Microsoft Offers Up To $30K For Teams Bugs
Reading Time: 1 Minute
A bug-bounty program launched for the Teams desktop video-conferencing and collaboration application has big payouts for finding security holes.
Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it’s willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most potential to expose Teams user data.
“The Teams desktop client is the first in-scope application under the new Apps Bounty Program, we look forward to sharing updates as we bring additional apps into this bounty program scope,” the program manager Lynn Miyashita said in her statement about the launch.
Researchers can claim five scenario-based awards under the new Apps Bounty Program, ranging from $6,000 to $30,000, with the highest payouts available for “vulnerabilities that have the highest potential impact on customer privacy and security,” the company said.
General bounties are awarded between $500 and $15,000, with other incentives: Standout bug hunters can earn a spot on Microsoft’s “Researcher Recognition Program” and eligibility for the yearly MSRC Most Valuable Security Researcher list, Miyashita explained.
Security researchers with Teams online vulnerabilities to report will still submit those through the Online Services Program, the announcement added.
Collaboration App Security Storm
Teams has been used in phishing lure scams, and last fall attackers used fake Teams updates to target users with malware.
Rival cloud-collab service Zoom has also had its share of embarrassing security fails, including a vanity URL zero-day flaw discovered last July, re-occurring Zoom bombings, impersonation attacks and this month’s Zoom screen-sharing glitch, which “briefly” leaked sensitive data.
The launch of Microsoft’s bug bounty program will both help root out these flaws before they become headlines and signal a renewed commitment to proactive security.
“Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats,” Microsoft’s Miyashita wrote.
Source: https://threatpost.com
(Click Link)