Microsoft’s Security Response Center (MSRC) has announced a new bounty program for any ethical hackers to find vulnerabilities in Microsoft Teams.
Like all major software vendors, Microsoft operates a number of bug bounty programs that offer rewards to external developers for highlighting shortcomings in its apps. The new Microsoft Applications Bounty Program is specifically designed to identify security gaffes in the apps such as the Team desktop client.
Microsoft Teams has rapidly grown over the past year to become one of the most important online collaboration platforms around as remote working grew in response to the COVID-19 pandemic.
“Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration,” says Lynn Miyashita, Program Manager, MSRC.
Bounties up to $30,000
Miyashita adds that the new bounty program is an execution of the existing efforts ensure the security of the app.
The program’s goal is to uncover significant technical vulnerabilities that Microsoft says should have a demostrable and direct impact on the security of the users of the Teams desktop client. The program offers bounties ranging from $500 to $30,000.
MRSC has identified five critical scenarios that do the maximum damage, and vulnerabilities affecting those start at $6000. Vulnerabilities outside the purview of these five scenarios pay between $500 to $15000.