Microsoft announced last week that it was increasing rewards for some of its Bug Bounty Programs by up to 30% (via The Register). This is the consequence of the Redmond giant introducing new scenario-based bounty awards for its Microsoft 365 Bounty Program and Dynamics 365 and Power Platform Bounty Program.
“Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to 30% ($26,000 USD total) for eligible scenario submissions,” the Microsoft Security Response Center team explained.
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
One of the scenario-based bounty awards that will get a bonus is the discovery of a remote code execution vulnerability through untrusted input, either via code injection or deserialization of untrusted data. In both cases, Microsoft will grant researchers a 30% bonus on top of the general Microsoft 365 bounty awards.
“These new bounty awards are part of our continued efforts to partner with the security research community as part of Microsoft’s holistic approach to defending against security threats,” Microsoft said. Back in October, Microsoft also announced up to $60,000 awards for its Azure Bounty Program to encourage researchers to discover new vulnerabilities in the company’s cloud computing platform.