Skip to main content
MSRC

Bug Bounty Evolution: Online Services

Today marks the next evolution in bounty programs at Microsoft as we launch the Microsoft Online Services Bug Bounty program starting with Office 365. In our mobile first, cloud first world, this is an exciting and logical evolution to our existing bug bounty programs.

Office 365 is the first of our online services groups to launch a bounty for vulnerabilities found in their services and we will bring others into the program as we go forward. For a list of eligible services and program terms, please visit http://www.microsoft.com/bountyprograms. Of course, any vulnerabilities discovered in any Microsoft products or services can and should be reported according to our Coordinated Vulnerability Disclosure guidelines to us by emailing secure@microsoft.com.

We invite you to also read the Office 365 blog post here where our colleagues there discuss some of what they are hoping to see as a result of this program. Our goal with bounty programs is ultimately unchanged and that is to uncover issues and protect customers as quickly as possible and as always, partnering with the security research community offers us the broadest way to do that.

Happy Hunting!

Akila Srinivasan


Related Posts

How satisfied are you with the MSRC Blog?

Rating

Feedback * (required)

Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters.

Thank you for your feedback!

We'll review your input and work on improving the site.