Bug bounty program for Microsoft Teams launched

As Microsoft Teams becomes a core platform in the new era of telecommuting, Microsoft reflects its growing importance in a bug bounty program for researchers who discover vulnerabilities in this software. Has started. The company will offer up to $ 30,000 as a “scenario-based incentive for vulnerabilities” if it has a significant impact on user privacy and security. The bounty starts at $ 6,000. The highest bounty shows that Microsoft Teams, which has 115 million daily active users, is more important than ever. This bug bounty is only available for Microsoft Teams desktop clients available on Windows 10, macOS, and Linux. It does not apply to Teams apps for desktop browsers or native mobile apps for iOS and Android. The $ 30,000 bounty will be offered to researchers who can provide a clear overview of remote code execution (using native code in the context of the current user) vulnerability without user interaction. The company also offers $ 15,000 for a bug that could allow an attacker to obtain credentials for another user, but phishing is excluded. Also for cross-site scripting (XSS) issues and remote code injection that allows arbitrary scripts to be executed in the context of “teams.microsoft.com” and “teams.live.com” without user interaction. And pay 10,000 dollars (about 1.1 million yen). The company also offers up to $ 15,000 in rewards for valid vulnerabilities in Teams desktop apps that fall outside the scope of scenario-based rewards. The browser version of Teams will continue to be eligible for the online service bounty program. Video conferencing app Zoom also revamped its bug bounty program in 2020 in collaboration with Luta Security.