Redmond might not be overly keen on bug bounty programs, but it has slowly accepted the concept. The newest Microsoft bug bounty is for the company’s online services.
That’s right, this full scale program is for people that can find flaws and vulnerabilities in Microsoft’s online products and services, including services like Outlook.com, OneDrive and Office 365. Find a bug in any of these and get paid.
All you have to do is find security vulnerability and report to Microsoft — the company will pay you a bounty that starts at least $500, based on the impact of that particular vulnerability.
Here is the announcement on this program:
“Microsoft is pleased to announce the launch of the Microsoft Online Services Bug Bounty Program beginning September 23rd, 2014. Through this program, individuals across the globe have the opportunity to earn a bounty on submitted vulnerabilities for participating Online Services provided by Microsoft. Qualified submissions are eligible for a minimum payment of $500 USD. Bounties will be paid out at Microsoft’s discretion based on the impact of the vulnerability.”
The across the globe bit sounds great, meaning everyone can participate, if they are good at it.
However, not all vulnerabilities are accepted, only the listed ones. Additionally, Microsoft has also provided as list of domains that must be subject of your submissions. If you a find a bug in any other domain, you might not get the reward.
The full details of what constitutes an eligible submission are available on the link above.