Microsoft has announced an expansion of the Microsoft Bounty Programs. They are planning to evolve Online Services Bug Bounty. This is a new bounty for Azure and Project Spartan. Besides this they are also updating the Mitigation Bypass Bounty.
Azure & Spartan now included in Microsoft Bounty Programs
The Microsoft Bounty Program is a program which offers payment in exchange for reporting certain types of vulnerabilities and exploitation techniques. Now Microsoft is expanding the program so as to include Azure and Project Spartan in it. Under this, Microsoft will evolve Online Services Bug Bounty.
The first phase of the Microsoft Online Services Bug Bounty was launched in September 2014. Through this program, individuals across the globe have had the opportunity to earn a bounty on submitted vulnerabilities for participating Online Services provided by Microsoft.
Microsoft mentions about the expansion of the Microsoft Bounty Programs:
“…the scope of the Online Services Bug Bounty Program expands to include various Azure and additional O365 properties. Qualified submissions are eligible for a minimum payment of $500 USD up to a maximum of $15,000 USD. Bounties will be paid out at Microsoft’s discretion based on the impact of the vulnerability.”
The evolution of Online Services Bug Bounty Program consists of the following software and programs:
- Azure: Azure, Microsoft’s cloud platform that includes various Azure services, such as Azure virtual machines, Azure Cloud Services, Azure Storage, Azure Active Directory and much more.
- Sway.com: The Microsoft Bounty Programs will also include Sway.com. It is a web application that lets users express ideas in an entirely new way across many devices and platforms.
- Payment bracket changed for the Online Services Bounty Program: This is an update in Online Services Bounty Program. Microsoft will now pay up to $15,000 USD for critical bugs. This amount will be more for more impactful and better documented bugs.
Besides this, Microsoft is going to launch a new bounty related to Project Spartan. It is called as ‘Project Spartan Bug Bounty’. Microsoft says,
“Microsoft’s new browser will be the on-ramp to the internet for millions of users when Windows 10 launches later this year. Securing this platform is a top priority for the browser team. This bounty includes Remote Code Execution and Sandbox Escapes, as well as design-level security bugs…..Microsoft will pay up to $15,000 USD for security vulnerabilities reported in Project Spartan, you can see the specifics in the program terms. Don’t hesitate as the Project Spartan Bug Bounty will run from April 22, 2015 to June 22, 2015. The bounties for Spartan are tiered by the criticality of the issue reported, as well as the quality of the documentation and how reproducible the issue is.”
These important additions to the Bounty Programs reflect the continued shift and evolution of technology towards the cloud, says Microsoft.
