Microsoft offers additional 30% bounty on top of $20,000 in bug bounty program

Microsoft is planning to expand the bounty and is willing to pay a higher bounty for vulnerabilities with serious security implications for customers. Microsoft recently announced the Dynamics 365 and Power Platform Bounty Program and the M365 Bounty Program.

Join tip3x on Telegram

On top of the existing bounty of up to $20,000, an additional 30% bounty will be added according to the vulnerability level, which is $26,000.” Through these new scenario-based bounties, we encourage researchers to focus their research on vulnerabilities with the greatest potential impact on customer privacy and security,” the Microsoft Security Response Center (MSRC) announcement reads.

Moreover, vulnerabilities that are not considered high-impact may still be eligible for bounties under the general bounty program, and they may also receive higher rewards based on the severity of the reported vulnerability and the quality of the submission, Microsoft added.

A week ago, Microsoft announced that it would add Exchange, SharePoint, and Skype for Business within the enterprise to its bug bounty program. Security researchers can now find and report vulnerabilities affecting Exchange and SharePoint servers within an enterprise for a bounty of $500 to $26,000.

Furthermore, Bounty hunter researchers can earn higher rewards based on the severity multiplier (between 15% and 30%) of the vulnerability’s impact, the MSRC team said.

(via)