and security of the customer.
Microsoft Teams has gained popularity in the new ‘work from home’ era. With this growing importance, Microsoft has launched a bug bounty reward program for the video conferencing software. Under this program, the company is offering up to USD 30,000 to researchers who find security bugs in the application. With this, the tech giant has extended the bug bounty concept to specific apps. The move reflects the adaption rate of the Teams in the new remote working scenario.
According to a report, the payout under this program is almost twice the maximum amount the company offers for any other Office application.
Earlier on March 24, Microsoft said in a blog post that the app’s desktop client is the ‘first in-scope application’ under the new program. However, the native mobile apps for Android and Apple iOS along with the desktop browsers are not included.
The program includes five ‘scenario-based awards’ for vulnerabilities that may have the highest potential impact on the privacy and security of the customer. For these scenarios, rewards may range from $6000 to $30,000. The company is also offering bounty awards for ‘other valid vulnerability reports’ for the Teams desktop client. Microsoft will pay between $500 and $15,000 for these reports.
For Teams Online, researchers can use Microsoft’s Online Services Bounty Program to submit vulnerability reports to the company. Under the Researcher Recognition Program, Microsoft is offering a 2x bonus multiplier to researchers who submit vulnerability reports for Teams.
Big tech corporations have been traditionally announcing bug bounty programs to deter hackers from going after their platforms. But usually, such programs are offered only for the most important services. Microsoft’s new program essentially elevates Teams’ importance which already has over 115 million daily users.