Last week Microsoft extended its existing Bug Bounty for security vulnerabilities to extend the products and services that it covers and to increase the rewards paid to security researchers.
If researchers discover authentication vulnerabilities within Microsoft’s Azure Active Directory (AAD) or the Microsoft Account (MSA), they can now receive rewards for responsibly disclosing them. During the time from August 5th to October 5th 2015, the rewards will be doubled.
The Azure RemoteApp which lets users run Windows apps hosted on Azure is now part of the bug bounty. Finally the maximum reward amount for Bounty for Defense for novel security research has been doubled to $100,000 USD. This would include research on security mitigation bypasses.
It’s fantastic to see that Microsoft continues to see benefit in running bug bounty programs. They are an efficient means of discovering and resolving security vulnerabilities quickly in widely used products and services and benefit all of the customers that use these products and services.
Update: 10th November 2015:
The honor roll for Online Services Bug Bounty submissions has been updated to include a large number of security researchers who successfully submitted bugs in 2014 and 2015. By doing so they make every person using these services safer. Their work is much appreciated. Very well done to them!
Further details on the extension of the bug bounty program are available here.