With the coronavirus pandemic starting the new trend of work from home, Microsoft Teams gained a lot of popularity. This is evident by the fact that it has 115 million daily active users. It is one of the core platforms in the era of work from home. Reflecting its growing importance, the tech giant has now launched its own bounty program. Under the program, the company will offer researchers a huge amount of money to security researchers for finding security flaws in desktop software. The reward being offered by the company starts at USD 6,000. It goes up to USD 30,000 depending upon the impact of flaw.
It is a scenario-based award for vulnerabilities. Microsoft said that it is applicable only to Teams desktop clients. On desktop, it is available for people to use on Windows 10, macOS, and Linux. The company has clarified that its bounty program is not applicable to the native mobile apps for Android or iOS and Teams app for desktop browsers. The move reflects the growing importance of Teams among people working from home. The important part is that the reward offered by the company is almost double the maximum amount Microsoft offers for other applications.
Security researchers will get a reward of USD 6,000 for finding issues related to cross-site scripting or XSS. Microsoft also said that in this minimal user interaction should be involved. The reward will be USD 10,000 if the issue allows XSS code to be executed without any interaction with users. The company will pay USD 15,000 for stealing the authentication token of users. However, the condition is that researchers must not rely on a phishing attack. The highest amount on the list is USD 30,000. For this, one will have to identify an exploit allowing remote code execution. In some cases, the company is also offering remuneration of USD 500. However, that will be the sole discretion of the company.
