We are excited to announce the Microsoft Identity Research Project Grant a new opportunity in partnership with the security community to help protect Microsoft customers. This project grant awards up to $75,000 USD for approved research proposals that improve the security of the Microsoft Identity solutions in new ways for both Consumers (Microsoft Account) and Enterprise (Azure Active Directory).
The Identity Research Project Grant expands beyond vulnerability reports to identify and solve the underlying complexities of building secure code and products. Participating researchers will focus on new areas, such as exploring problems resulting from incorrect protocol implementations or even challenging foundational industry assumptions at the core of our products if necessary. The program welcomes a large demographic of the community, whether you are an independent bug hunter who wants to explore a specific class of bug within the Identity space, a security professional who is passionate about a specific set of protocols, or an academic researcher or team who is interested in exploring how customers perceive they have been impacted by a security vulnerability.
Focus areas:
- Protocols & Implementations
- Exploitation via Misconception
- Application Security
- PII and Data Leakage
- Applications and Trends Compromising the User or User Identity
Additional details for all areas of interest can be found on the Identity Grant Call for Proposals, along with requirements for submitting your proposal, and the program terms.
This grant opportunity runs in conjunction with the existing Identity Bug Bounty program. Any vulnerabilities which are found during the course of the grant can (and should!) be reported through the bounty program. Qualifying vulnerability reports will be rewarded in addition to any approved grant funding.
We’re excited to expand how our community can contribute, and to strengthen and grow our partnership with the wider security research community.
Chloe Brown, Program Manager, MSRC