Microsoft Groups has grow to be a core platform within the new ‘earn a living from home’ period and reflecting its rising significance, Microsoft has launched a bug bounty rewards program for researchers who find security flaws in desktop software.
Microsoft is providing as much as $30,000 to safety researchers in its Groups bug bounty with “scenario-based awards for vulnerabilities” if they’ve a big effect on buyer privateness and safety. Rewards begin at $6,000.
The highest reward displays the rising significance of Microsoft Groups, which has 115 million daily active users.
SEE: Top 100+ tips for telecommuters and managers (free PDF) (TechRepublic)
The bug bounty solely applies to the Microsoft Groups desktop shopper, which is obtainable for Home windows 10, macOS and Linux. The bounty doesn’t apply to the Groups app for desktop browsers or the native cell apps for iOS and Android.
The $30,000 reward is available for researchers who can clearly define a distant code execution bug utilizing native code within the context of the present consumer with no consumer interplay.
Microsoft can also be providing $15,000 for a bug that permits an attacker to acquire authentication credentials for different customers, however phishing is excluded.
It is providing $10,000 for cross website scripting (XSS) flaws or different distant code injection that permits an attacker to execute arbitrary scripts within the context of groups.microsoft.com or groups.stay.com with no consumer interplay. The identical quantity is obtainable for researchers who can show a approach to elevate privileges in a manner that hops over the Home windows and consumer boundary.
The $6,000 reward is obtainable for researchers who discover a XSS or different “code injection leading to capacity to execute arbitrary scripts within the context of groups.microsoft.com or groups.stay.com with minimal consumer interplay.”
Microsoft can also be providing common bounty awards for the Groups desktop app that fall exterior the scenario-based awards, with rewards ramping as much as $15,000.
Groups within the browser continues to fall underneath the Online Services Bounty Program.
Groups rival Zoom final 12 months revamped its own bug bounty program with Luta Safety.