マイクロソフトバグ報奨金プログラムの年間レビュー : 1,380万ドルの報酬
Monday, August 07, 2023
本ブログは、Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards の抄訳版です。最新の情報は原文を参照してください。 過
Bounty
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
Thursday, August 11, 2022
The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the ever-changing security landscapes, emerging technology, and new threats. Security Researchers help us secure millions of customers by discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure.
Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs
Thursday, April 14, 2022
We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to 30% ($26,000 USD total) for eligible scenario submissions.
On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program
Tuesday, April 05, 2022
Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program. Through this expanded program, we encourage researchers to discover and report high-impact security vulnerabilities to help protect customers. We offer awards up to $26,000 USD for eligible submissions.
New High Impact Scenarios and Awards for the Azure Bounty Program
Monday, October 18, 2021
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
Wednesday, October 13, 2021
Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope to help protect customers. We offer awards up to $20,000 USD for eligible submissions.
Announcing the Launch of the Azure SSRF Security Research Challenge
Thursday, August 19, 2021
Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional awards for identifying innovative or novel attack patterns.
Introducing Bounty Awards for Teams Mobile Applications Security Research
Monday, July 19, 2021
We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to seek out and disclose any high impact security vulnerabilities they may find in Teams mobile applications to help secure customers. Rewards up to $30,000 USD are available for eligible submissions.
Introducing Bounty Awards for Teams Desktop Client Security Research
Wednesday, March 24, 2021
Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely. Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration.
Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community
Tuesday, October 06, 2020
The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers surfaced 20 Critical or Important severity security vulnerabilities, with Microsoft awarding $374,300 in bounty awards for 16 bounty eligible reports.