Today marks the next evolution in bounty programs at Microsoft as we launch the Microsoft Online Services Bug Bounty program starting with Office 365. In our mobile first, cloud first world, this is an exciting and logical evolution to our existing bug bounty programs.
Office 365 is the first of our online services groups to launch a bounty for vulnerabilities found in their services and we will bring others into the program as we go forward. For a list of eligible services and program terms, please visit http://www.microsoft.com/bountyprograms. Of course, any vulnerabilities discovered in any Microsoft products or services can and should be reported according to our Coordinated Vulnerability Disclosure guidelines to us by emailing secure@microsoft.com.
We invite you to also read the Office 365 blog post here where our colleagues there discuss some of what they are hoping to see as a result of this program. Our goal with bounty programs is ultimately unchanged and that is to uncover issues and protect customers as quickly as possible and as always, partnering with the security research community offers us the broadest way to do that.
Happy Hunting!
Akila Srinivasan