Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
A new Microsoft bug bounty program asks researchers to hunt down vulnerabilities affecting its identity services in exchange for rewards ranging from $500 to $100,000.
Microsoft has been building its portfolio of identity services for both consumer (Microsoft Account) and enterprise (Azure Active Directory) accounts. Researchers who participate in the Identity Bounty Program will submit flaws they discover in Microsoft's identity solutions and certified implementations of select OpenID standards, the company states.
In order to be eligible for payouts, submissions must meet certain standards: Vulnerabilities must be original, previously unreported, lead to the takeover of a Microsoft account or Azure AD account, include the impact and attack vector, and detail the steps to reproduce the flaw.